It is hard to say for sure that your problem is from this distance, but it is possible that this has something to do with the fact that your path is not set or is correctly set in your shell environment to "serverA".
My initial suggestion, which I suggest you not use, is to indicate the location of nc with the full path. In this way:
ProxyCommand ssh -q serverA /bin/nc sha.example.net 22
Just remember, for ease of portability, that nc may not reside in this place on all systems. For example, it is located in /usr/bin/nc on FreeBSD and OSX.
I donβt remember which version of OpenSSH is included in Ubuntu 14.04, but if it is quite recent (i.e. OpenSSH version 5.4 or later), you can replace the nc command with the built-in SSH -W option, which instructs ssh to run in netcat mode. I would replace your ~/.ssh/config entries with the following text:
# gateway host host serverA hostname serverA.example.net host sha proxycommand ssh -xaqW%h:22 serverA
Note that I also enable -x and -a to disable forwarding of X11 authentication and agent.
Regarding your request for this with root privileges, I would suggest that you do NOT use ssh as root . Either on the server or on the client. Make sure PermitRootLogin no set in the sshd_config file (in / etc / or / etc / ssh /) and only ever authenticated as unprivileged users. On the client site, create your automation for unprivileged users who, if they need access to certain root accounts on the remote system, get access using sudo. It will never be a bad idea to do everything right. :)