In OpenSSH, I use this setup when I need tunnels. This allows me to directly type sftp server3without having to worry about manually starting the server2and server1tunnels first.

在 OpenSSH 中，我在需要隧道时使用此设置。这使我可以直接键入sftp server3而不必担心首先手动启动server2和server1隧道。

# ~/.ssh/config

# to connect to server2, tunnel through server1
Host server2
ProxyCommand ssh server1 nc %h %p

# to connect to server3, tunnel through server2
Host server3
ProxyCommand ssh server2 nc %h %p

To be more complete, I usually use ssh -oCiphers=arcfour128,arcfour256,arcfour,blowfish-cbc -oControlMaster=no -oForwardX11=no -oForwardAgent=no -oPermitLocalCommand=no -oClearAllForwardings=yes server1 nc %h %pas the ProxyCommand.

为了更完整，我通常使用ssh -oCiphers=arcfour128,arcfour256,arcfour,blowfish-cbc -oControlMaster=no -oForwardX11=no -oForwardAgent=no -oPermitLocalCommand=no -oClearAllForwardings=yes server1 nc %h %p的ProxyCommand。

• The ssh connection being tunneled is already encrypted, so there's no point in using the heavier aes/3desfor the outer layer; arcfourand blowfishare faster.
• The rest of the -o****settings are out of paranoia, so that nothing breaks even if a Host server1stanza with really odd settings is added to ssh_config.

• 被隧道化的 ssh 连接已经加密，所以在外层使用更重的aes/没有意义3des；arcfour并且blowfish速度更快。
• 其余的-o****设置都是出于偏执，因此即使将Host server1具有非常奇怪设置的节添加到ssh_config.

Similarly, you can configure PuTTY to use the proxy command plink -P %proxyport -pw %pass %user@%proxyhost nc %host %port, and set the proxy hostname/port/user/password in the Connection/Proxy configuration pane accordingly. plinkand the rest of the PuTTY suite (pscp, psftp, etc.) load anything saved in PuTTY's graphical configuration; hopefully WinSCP does too. (I don't use it, so I'm not too familiar with its features.)

同样，您可以将 PuTTY 配置为使用代理命令plink -P %proxyport -pw %pass %user@%proxyhost nc %host %port，并在“连接/代理”配置窗格中相应地设置代理主机名/端口/用户/密码。 plinkPuTTY 套件的其余部分（pscp、psftp等）加载 PuTTY 图形配置中保存的任何内容；希望 WinSCP 也能做到。（我不使用它，所以我不太熟悉它的功能。）

The first solution that leaps to mind is to tunnel one local port to each of your servers. Since SSH uses port 22, we'll use each SSH connection to tunnel a local port to the next server's port 22.

想到的第一个解决方案是通过隧道将一个本地端口连接到您的每台服务器。由于 SSH 使用端口 22，我们将使用每个 SSH 连接将本地端口隧道连接到下一个服务器的端口 22。

When you open PuTTY, you're met with the PuTTY Configuration dialog. The two categories you'll need to edit are "Session" and "Connection→SSH→Tunnels".

当您打开 PuTTY 时，您会看到 PuTTY 配置对话框。您需要编辑的两个类别是“会话”和“连接→SSH→隧道”。

1. Open a copy of PuTTY. Use these settings:

   • Connect to host

     • Host name: server1
     • Port: 22

   • Tunnel a port

     • Local mode
     • Source port: 15500

     • Destination: server2:22(the secure shell port)

       

   Now, every time you connect to port 15500 on your local machine, your connection is being tunneled to port 22 on server2.

2. Open a copy of PuTTY. Use these settings:

   • Connect to host
     • Host name: localhost
     • Port: 15500
   • Tunnel a port
     • Local mode
     • Source port: 15501
     • Destination: server3:22(the secure shell port)

3. Open a copy of PuTTY. Use these settings:

   • Connect to host
     • Host name: localhost
     • Port: 15501
   • Tunnel a port
     • Local mode
     • Source port: 15502
     • Destination: server3:22(the secure shell port)

4. Use WinSCP to connect to localhoston port 15502. Your connection will be tunneled as if you're connecting to server3directly.

