Discussion:
[Fab-user] How to specify pem file path when using gateway in Fabric
Roshan Shetty
2016-07-24 18:07:54 UTC
Permalink
Hi,

I have asked this question on stack overflow but i haven't received any
response.

My scenario:

Local host -> Gateway -> Remote host

I am using env.gateway variable to specify gateway host.

sample code

`env.user = "ec2-user"

env.key_filename =
["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]

env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'

def getdate():
content = run('date')

`
My problem is with pem key path.

/home/roshan.r/test.pem is located in current directory. which is used for
login into gateway server.

Other two mentioned pem files are located in gateway servers. Those will be
used to login to next machie.

When i run this program i'm getting file not found error.

Thanks for any help !!



Regards,
Roshan


*The only way to do great work is to love what you do. If you haven’t found
it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Brandon Whaley
2016-07-25 14:02:05 UTC
Permalink
There is no facility in fabric to load files from the gateway machine for
use as keys.
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't received any
response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which is used for
login into gateway server.
Other two mentioned pem files are located in gateway servers. Those will
be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
R M Waters
2016-07-25 16:35:40 UTC
Permalink
You could try using `env.use_ssh_config` instead of gateway, and use a
local ssh client config that works how you want outside of fabric (i.e. you
can log into the final host through the jump host using the existing
keyfiles, using ProxyCommand/IdentityFile). I suppose that fabric
instructed to use that config *should* then work as well (but I don't know
for sure, apologies). Here is an SO answer that seems to explain how to do
what you are asking with ~/.ssh/config: http://serverfault.com/a/337328
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't received any
response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which is used for
login into gateway server.
Other two mentioned pem files are located in gateway servers. Those will
be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
Roshan Shetty
2016-08-16 05:31:16 UTC
Permalink
I tried to use `env.use_ssh_config`

But it's not working.

because Fabric is not using the ssh config file of gateway server. So it
will prompt for password

Issue is posted here (
http://serverfault.com/questions/685141/fabric-using-ssh-config-settings-on-env-gateway
)

Regards,
Roshan


*The only way to do great work is to love what you do. If you haven’t found
it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
You could try using `env.use_ssh_config` instead of gateway, and use a
local ssh client config that works how you want outside of fabric (i.e. you
can log into the final host through the jump host using the existing
keyfiles, using ProxyCommand/IdentityFile). I suppose that fabric
instructed to use that config *should* then work as well (but I don't know
for sure, apologies). Here is an SO answer that seems to explain how to do
what you are asking with ~/.ssh/config: http://serverfault.com/a/337328
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't received any
response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which is used
for login into gateway server.
Other two mentioned pem files are located in gateway servers. Those will
be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
R M Waters
2016-08-16 12:02:16 UTC
Permalink
Are you using ProxyCommand with corkscrew and IdentityFile for your jump
host? I have the exact same setup, and I am able to jump through gateway
and access internal hosts with fanric.
Post by Roshan Shetty
I tried to use `env.use_ssh_config`
But it's not working.
because Fabric is not using the ssh config file of gateway server. So it
will prompt for password
Issue is posted here (
http://serverfault.com/questions/685141/fabric-using-ssh-config-settings-on-env-gateway
)
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
You could try using `env.use_ssh_config` instead of gateway, and use a
local ssh client config that works how you want outside of fabric (i.e. you
can log into the final host through the jump host using the existing
keyfiles, using ProxyCommand/IdentityFile). I suppose that fabric
instructed to use that config *should* then work as well (but I don't know
for sure, apologies). Here is an SO answer that seems to explain how to do
what you are asking with ~/.ssh/config: http://serverfault.com/a/337328
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't received any
response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which is used
for login into gateway server.
Other two mentioned pem files are located in gateway servers. Those will
be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
Roshan Shetty
2016-08-16 12:56:27 UTC
Permalink
I have checked Proxy command option

ProxyCommand ssh ***@Jumphost nc %h %p

But it won't work for me.
Reason is : i have multiple destination hosts (more than 100)
My script can login to any one of the destiation server based on IP
entered. However gateway host is same all the time.
How can i configure Proxycommand for my scenario.
host 1 -> gateway -> hostA
host 1 -> gateway -> hostB
host 1 -> gateway -> hostC
host 1 -> gateway -> hostD
----------------------------------- (same above scenario continues for 100
servers)
Anyone can please post a code snippet ?

Regards,
Roshan


*The only way to do great work is to love what you do. If you haven’t found
it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
Are you using ProxyCommand with corkscrew and IdentityFile for your jump
host? I have the exact same setup, and I am able to jump through gateway
and access internal hosts with fanric.
Post by Roshan Shetty
I tried to use `env.use_ssh_config`
But it's not working.
because Fabric is not using the ssh config file of gateway server. So it
will prompt for password
Issue is posted here (http://serverfault.com/
questions/685141/fabric-using-ssh-config-settings-on-env-gateway)
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
You could try using `env.use_ssh_config` instead of gateway, and use a
local ssh client config that works how you want outside of fabric (i.e. you
can log into the final host through the jump host using the existing
keyfiles, using ProxyCommand/IdentityFile). I suppose that fabric
instructed to use that config *should* then work as well (but I don't know
for sure, apologies). Here is an SO answer that seems to explain how to do
what you are asking with ~/.ssh/config: http://serverfault.com/a/337328
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't received any
response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which is used
for login into gateway server.
Other two mentioned pem files are located in gateway servers. Those
will be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
R M Waters
2016-08-17 01:38:23 UTC
Permalink
The 'Host' specification for the configuration block containing
ProxyCommand can be a glob (at least, I am afk or would check the man
page).
Example:
Host *.something
ProxyCommand ....

