How to do ssh jump over two jump hosts in command line

Question

I can't get connection chain with ssh one liner to work.

Chain: My PC -> jumphost -> Bastion -> my app X host(sharing subnet with Bastion)

-Jumphost expect private key A

-Bastion and X host both expect private key B

my pc> ssh -i /path_to_priv_key_for_X/id_rsa -o StrictHostKeyChecking=no -o 
"ProxyCommand ssh -p 22 -W %h:%p -o \"ProxyCommand ssh -p 24 -W %h:%p 
-i /path_to_key_jump/id_rsa jumphostuser@jumphostdomain\"     -i 
/path_to_bastion_key/id_rsa bastionuser@ip_to_bastion" myappuser@subnet_ip

Above does not work, but

ssh -i  /path_to_bastion_key/id_rsa -o "ProxyCommand ssh -p 24 -W 
%h:%p -i /path_to_key_jump/id_rsa jumphostuser@jumphostdomain" 
bastionuser@ip_to_bastion

works, so I can access bastion with one liner, but adding app x host in the command chain does not work, wonder why?

I can step by step manually access the myapp X host like this

mypc> ssh -p 24 -i path_to_key_jump/id_rsa jumphostuser@jumphostdomain
jumphost> ssh -i /path_to_bastion_key/id_rsa bastionuser@ip_to_bastion
bastion> ssh myappuser@subnet_ip
myapp>

How to make in command line two hops over two jump hosts both requiring different key without ssh config?

Answer 1

Something which is working for me surprisingly well is ssh with -J option:

 -J destination
         Connect to the target host by first making a ssh connection
to the jump host described by destination and then establishing a TCP
forwarding to the ultimate destination from there. 

In fact, I's about its feature which I was not aware of for very long time:

Multiple jump hops may be specified separated by comma characters.

So multi-hop like PC -> jump server 1 -> jump server 2 -> target server (in my example: PC -> vpn -> vnc -> ece server can be done with one combo:

$ ssh -J vpn,scs694@tr200vnc rms@tr001tbece11

Of course, most handy is to have ssh keys to open pwd-less connections (PC->vpn and vpn -> vnc and vnc -> target.

I hope it will help, Jarek