ProxyCommand is king.
How about this in ~/.ssh/config:
Host secret.server.com
ProxyCommand /some/path/fwknopssh secretfwknopparam %h
Host othersecret.server.com
ProxyCommand /some/path/fwknopssh othersecret %h
And then /some/path/fwknopssh being:
#!/bin/bash
param=$1
host=$2
# Do something with $param, e.g. run fwknop. I just:
echo $param > /tmp/fwknop
nc -w 1 $host 22
I got the "secretfwknopparam" and "othersecret" to end up in /tmp/fwknop
before logging in to the servers.
Does that work for you?
Peter
--
Peter Valdemar Mørch
http://www.morch.com