

Binding a port to localhost and pointing Nessus to 127.0.0.1 is also not an option as Nessus handles scanning localhost in a different way and will report issues with the scanning box itself. This is a problem when scanning remote hosts behind a bastion box, especially when it is not possible to bind or connect to a new port to the bastion box due to firewall rules. Unfortunately, Nessus does not support SSH proxying. SSH’ing to will proxy the connection via the bastion. An example of a SSH proxy file is below: Host

SSH Proxying is a neat way to bounce via a bastion host to a target within a network.
