Re,
I gaved a try in the morning to connect through our ssh proxy but I don’t really understand how is working the part between credentials and target.
For example, from my linux laptop here is how I can connect to one of our server :
ssh root@Pass-policy@srv-backups:SSH:Connection-policy:ldapuser@domain@ssh-bastion
Some details :
- Pass-policy : registered variable on the bastion corresponding to the root password on target
- srv-backups : the target I want to connect to
- SSH : the group policy variable on the bastion
- Connection-policy : the group authorization
- ldapuser@ldapsrv : my corporate username@domain. This credential is used to authenticate my self on the bastion, then the bastion retrieves my authorizations and permissions.
- ssh-bastion : the ip of our bastion.
Well, this chain allows me to connect on my target through the bastion this way :
linuxlaptop -> bastion (check authorization, apply ssh policy) -> target
From my laptop using openssh client, it’s quite easy to deal with this chain and it just works.
Using rencyssh and certiytheweb, I don’t really know how to do : what is the part for username, what part for target ?
Ideas are welcome ! 
Regards,