Looks like a shortcoming/bug in SshClient.java, connect() and doConnect(): it appears to parse only the ProxyJump in the top-level Host entry.

As a work-around, try

Host host*.dmz.corp
  ProxyJump nightman@jump2:22,nightman@jump1:22

That should work (if I read the code right), and also should work with openSSH.

@tomaswolf thanks for the quick response! I tested the workaround and it's working with one edit: the order of the proxy must be changed:

Host host*.dmz.corp
  ProxyJump nightman@jump1:22,nightman@jump2:22

The other settings like in the original post.

For the native SSH client the order must be like proposed by you :-( Tested with openSSH 1.0.2 k on RH 7 and 1.1.1 i in a git bash.

For the native SSH client the order must be like proposed by you :-(

So there's even a bug in that implementation in Apache MINA sshd. Really :-(.

If it will help I can run tests with a fixed pre package.

Thanks for the offer. I won't have any time for any coding in the next few weeks, but perhaps someone else takes this on. Otherwise I'll take look sometime in March.

Any update?

Nope; I didn't get around to this yet. But it's up for grabs; we do welcome PRs.

A PR #477 is available to fix this issue. I tested it with the 2 configurations below.

configuration 1:

Host host*.dmz.corp
  ProxyJump     nightman@jump1.corp:22,nightman@jump2.corp:22,nightman@jump3.corp:22

configuration 2:

Host jump1
  Hostname                    jump1.corp
  Port                        22
  User                        nightman
  ProxyJump                   jump2
  LogLevel                    QUIET

Host jump2
  HostName                    jump2.dmz.corp
  Port                        22
  User                        nightman
  ProxyJump                   jump3
  LogLevel                    QUIET

Host jump3
  HostName                    jump3.dmz.corp
  Port                        22
  User                        nightman
  LogLevel                    QUIET

Host host*.dmz.corp
  ProxyJump                   jump1