If you don't have an agent running with an accessible key, then you will get three password prompts, with suggestions for any default keys.

The final target is a pre-elliptic curve OpenSSH server, so legacy is enabled. I could probably have removed that for clarity.

  C:\Users\me\>ssh -J me@bhost1,me@bhost2 -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=ssh-rsa -o MACs=hmac-sha1 oracle@target
  Enter passphrase for key 'C:\Users\me/.ssh/id_ed25519':
  me@host1's password:
  Enter passphrase for key 'C:\Users\me/.ssh/id_ed25519':
  me@host2's password:
  oracle@target's password:
  Last login: Wed Jun 24 13:29:55 2026 from bhost2

That client is Microsoft's port of OpenSSH.

I always use keys in my SSH agent.

Because the jump mechanism works via use of TCP forwarding, each host authn step is talking "directly" to your client. Importantly, this means it still works without requiring "agent forwarding" for the connection you are making.