The SSH proxy or SSH bastion is the barrier between your internal machines (without public or floating IPs) and the public internet. With the SSH proxy, you'll have an extra layer of security on top of your VMs. It's equipped with fail2ban, automatic security updates and more. 

Provisioning

1, Go to Provisioning → click Add Button

2. Select SSH BASTION

3. Fill information for the machine and finalize provisioning

• plan: eo1.medium
• network: private
• security-groups: ssh
• public IP: select one available or use external

4. Once provisioned the new VM and try to login with the same IP, you might get the following error if you switched the IPs between machines:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6e:33:f9:a8:af:22:3d:a1:a5:c7:m6:1d:02:l8:11:00.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.

To fix it, you need to remove the line relative to that host from your known_hosts file (it's under .ssh/known_hosts) and login again. You won't see the error anymore.

Next

To connect to a VM hidden behind the proxy, specify the jump flag -J when connecting via SSH:

Where ssh-proxy is the public IP of your SSH proxy, and internal-vm is the private IP of the VM you want to connect to.