I have setup a tunnel through a jump host as such :
ssh -o ProxyCommand='ssh -W %h:%p bastion' -i my-emr.pem -ND 8888 hadoop@ip-my.ec2.internal
bastion is a host I have defined in my ~/.ssh/config
This way I can access ip-my.ec2.internal etc. via a SOCKS5 proxy. I want to test whether this host is accessible via SOCKS5 proxy. Is there a command I can use? I can test if the bastion host is accessible using a command like this :
nc -G 2 -z my-bastion.com 22
Anyway I can extend the above command to test if the end host which is ip-my.ec2.internal?
It looks like all your testing in the nc command is whether port 22 will allow a connection within 2 seconds. That's not the same thing whether you can can make an SSH connection to my-bastion. It doesn't even prove that you can connect to my-bastion at all. It is not uncommon for firewalls to accept connections that they will not pass any data for.
If you want the same level of weak testing you'd do the same thing along the lines of:
ssh bastion nc -G 2 -z ip-my.ec2.internal 8888
There are lots of ways for this to incorrectly return that it is reachable when it isn't, just as there are lots of ways for your other nc command can fail. But it might give you some useful information for managing a UI.
The only way to know that network connection is possible is to attempt the actual network connection you want. As a rule, you should not pre-flight network connections. Just attempt them, and deal with connection errors (which can happen even if your pre-flights pass). If the goal is to avoid long waits, then shorten your timeouts (which will lead to more false-negatives when the network is slow).