plumbum fails to connect via jump host, but raw command succeeds

Question

I'm trying to SSH into final_machine via the jump host portal_machine. Both remote machines are Linux, local is Windows. When I run the following command in a cmd, I can successfully connect

ssh {username}@{final_machine} -oProxyCommand="ssh -W {final_machine}:22 {username}@{portal_machine}"

And I can also successfully connect through python with

ssh_command = plumbum.local["ssh"][f"{username}@{final_machine}", "-o", f"ProxyCommand=ssh -W {final_machine}:22 {username}@{portal_machine}"]
ssh_command()

However, I need to connect via an SshMachine object for compatibility, and when I try the following, it fails

plumbum.SshMachine(final_machine, user=username,
        ssh_opts=[fr'-o ProxyCommand="ssh -W {final_machine}:22 {username}@{portal_machine}"'])

with error

Return code:  | None
Command line: | 'true '
Host:         | {final machine}
Stderr:       | CreateProcessW failed error:2

I've tried replacing ssh with C:\Windows\System32\OpenSSH\ssh.exe, but no change. I have SSH keys set up from my machine to portal_machine, my machine to final_machine, and portal_machine to final_machine. Any other suggestions for how to debug would be appreciated. When I connect simply to the portal machine, it works fine.

Answer 1

I would rather use ProxyJump than ProxyCommand, and move as many settings as possible into ~/.ssh/config.

Sample configuration for the mentioned hosts:

HOST portal
    HostName portal.machine.host.name.or.IP
    User username
    IdentityFile ~/.ssh/your.portal.key

HOST final
    HostName final.machine.host.name.or.IP
    User username
    IdentityFile ~/.ssh/your.final.key
    ProxyJump portal

Tunnel then with:

machine = plumbum.SshMachine('final')
pwd = machine['pwd']
pwd()  # '/home/ec2-user\n'