1. 打开 PuTTY 的副本。使用这些设置：

   • 连接到主机

     • 主机名： server1
     • 端口：22

   • 隧道端口

     • 本地模式
     • 源端口： 15500

     • 目的地：（server2:22安全外壳端口）

       

   现在，每次您连接到本地计算机上的端口 15500 时，您的连接都会通过隧道连接到 server2 上的端口 22。

2. 打开 PuTTY 的副本。使用这些设置：

   • 连接到主机
     • 主机名： localhost
     • 端口：15500
   • 隧道端口
     • 本地模式
     • 源端口： 15501
     • 目的地：（server3:22安全外壳端口）

3. 打开 PuTTY 的副本。使用这些设置：

   • 连接到主机
     • 主机名： localhost
     • 端口：15501
   • 隧道端口
     • 本地模式
     • 源端口： 15502
     • 目的地：（server3:22安全外壳端口）

4. 使用 WinSCP 连接到localhost端口15502。您的连接将被隧道化，就像您server3直接连接一样。

Let me know in the comments whether this works for you. Good luck!

在评论中让我知道这是否适合您。祝你好运！

This method is similar to the way you can use proxycommand in the open ssh config file.

此方法类似于您可以在打开的 ssh 配置文件中使用 proxycommand 的方式。

A prerequisites for this method is that Pageant must be used with public key authentication by all intermediate (proxy) hosts otherwise you will end up with a flashing cursor and nothing else. To learn more about Pageant, PuTTYgen and public keys see:
http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter8.html#pubkey
http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter9.html#pageant

此方法的先决条件是 Pageant 必须与所有中间（代理）主机的公钥身份验证一起使用，否则您将最终得到一个闪烁的光标而没有其他任何东西。要了解有关 Pageant、PuTTYgen 和公钥的更多信息，请参阅：
http: //the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter8.html#pubkey
http://the.earth.li/~sgtatham/putty /0.62/htmldoc/Chapter9.html#pageant

We have four machines accessible in this order
PuttyPC -> server01 -> server02 -> server03

我们有四台机器可以按这个顺序访问
PuttyPC -> server01 -> server02 -> server03

For server01 we have a Putty saved session as:
Main Window: user1@server01// port 22// SSH
Save this session as server01

对于 server01，我们有一个 Putty 保存的会话：
Main Window: user1@server01// port 22// SSH
Save this session as server01

For server02 we have a Putty saved session as:
Main Window: user2@server02// port 22// SSH
Proxy config window: type local// proxy command plink -load server01 -nc %host:%port
Save this session as server02

对于 server02，我们有一个 Putty 保存的会话：
主窗口：user2@server02// 端口22//SSH
代理配置窗口：键入local// 代理命令plink -load server01 -nc %host:%port
将此会话保存为 server02

For server03 we have a Putty saved session as:
Main window: user3@pc3// port 22// SSH
Proxy config panel: type local// proxy command plink -load server02 -nc %host:%port
Save this session as server03

对于 server03，我们有一个 Putty 保存的会话：
主窗口：user3@pc3// 端口22//SSH
代理配置面板：键入local// 代理命令plink -load server02 -nc %host:%port
将此会话保存为 server03

This means that the saved session for server03 will call the saved session for server02 and server02 saved session will call the server01 session.

这意味着 server03 的保存会话将调用 server02 的保存会话，而 server02 保存的会话将调用 server01 会话。

If you only need to overstep one server I found it easier to do this setup i WinSCP directly.

如果您只需要越过一台服务器，我发现直接在 WinSCP 中进行此设置会更容易。

scenario: computer->server1->server2

场景：计算机->服务器1->服务器2

1: Setup the connection to server2

1：设置与server2的连接

2: Click advanced->Connection->Tunnel

2：点击高级->连接->隧道

3: enable the SSH tunnel and set the host to server1

3：启用SSH隧道并将主机设置为server1

The answer was to reverse tunnel from server3

答案是从 server3 反向隧道

There is nicely described perl script solution here. Do read the comments on the posting too.

还有就是很好的说明perl脚本的解决方案在这里。也请阅读帖子的评论。

Read up more on SSH Agent Forwarding(referred in the perl script post comments).

阅读有关SSH 代理转发的更多信息（在 perl 脚本帖子评论中提及）。