Pretty close yeah, except that serverB is only listening on a private IP, and I want to connect to it in by web browser (http). My primary use case is with hadoop clusters, where I access the jobtracker ui on the public hostname, but when I drill down into task logs it points to private/internal IPs. FoxyProxy allows me to access the private IPs directly/transparently, but I do most of my browsing with Chrome these days, so it'd be nice to just be able to do it all in one browser.

ProxyCommand looks pretty cool though, wasn't aware of it - thanks!

> ... except that serverB is only listening on a private IP and I want to connect to it in by web browsing (http) ...

Still possible, with ssh's "-D" option that basically turns a remote SSH server into a (HTTP) proxy server!

    $ ssh -D 4444 serverA.example.com

Log in and keep this session active.

In your browser (I use a separate browser, permanently configured this way), configure it to use a (SOCKS5) proxy server for all traffic. The proxy server should be "localhost:4444".

In your address bar, navigate to "http://serverB.example.com". The HTTP traffic is sent over the SSH tunnel to serverA and from there it goes out to the network to its destination. To the destination server (serverB), it appears that the request originated from serverA and that's where the response will go (at which point it is again encrypted and sent over the SSH tunnel back to your local machine). Visit http://icanhazip.com (or a similar site), for example, and you'll see that, to the remote web server, it appears that traffic is coming from serverA.

This isn't the most eloquent explanation, sorry. Look into "SSH socks proxy" and you should find much better explanations. It's really much easier than it sounds! =)