SSHing to IPv6 only machines using a bastion server


Sometimes you don't have an IPv6 configured and you need to SSH to an IPv6 server,
you can use a bastion server for that.

Host *
    ForwardAgent yes
    VerifyHostKeyDNS no
    StrictHostKeyChecking no
    GSSAPIAuthentication no
    HashKnownHosts no
    TCPKeepAlive yes
    ServerAliveInterval 60
    ProxyCommand ssh -W %h:%p <bastion server>
    IdentityFile ~/.ssh/id_rsa

Unfortunately, it does not work with IPv6 :(
I don't know why, but I found a fix using my dear old friend socat

Host pi
    ForwardAgent yes
    ProxyCommand ssh -q -A <bastion server> "~/socat STDIO TCP:[2404:XXXX:XXXX:58XX::a38]:22"
    #ProxyCommand ssh -q -A <bastion server> "~/socat STDIO TCP6:IPv6.FQDN:22"
    User root
    IdentityFile ~/.ssh/id_personal

Another cool trick to access servers behind
a second bastion is to use the second bastion in ProxyCommand

Host machine.domain.casa
    ForwardAgent yes
    #ProxyCommand ssh <second bastion> nc 192.16.190.192 22
    ProxyCommand ssh -W 192.16.190.192:22 <second bastion>
    IdentityFile ~/.ssh/id_personal

Use the first, commented out, ProxyCommand line if your second bastion
does not forward the credentials (Dropbear, a very old OpenSSH release)