Secured zones (or vlan's) are often only accessible from a hardenend jump server, you ssh into the jump server and from there ssh to the target server. Easy. But sometimes you need to access a port on the target server with some debug tools on your localhost. Headache time... Unless you copy paste this oneliner! Keys must obviously be present on jump & target!
ssh -v -t -L 10443:localhost:20443 <jump_server> ssh -t -L 20443:localhost:443 user@<target_server>
Access local localhost:10443 and badabing! You're actually accessing target_server:443 as you can see the packets passing through the tunnel thanks to the -v parameter! You can chain many hops this way. Top it off with a quick edit on your local machine /etc/hosts file if target server application does redirects and you're all set!
sudo echo "127.0.0.1 target_server" >> /etc/hosts