diff --git a/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst b/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst
index f7c36f812e2..6a8d6597730 100644
--- a/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst
+++ b/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst
@@ -597,6 +597,41 @@ no additional changes necessary.  The network module will now connect to the
 network device by first connecting to the host specified in
 ``ansible_ssh_common_args``, which is ``bastion01`` in the above example.
 
+Using bastion/jump host with netconf connection
+-----------------------------------------------
+
+Enabling jump host setting
+--------------------------
+
+Bastion/jump host with netconf connection can be enable using
+- Setting Ansible variable``ansible_netconf_ssh_config`` or
+- Setting environment variable ``ANSIBLE_NETCONF_SSH_CONFIG`` or
+- Setting ``ssh_config=Ture`` under ``netconf_connection`` section in ansible configuration file
+
+The ssh config file (~/.ssh/config) should have the correct proxycommand and required ssh configuration variables
+
+Example ssh config file (~/.ssh/config)
+---------------------------------------
+
+.. code-block:: ini
+
+   Host junoshost
+   HostName junos01
+   User myuser
+
+   ProxyCommand ssh user@bastion01 nc %h %p %r
+
+Example Ansible inventory file
+
+.. code-block:: ini
+    [junos]
+    junoshost
+
+   [junos:vars]
+   ansible_connection=netconf
+   ansible_network_os=junos
+   ansible_user=myuser
+   ansible_ssh_pass=!vault...
 
 .. note:: Using ``ProxyCommand`` with passwords via variables
 
diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml
index 341c7699095..3a413a8ae5b 100644
--- a/lib/ansible/config/base.yml
+++ b/lib/ansible/config/base.yml
@@ -1632,4 +1632,12 @@ YAML_FILENAME_EXTENSIONS:
     - section: defaults
       key: yaml_valid_extensions
   type: list
+NETCONF_SSH_CONFIG:
+  description: This variable is used to enable bastion/jump host with netconf connection. The bastion/jump
+               host ssh settings should be present in ssh configuration file (~/.ssh/config).
+  env: [{name: ANSIBLE_NETCONF_SSH_CONFIG}]
+  ini:
+  - {key: ssh_config, section: netconf_connection}
+  yaml: {key: netconf_connection.ssh_config}
+  type: boolean
 ...
diff --git a/lib/ansible/plugins/connection/netconf.py b/lib/ansible/plugins/connection/netconf.py
index 17e47fe7ae5..0db23ff0e7d 100644
--- a/lib/ansible/plugins/connection/netconf.py
+++ b/lib/ansible/plugins/connection/netconf.py
@@ -152,6 +152,21 @@ options:
         key: command_timeout
     env:
       - name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT
+  netconf_ssh_config:
+    type: boolean
+    default: False
+    description:
+      - This variable is used to enable bastion/jump host with netconf connection. The bastion/jump
+        host ssh settings should be present in ssh configuration file (~/.ssh/config).
+    ini:
+      - section: netconf_connection
+        key: ssh_config
+        version_added: '2.7'
+    env:
+      - name: ANSIBLE_NETCONF_SSH_CONFIG
+    vars:
+      - name: ansible_netconf_ssh_config
+        version_added: '2.7'
 """
 
 import os
@@ -248,7 +263,7 @@ class Connection(NetworkConnectionBase):
 
         device_params = {'name': NETWORK_OS_DEVICE_PARAM_MAP.get(self._network_os) or self._network_os}
 
-        ssh_config = os.getenv('ANSIBLE_NETCONF_SSH_CONFIG', False)
+        ssh_config = self.get_option('netconf_ssh_config')
         if ssh_config in BOOLEANS_TRUE:
             ssh_config = True
         else: