User SSH configuration for virtualised remote hosts

As part of the agile testbed here at Nikhef's grid group, there are a couple of Xen hosts. Thanks to Dennis' mktestbed scripts it's quite easy to manage the guests' lifecycles. The guests are on their own network and one can use ssh forwarding to access them from the desktop. So you would login to the Xen host, and from there login to the guests.
But sometimes it is convenient to use graphical tools available on the desktop to do something on the remote guest machine. This would be possible with a direct SSH connection. The straightforward solution would be to use SSH port forwarding.
There is a more convenient way to get the remote guests appear as ordinary hosts from the desktop via ssh (without resorting to a VPN or so): using the ssh configuration file located in ~/.ssh/ssh_config:

Host coolhost.testdomain coolhost
 Hostname coolhost.testdomain
 Protocol 2
 User root
 # avoid often changing host fingerprint prompt
 CheckHostIP no
 StrictHostKeyChecking no
 UserKnownHostsFile /dev/null
 ForwardX11 yes
 # route through the Xen host
 ProxyCommand ssh -q -A xenhost.domain nc %h %p 2>/dev/null

The key line here is the last one: this opens an ssh connection to the Xen host, and uses netcat to open a connection to the guest's ssh socket.
The configuration above also removes the hostkey check present in SSH. Usually one would really want this, but as I'm generating and destroying machines all the time and the connection to the xenhost is verified already, it doesn't really bring much additional security.

• Using ssh ProxyCommand to tunnel through two hosts
  
• How to let SSH ignore host key