ssh: tunnel through remote server to another server

Question

I have ssh access to my work network using user remote on port 4000:

ssh remote@123.123.123.123 -p 4000

Authentication is done using ssh keys

However, I am currently in China, and the connection is very flaky.

We have a cloud server sitting in Hong Kong which we can tunnel through though, giving a more stable connection

I can login as user foo with the associated password.

ssh foo@100.100.100.100

How can I put the 2 together so that I can open an interactive shell session via ssh from my local machine to 123.123.123.123:4000 as user remote via 100.100.100.100:22 as user foo?

Edit:

I am unable to comment on the below answer because Javascript has been blocked here in China, and comments use Javascript.

A direct tunnel doesn't work because authentication is done with my ssh keys.

When I start an ssh session to remote@123.123.123.123 from foo@100.100.100.100 authentication fails

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

I somehow need my ssh session to look like it is coming from my localhost, with my ssh keys, but to be tunnelled via foo@100.100.100.100

Answer 1

You should be able to put them together like this

ssh -t foo@100.100.100.100 ssh remote@123.123.123.123 -p 4000

since the ssh command allows you to specify a command to run on the remote server.

EDIT:

If you only have your ssh keys locally (the keys for 123.123.123.123 aren't on the cloud server), you should be able to add -A to forward the authentication, so the command will be

ssh -At foo@100.100.100.100 ssh remote@123.123.123.123 -p 4000

Note that for this to work, you need to have ssh-agent running locally, and your key must be registered using ssh-add (you can use ssh-add -L to check if your key is available to the ssh agent).