This will use your jump host for all hosts matching that pattern. I have
these blocks for all my unique host mappings, like *.appserver.domain,
*.local, et al.
Post by Roshan Shetty
I have checked Proxy command option
But it won't work for me.
Reason is : i have multiple destination hosts (more than 100)
My script can login to any one of the destiation server based on IP
entered. However gateway host is same all the time.
How can i configure Proxycommand for my scenario.
host 1 -> gateway -> hostA
host 1 -> gateway -> hostB
host 1 -> gateway -> hostC
host 1 -> gateway -> hostD
----------------------------------- (same above scenario continues for 100
servers)
Anyone can please post a code snippet ?
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
Are you using ProxyCommand with corkscrew and IdentityFile for your jump
host? I have the exact same setup, and I am able to jump through gateway
and access internal hosts with fanric.
Post by Roshan Shetty
I tried to use `env.use_ssh_config`
But it's not working.
because Fabric is not using the ssh config file of gateway server. So it
will prompt for password
Issue is posted here (
http://serverfault.com/questions/685141/fabric-using-ssh-config-settings-on-env-gateway
)
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
You could try using `env.use_ssh_config` instead of gateway, and use a
local ssh client config that works how you want outside of fabric (i.e. you
can log into the final host through the jump host using the existing
keyfiles, using ProxyCommand/IdentityFile). I suppose that fabric
instructed to use that config *should* then work as well (but I don't know
for sure, apologies). Here is an SO answer that seems to explain how to do
what you are asking with ~/.ssh/config: http://serverfault.com/a/337328
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't received
any response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which is used
for login into gateway server.
Other two mentioned pem files are located in gateway servers. Those
will be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
Roshan Shetty
2016-08-17 09:21:12 UTC
Permalink
Thanks for the reply,

In my case, how can i write ?

I tried this

Host *
User ec2-user
ProxyCommand ssh * nc %h %p

But its not working


Regards,
Roshan


*The only way to do great work is to love what you do. If you haven’t found
it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
The 'Host' specification for the configuration block containing
ProxyCommand can be a glob (at least, I am afk or would check the man
page).
Host *.something
ProxyCommand ....
This will use your jump host for all hosts matching that pattern. I have
these blocks for all my unique host mappings, like *.appserver.domain,
*.local, et al.
Post by Roshan Shetty
I have checked Proxy command option
But it won't work for me.
Reason is : i have multiple destination hosts (more than 100)
My script can login to any one of the destiation server based on IP
entered. However gateway host is same all the time.
How can i configure Proxycommand for my scenario.
host 1 -> gateway -> hostA
host 1 -> gateway -> hostB
host 1 -> gateway -> hostC
host 1 -> gateway -> hostD
----------------------------------- (same above scenario continues for
100 servers)
Anyone can please post a code snippet ?
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
Are you using ProxyCommand with corkscrew and IdentityFile for your jump
host? I have the exact same setup, and I am able to jump through gateway
and access internal hosts with fanric.
Post by Roshan Shetty
I tried to use `env.use_ssh_config`
But it's not working.
because Fabric is not using the ssh config file of gateway server. So
it will prompt for password
Issue is posted here (http://serverfault.com/
questions/685141/fabric-using-ssh-config-settings-on-env-gateway)
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
You could try using `env.use_ssh_config` instead of gateway, and use
a local ssh client config that works how you want outside of fabric (i.e.
you can log into the final host through the jump host using the existing
keyfiles, using ProxyCommand/IdentityFile). I suppose that fabric
instructed to use that config *should* then work as well (but I don't know
for sure, apologies). Here is an SO answer that seems to explain how to do
what you are asking with ~/.ssh/config: http://
serverfault.com/a/337328
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't received
any response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which is
used for login into gateway server.
Other two mentioned pem files are located in gateway servers. Those
will be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
R M Waters
2016-08-20 11:32:03 UTC
Permalink
I find it highly unusual that you have machines in the same subnet as your
jumpbox that you cannot access. Your firewall rules must be ... strange.
Anyway.

First you will test your config using ssh client, then once you have a
working configuration you will use fabric and hope it works correctly.

Put this in ~/.ssh/config:

Host 10.0.0.8
User jumpbox-user
IdentityFile ~/.ssh/jumpbox-key

Host 10.0.0.9
ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'

Host 10.0.1.8
ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'

Host 10.0.2.9
ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'

.... etc

(Side note: apparently this is an antiquated method, according to
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts - you
may find this helpful)

Then try to ssh into 10.0.0.9, 10.0.1.8, and 10.0.2.9 from 52.7.1.180
(which only has access to 10.0.0.8).
If this doesn't work, then you need to look through the other methods of
tunneling and find one that works for you. Once you have successfully
tunneled, then you should assume that `env.use_ssh_config` will also work.
And you will create Host blocks for all the other inaccessible machines.

