http://benno.id.au/blog/2006/06/08/ssh_proxy_command
ssh ProxyCommand
The ssh ProxyCommand option is just really insanely useful. The reason I want to use it is that it makes it easy to tunnel ssh through a firewall. So for example you have a machine on your corporate network that is is sitting behind a firewall, but you have a login to the firewall. Now of course you could just do:
laptop$ ssh gateway gateway$ ssh internal internal$
or something like:
laptop$ ssh -t gateway ssh internal internal$
But that really doesn't work very well if you use scp or sftp or some other service like revision control that runs on top of it. This is where you can use ProxyCommand option to make your life easier. Basically you want to put something like this into you .ssh/config:
Host internal ProxyCommand ssh gw nc -w 1 internal 22
For this to work you will need netcat (nc) installed on the gw, but that generally isn't too much of a problem. Now you can transparently ssh, scp or whatever to internal, and ssh deals with it.
Now of course if you can't get into the network full stop, you need some reverse tunneling tricks and some other host on the interweb which you can use to tunnel through. So something like:
ssh -f -nNT -R 1100:localhost:22 somehost
Will setup a remote tunnel, which basically means if you connect to port 1100, it will be forwarded to port 22 on the machine on which you ran ssh -R
. Unfortunately unless you have full control over the host you are creating the reverse tunnel too, you will find that port 1100, will only be bound to localhost, which means you will probably still need to use the trick mentioned above to get seemless access to it.