A common pattern is to use a single machine as an SSH proxy or "bastion" to connect to another machine in your environment.

On your local machine, add the following configuration to ~/.ssh/config (you might need to create the file if it does not exist):

Host <tunnel_name>
  HostName <hostname_app_server>
  ProxyCommand ssh <username_on_bastion>@<hostname_of_bastion> -W %h:%p
  User <username_on_app_server>

Tunnel_name is an arbitrary label.

Hostname_app_server is the destination server.

Hostname_of_bastion is the direct machine you will be connecting to (and username_on_bastion is your HCB SSH username).

Username_on_app_server is typically the same value as username_on_bastion.

Now, to connect to your destination machine through your bastion, just do:

ssh tunnel_name

...replacing tunnel_name with the actual name you used above.