Extra points if you can minimize the amount of Host blocks in your ssh
config.


HTH
Hi hope you are doing well !!
Is it possible to fix this issue on your free time ?
thank you :)
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
it's okay.
Thanks for spending time on this issue :)
My current IP is this : 52.7.1.180 ( running scrip from this machine)
Gateway server IP is : 10.0.0.8
10.0.0.9
10.0.1.8
10.0.2.9
10.0.0.52
10.0.0.53
10.0.0.54
10.0.0.59
and so on (many more servers are there)
Now,
I'm struggling with having proxy command.
In which server config file i should put Proxy command ?
Can you please tell me the config file content for my scenario ?
Thank you :)
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Apologies, I am not available for chat.
Hi,
Thanks for the response.
I have some doubt, can we please chat for a while.
I have to finish this today.
Already sent Hangout request..
Thanks :)
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Here is an example from my working ssh config for all hosts matching
Host jump
User someuser
HostName 192.168.x.x
IdentityFile ~/.ssh/jumpbox-key
Host *.qa.local
ProxyCommand ssh -q -A jump 'nc %h %p'
Post by Roshan Shetty
Thanks for the reply,
In my case, how can i write ?
I tried this
Host *
User ec2-user
ProxyCommand ssh * nc %h %p
But its not working
Regards,
Roshan
*The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle. As with all matters of the heart,
you’ll know when you find it.” - Steve Jobs*
Post by R M Waters
The 'Host' specification for the configuration block containing
ProxyCommand can be a glob (at least, I am afk or would check the man
page).
Host *.something
ProxyCommand ....
This will use your jump host for all hosts matching that pattern. I
have these blocks for all my unique host mappings, like *.appserver.domain,
*.local, et al.
Post by Roshan Shetty
I have checked Proxy command option
But it won't work for me.
Reason is : i have multiple destination hosts (more than 100)
My script can login to any one of the destiation server based on IP
entered. However gateway host is same all the time.
How can i configure Proxycommand for my scenario.
host 1 -> gateway -> hostA
host 1 -> gateway -> hostB
host 1 -> gateway -> hostC
host 1 -> gateway -> hostD
----------------------------------- (same above scenario continues
for 100 servers)
Anyone can please post a code snippet ?
Regards,
Roshan
*The only way to do great work is to love what you do. If you
haven’t found it yet, keep looking. Don’t settle. As with
all matters of the heart, you’ll know when you find it.” - Steve Jobs*
On Tue, Aug 16, 2016 at 5:32 PM, R M Waters <
Post by R M Waters
Are you using ProxyCommand with corkscrew and IdentityFile for
your jump host? I have the exact same setup, and I am able to jump through
gateway and access internal hosts with fanric.
On Tue, Aug 16, 2016, 1:31 AM Roshan Shetty <
Post by Roshan Shetty
I tried to use `env.use_ssh_config`
But it's not working.
because Fabric is not using the ssh config file of gateway
server. So it will prompt for password
Issue is posted here (http://serverfault.com/
questions/685141/fabric-using-ssh-config-settings-on-env-gateway)
Regards,
Roshan
*The only way to do great work is to love what you do. If you
haven’t found it yet, keep looking. Don’t settle. As with
all matters of the heart, you’ll know when you find it.” - Steve Jobs*
On Mon, Jul 25, 2016 at 10:05 PM, R M Waters <
Post by R M Waters
You could try using `env.use_ssh_config` instead of gateway,
and use a local ssh client config that works how you want outside of fabric
(i.e. you can log into the final host through the jump host using the
existing keyfiles, using ProxyCommand/IdentityFile). I suppose that fabric
instructed to use that config *should* then work as well (but I don't know
for sure, apologies). Here is an SO answer that seems to explain how to do
what you are asking with ~/.ssh/config: http://
serverfault.com/a/337328
On Sun, Jul 24, 2016 at 2:07 PM, Roshan Shetty <
Post by Roshan Shetty
Hi,
I have asked this question on stack overflow but i haven't
received any response.
Local host -> Gateway -> Remote host
I am using env.gateway variable to specify gateway host.
sample code
`env.user = "ec2-user"
env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
env.hosts = ['x.x.x.244', 'x.x.x.132']
env.gateway = 'x.x.x.189'
content = run('date')
`
My problem is with pem key path.
/home/roshan.r/test.pem is located in current directory. which
is used for login into gateway server.
Other two mentioned pem files are located in gateway servers.
Those will be used to login to next machie.
When i run this program i'm getting file not found error.
Thanks for any help !!
Regards,
Roshan
*The only way to do great work is to love what you do. If you
haven’t found it yet, keep looking. Don’t settle. As with
all matters of the heart, you’ll know when you find it.” - Steve Jobs*
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
Loading...