The SSH proxy is the barrier between your internal machines (without public or floating IPs) and the public internet. With the SSH proxy, you'll have an extra layer of security on top of your VMs. It's equipped with fail2ban, automatic security updates and more. 

Provisioning

1, Go to Provisioning → click Add Button

2. Select SSH BASTION

3. Fill information for the machine and finalize provisioning

• plan: eo1.medium
• network: private
• security-groups: ssh
• public IP: select one available or use external

4. Once provisioned the new VM, you have to copy the old known_hosts files in order to avoid errors like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6e:33:f9:a8:af:22:3d:a1:a5:c7:m6:1d:02:l8:11:00.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.

Next

To connect to a VM hidden behind the proxy, specify the jump flag -J when connecting via SSH:

Where ssh-proxy is the public IP of your SSH proxy, and internal-vm is the private IP of the VM you want to connect to.