In addition to my Golden Gate proxy providing security for web requests, I needed it to assist in securing SSH requests as well. SSH is already as secure as I need it, but I wanted to avoid exposing my servers directly to the Internet.

For my internal services I added this to the ~/.ssh/config file on my laptop (replace USERNAME and PROXY_IP as appropriate):

Host *.naphos.com
    User USERNAME
    ProxyCommand ssh -q -x [email protected]_IP -W %h:%p

This makes any SSH or SFTP request from my laptop to internal.naphos.com initiate a connection to PROXY_IP, and then automatically pass the request on to internal.naphos.com.

I use certificate-based authentication for my SSH connections, so the same certificate that authenticates my laptop to internal also authenticates me to PROXY_IP.

EDIT: I moved the config from using netcat to using the ssh -W to ensure that encryption is used all the way to the destination.