In #1173644: Use winrs when using "drush ssh" command on Windows, we discuss adding a drush ssh command and --bastion argument to that command to allow people to execute the following flow:
- SSH to a predefined site
- Forward the key through a bastion or intermediary server
- End up on the target command line
After speaking with both bjaspan and msonnabaum, we believe it would be useful to do a similar dance for drush aliases. I am willing to write this functionality. I just need a couple of pointers as to where I should begin.
The end result would be that users could run
drush @site [command] --bastion=foo.bar.com (or define it in their aliases file) and have it successfully return the result of the command.