You need to get someone into an internal machine that doesn't have a public IP? Use an SSH tunnel. For this example, machine_a is your internal machine and machine_b is external:

$ ssh -R 9000:localhost:22 you@machine_b

Once you've logged in, you should be able to run this on machine_b:

$ ssh -p 9000 you@localhost