Keystrokes :.

• The machine you want to access is running ssh daemon, listening on port 2200
• The address of such machine is irrelevant since it is unreachable.
• The machine you have access to is also running ssh daemon, e.g., listening on port 2201
• Such machine has instead a reachable address, such as 6.6.6.6

Now, of course the first thing you have to do is reach the machine with public address from the machine behind the firewall or NAT and establish a connection to be used eventually as channel to forward the ssh connection. The following command does that via ssh, and tells the machine to forward any connection incoming on its port 2202 to localhost:2200 from the command issuer point of view.

ssh -p 2201 -NR 2202:localhost:2200 user@6.6.6.6

At this point you probably got it, you can access your home box by ssh’ing into 6.6.6.6 and then running the following command to access the other machine.

ssh -p 2202 user@localhost

It might also be nice to filter port 2202 from all sources except localhost, just in case your private box is not hardened as much as your public machines

Well, here’s the story: you can connect via ssh to other hosts without entering your password as long as you can prove that you are authorized to login with that identity. This is achieved by placing a public key on the host you want to connect to, so that when you try to login an authentication handshake is prompted to your machine that is then supposed to own the corresponding private key and thus to be able to complete the handshake.

This is what happend behind, you won’t see anything of this during your ssh login. But in order to make this mechanism work, you have to place that public key on the host you want to connect to. Probably for this purpose you may want to use your public RSA key generated to use ssh, that you can find in ~/.ssh/id_rsa.pub where ‘~’ is your home folder ( please be careful not mismatching this with ~/.ssh/id_rsa that is your private key: instead take care of this file by setting proper permissions and/or encryption because this file represent your identity and if leaked, anyone can access any machine where your public key is placed to consider you an “authorized” user ).

The place where ssh daemon looks for authorized keys when someone try to connect to the system as the given user is, with very small imagination, the ~user/.ssh/authorized_keys file, where ~user is the home of the user you are trying to login as e.g. with ssh user@whaterver-host.com. So basically what you have to do is append your own ~/.ssh/id_rsa.pub to the remote ~user/.ssh/authorized_keys. Here is a command you can use ( you will have to prompt the password two last times ).

ssh user@whaterver-host.com 'if [ ! -d ~/.ssh ];then mkdir ~/.ssh; fi'; 
cat ~/.ssh/id_rsa.pub | \
  ssh user@whaterver-host.com 'cat >> ~/.ssh/authorized_keys'

Now you will be able to login to whaterver-host.com just with ‘ ssh user@whaterver-host.com ‘ without being prompted for any password, even from many machines if you keep your id_rsa pair with you across them.( But remember, keep it safe! )
Cheers!