Here’s the whole command, with IP address masked:
ssh -A -t 22.214.171.124 "LD_PRELOAD= ssh -A -p 58422 126.96.36.199 -t \"SSH_AUTH_SOCK=\\\$(find /tmp -user xiehang -a -type s 2>/dev/null | xargs ls -tr | tail -1) ssh -p 58422 -l root $@\""
where 188.8.131.52 is jump host in office, and 184.108.40.206 is jump host in the IDC.
Tricks here: jump host in office is running tsocks, so I have to reset LD_PRELOAD to disable it, and jump host in IDC set default shell to eash (for audit) so I have to setup the ssh agent manually.
It took me 20 minutes to figure out all quotes and backslashes 🙁 .