Drush via an SSH Proxy

Our production environment isn’t available off-campus to SSH, but we do have an SSH proxy for other services.  Using a VPN was possible for Windows and Macs, but there wasn’t a client for Ubuntu.  After a small discussion with our networking engineer, he suggested the following option:

ssh -t <proxy server> ssh <production server>

The “-t” option performs the following (from the ssh man page):

Force pseudo-tty allocation.  This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when imple‐menting menu services.  Multiple -t options force tty allocation, even if ssh has no local tty.

To make drush utilize a proxy server, edit the aliases.drushrc.php file to contain the following:
//Production
$aliases['prod'] = array(
.
.
'remote-user' => username,
'ssh-options' => '-At username@<proxy server> ssh -A',
.
.
.
);

The first “-At” option passes along the ssh-agent key to the proxy server, using username to login to the proxy server.  The second portion then logs into the production server via the proxy server.

Sql-sync’s and rsync’s can now be performed as normal.