Is there a way to create a tunnel from a remote host to a ProxyJump host?

There are times when I need to connect to a remote host through one or more hosts and create a reverse dynamic tunnel. However, I don't want the reverse tunnel to come back to my system, but to one of the ProxyJump host.

I have a solution provided that the last ProxyJump host is where the reverse dynamic tunnel needs to terminate.

ssh -tt <Host A> ssh -tt -R12345 <Host B>

However, in the case where there are hosts A, B, C, and D and the reverse dynamic tunnel needs to terminate on host B, the following will work if host B supports ProxyJump.

ssh -tt <Host A> ssh -tt <Host B> ssh -J <Host C> -R12345 <Host D>

However, many of the systems we work on don't have a new enough ssh version for ProxyJump. I know ProxyJump was added in OpenSSH 7.3/7.3p1 (2016-08-01) and reverse dynamic forwarding was added in OpenSSH 7.6/7.6p1 (2017-10-03), so if it supports reverse
dynamic forwarding then it supports ProxyJump, but anything we're connecting to supports reverse forwarding which was added in OpenSSH 2.5.1p1 (2001-02-19) and useful in many cases.

I'm wondering is there is a lesser known/obvious feature that lets us specify a tunnel with the host it should originate from.

I know ProxyJump uses the -W option and maybe that doesn't provide support for tunneling or tunneling beyond the next hop?

Thanks for any help.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 23 Apr 2023 13:00:23 -0700 (PDT), Rhongomiant wrote:

Is there a way to create a tunnel from a remote host to a ProxyJump
host?

There are times when I need to connect to a remote host through one or
more hosts and create a reverse dynamic tunnel. However, I don't want
the reverse tunnel to come back to my system, but to one of the
ProxyJump host.

I have a solution provided that the last ProxyJump host is where the
reverse dynamic tunnel needs to terminate.

ssh -tt <Host A> ssh -tt -R12345 <Host B>

However, in the case where there are hosts A, B, C, and D and the
reverse dynamic tunnel needs to terminate on host B, the following will
work if host B supports ProxyJump.

ssh -tt <Host A> ssh -tt <Host B> ssh -J <Host C> -R12345 <Host D>

However, many of the systems we work on don't have a new enough ssh
version for ProxyJump. I know ProxyJump was added in OpenSSH 7.3/7.3p1 (2016-08-01) and reverse dynamic forwarding was added in OpenSSH
7.6/7.6p1 (2017-10-03), so if it supports reverse dynamic forwarding
then it supports ProxyJump, but anything we're connecting to supports
reverse forwarding which was added in OpenSSH 2.5.1p1 (2001-02-19) and
useful in many cases.

I'm wondering is there is a lesser known/obvious feature that lets us
specify a tunnel with the host it should originate from.

I know ProxyJump uses the -W option and maybe that doesn't provide
support for tunneling or tunneling beyond the next hop?

Thanks for any help.

What follows may not address exactly what you want, but it may
help:

Setup:

Machine M1 is in the Internet.

Machine M2 is in the Internet.

M1 can get into M2 via SSH.

M2 can access M3 via SSH.

M3 is not directly accessible from M1.

M3 is listening for incoming SSH connections at port (say) 713.

In order to SSH into M3 from M1 we do the following on M1:

ssh -fngT -L 3022:M3:713 -C M2 ping -i 30 localhost > /dev/null 2>&1

ssh -p 3022 localhost

If in M1 we add to .ssh/config the entry

Host M3
HostName localhost
HostKeyAlias M3
User Username on M3
Port 3022

then we can get from M1 to M3 by means of

ssh M3

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)