Mac: "kex_exchange_identification: Connection closed by remote host" when accessing a remote server with a jump server

I tried access a remote server via

ssh -T -D 61480 -o ConnectTimeout=15 'target-box'

but it failed and I received an error log which I have included below. I was able to connect to the jump server step-by-step via SSH in the terminal, and then SSH to the target server from it. The file permissions were also not an issue, as they were set to 0600.

My config file:

'''
Host jump-box
  HostName 166.111.32.48
  User jiangt
  Port 22
  IdentityFile "/Users/macguffin/.ssh/id_rsa"

### The Remote Host
Host target-box
  HostName hepfarm40
  User jiang-t18
  Port 22
  ProxyJump ssh -q -W %h:%p jump-box
'''

Log for ssh -vvv -T -D 61480 -o ConnectTimeout=15 'target-box'

'''
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/macguffin/.ssh/config
debug1: /Users/macguffin/.ssh/config line 13: Applying options for target-box
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -vvv -W '[%h]:%p' ssh
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/macguffin/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/macguffin/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Executing proxy command: exec ssh -vvv -W '[hepfarm40]:22' ssh
debug3: timeout: 15000 ms remain after connect
debug1: identity file /Users/macguffin/.ssh/id_rsa type 0
debug1: identity file /Users/macguffin/.ssh/id_rsa-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519 type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_xmss type -1
debug1: identity file /Users/macguffin/.ssh/id_xmss-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_dsa type -1
debug1: identity file /Users/macguffin/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/macguffin/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/macguffin/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/macguffin/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to ssh port 22.
ssh: Could not resolve hostname ssh: nodename nor servname provided, or not known
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
'''

macos: 13.3.1 (22E261)

You are close but, as Ginnungagap mentions, you may be confusing ProxyCommand with ProxyJump

A simple outline:

Define a jump host in .ssh/config

Host  jump1
  Hostname        bastion.lereta.com
  User            my-bastion-user-name

Then you can just use the above to reach other sites:

ssh -J jump1 other.site.net

Alternatively you can define the other site in .ssh/config

Host othersite
  Host other.site.net
  ProxyJump jump1

Then just use

ssh othersite