with information such as the IP of the tcp_check target, its port and additional flags go into list of check_tcp arguments. Additionally you will need flags to authenticate with server 1 via SSH.
Additional information on both checks and their parameters can be found here (by_ssh) and here (tcp).
Additionally, this constellation sounds like you might actually want to use a satellite on server 1 instead of check_by_ssh, you can read more about this topic here. 192.x.x.1 would be your master, 192.x.x.2 your satellite and 10.x.x.2 your agent in this scenario.
You might have to tinker a bit with those snippets to get them to work, once again I refer you to the documentation available at https://icinga.com/learn.
When you run this check manually than it is executed as root. When icinga runs this check than it is executed as nagios or icinga (depending on your distribution). Hence, you need to setup ssh key-based authentication for nagios or icinga to that system.