To set up a permanent jumphost for all SSH sessions from NetYCE the following is required.
ssh-keygen -b 2048
.ssh/id_rsa.pubto the jumphost
~/.ssh/authorized_keysfile. Make sure it is all on one line.
Host * GSSAPIAuthentication yes ForwardX11Trusted yes ProxyCommand ssh -q -i ~/.ssh/id_rsa <jumpuser>@<jumphost> -W %h:%p
ssh <user>@<node> -v -F /opt/yce/etc/ssh_config
debug1: Executing proxy command: exec ssh -q -i ~/.ssh/id_rsa <jumpuser>@<jumphost> -W <node_ip>:22
From this point on all SSH session will use the jumphost.
Without having direct return traffic from the node to NetYCE cripples the NCCM functionality.
You'll have to disable the pre and post backups for the command_jobs as well.
Set all disabled values to 1.
Since the NetYCE server isn't reachable from the node, the OS can't be retrieved for OS upgrades.