Many large companies use to implement strict rules for accessing servers hosting their applications. One of the security measures some of them implement is to place a gateway between "you" and the server you need to access. This gateway is also known as Jump server, Jump host, or Jump box.
A typical implementation of this requires you to, firstly, open an SSH connection to the Jump host with your own credential and, secondly, from the inside of the Jump host, open a second SSH connection to the actual server you need to access with another account (usually a non-personal account which can be the user used to deploy and run your application).
Let's suppose that you work in a company like this and that you want to create an SSH tunnel to port 1521 of an Oracle Database Server which is only accessible from your application server. What you need to do is to create an SSH tunnel like this:
The following command creates this SSH tunnel via the Jump host (you will be prompted for the users' password):
$ ssh -v -N appusr@appserver -J myusr@jumphost -L 1521:dbserver:1521
With this command, you are tunneling the port 1521 of localhost to the port 1521 of dbserver.
In other words, you are firstly doing an SSH connection to jumphost with user myusr, then another SSH connection to appserver with user appusr, and finally forwarding port 1521 from localhost to dbserver.
This command is being executed in verbose mode (-v), which is useful for debugging, and not returning the shell prompt of the appserver but just forwarding the port (-N).
After this, you can then use your preferred SQL client tool to connect to the remote database server as if it was running on localhost:1521.