I find it highly unusual that you have machines in the same subnet as your
jumpbox that you cannot access. Your firewall rules must be ... strange.
Anyway.
First you will test your config using ssh client, then once you have a
working configuration you will use fabric and hope it works correctly.
Put this in ~/.ssh/config:
Host 10.0.0.8
User jumpbox-user
IdentityFile ~/.ssh/jumpbox-key
Host 10.0.0.9
ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'
Host 10.0.1.8
ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'
Host 10.0.2.9
ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'
.... etc
(Side note: apparently this is an antiquated method, according to
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts - you
may find this helpful)
Then try to ssh into 10.0.0.9, 10.0.1.8, and 10.0.2.9 from 52.7.1.180
(which only has access to 10.0.0.8).
If this doesn't work, then you need to look through the other methods of
tunneling and find one that works for you. Once you have successfully
tunneled, then you should assume that `env.use_ssh_config` will also work.
And you will create Host blocks for all the other inaccessible machines.
Extra points if you can minimize the amount of Host blocks in your ssh
config.
HTH
On Sat, Aug 20, 2016, 3:50 AM Roshan Shetty <roshan.al...@gmail.com> wrote:
> Hi hope you are doing well !!
>
> Is it possible to fix this issue on your free time ?
>
> thank you :)
>
>
>
> Regards,
> Roshan
>
>
> *The only way to do great work is to love what you do. If you haven’t
> found it yet, keep looking. Don’t settle. As with all matters of the heart,
> you’ll know when you find it.” - Steve Jobs*
>
> On Wed, Aug 17, 2016 at 6:05 PM, Roshan Shetty <roshan.al...@gmail.com>
> wrote:
>
>> it's okay.
>>
>> Thanks for spending time on this issue :)
>>
>> My current IP is this : 52.7.1.180 ( running scrip from this machine)
>>
>> Gateway server IP is : 10.0.0.8
>>
>> Destination IP:
>> 10.0.0.9
>> 10.0.1.8
>> 10.0.2.9
>> 10.0.0.52
>> 10.0.0.53
>> 10.0.0.54
>> 10.0.0.59
>> and so on (many more servers are there)
>>
>> Now,
>> I'm struggling with having proxy command.
>>
>> In which server config file i should put Proxy command ?
>>
>> Can you please tell me the config file content for my scenario ?
>>
>> Thank you :)
>>
>>
>>
>> Regards,
>> Roshan
>>
>>
>> *The only way to do great work is to love what you do. If you haven’t
>> found it yet, keep looking. Don’t settle. As with all matters of the heart,
>> you’ll know when you find it.” - Steve Jobs*
>>
>> On Wed, Aug 17, 2016 at 4:28 PM, R M Waters <robert.wat...@gmail.com>
>> wrote:
>>
>>> Apologies, I am not available for chat.
>>>
>>> On Wed, Aug 17, 2016, 6:20 AM Roshan Shetty <roshan.al...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Thanks for the response.
>>>>
>>>> I have some doubt, can we please chat for a while.
>>>>
>>>> I have to finish this today.
>>>>
>>>> Already sent Hangout request..
>>>>
>>>> Thanks :)
>>>>
>>>> Regards,
>>>> Roshan
>>>>
>>>>
>>>> *The only way to do great work is to love what you do. If you haven’t
>>>> found it yet, keep looking. Don’t settle. As with all matters of the heart,
>>>> you’ll know when you find it.” - Steve Jobs*
>>>>
>>>> On Wed, Aug 17, 2016 at 3:45 PM, R M Waters <robert.wat...@gmail.com>
>>>> wrote:
>>>>
>>>>> Here is an example from my working ssh config for all hosts matching
>>>>> "*.qa.local":
>>>>>
>>>>> Host jump
>>>>> User someuser
>>>>> HostName 192.168.x.x
>>>>> IdentityFile ~/.ssh/jumpbox-key
>>>>>
>>>>> Host *.qa.local
>>>>> ProxyCommand ssh -q -A jump 'nc %h %p'
>>>>>
>>>>> On Wed, Aug 17, 2016 at 5:21 AM, Roshan Shetty <roshan.al...@gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Thanks for the reply,
>>>>>>
>>>>>> In my case, how can i write ?
>>>>>>
>>>>>> I tried this
>>>>>>
>>>>>> Host *
>>>>>> User ec2-user
>>>>>> ProxyCommand ssh * nc %h %p
>>>>>>
>>>>>> But its not working
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Roshan
>>>>>>
>>>>>>
>>>>>> *The only way to do great work is to love what you do. If you haven’t
>>>>>> found it yet, keep looking. Don’t settle. As with all matters of the
>>>>>> heart,
>>>>>> you’ll know when you find it.” - Steve Jobs*
>>>>>>
>>>>>> On Wed, Aug 17, 2016 at 7:08 AM, R M Waters <robert.wat...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> The 'Host' specification for the configuration block containing
>>>>>>> ProxyCommand can be a glob (at least, I am afk or would check the man
>>>>>>> page).
>>>>>>> Example:
>>>>>>> Host *.something
>>>>>>> ProxyCommand ....
>>>>>>>
>>>>>>> This will use your jump host for all hosts matching that pattern. I
>>>>>>> have these blocks for all my unique host mappings, like
>>>>>>> *.appserver.domain,
>>>>>>> *.local, et al.
>>>>>>>
>>>>>>> On Tue, Aug 16, 2016, 8:56 AM Roshan Shetty <roshan.al...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> I have checked Proxy command option
>>>>>>>>
>>>>>>>> ProxyCommand ssh vivek@Jumphost nc %h %p
>>>>>>>>
>>>>>>>> But it won't work for me.
>>>>>>>> Reason is : i have multiple destination hosts (more than 100)
>>>>>>>> My script can login to any one of the destiation server based on IP
>>>>>>>> entered. However gateway host is same all the time.
>>>>>>>> How can i configure Proxycommand for my scenario.
>>>>>>>> host 1 -> gateway -> hostA
>>>>>>>> host 1 -> gateway -> hostB
>>>>>>>> host 1 -> gateway -> hostC
>>>>>>>> host 1 -> gateway -> hostD
>>>>>>>> ----------------------------------- (same above scenario continues
>>>>>>>> for 100 servers)
>>>>>>>> Anyone can please post a code snippet ?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Roshan
>>>>>>>>
>>>>>>>>
>>>>>>>> *The only way to do great work is to love what you do. If you
>>>>>>>> haven’t found it yet, keep looking. Don’t settle. As with
>>>>>>>> all matters of the heart, you’ll know when you find it.” - Steve Jobs*
>>>>>>>>
>>>>>>>> On Tue, Aug 16, 2016 at 5:32 PM, R M Waters <
>>>>>>>> robert.wat...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Are you using ProxyCommand with corkscrew and IdentityFile for
>>>>>>>>> your jump host? I have the exact same setup, and I am able to jump
>>>>>>>>> through
>>>>>>>>> gateway and access internal hosts with fanric.
>>>>>>>>>
>>>>>>>>> On Tue, Aug 16, 2016, 1:31 AM Roshan Shetty <
>>>>>>>>> roshan.al...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> I tried to use `env.use_ssh_config`
>>>>>>>>>>
>>>>>>>>>> But it's not working.
>>>>>>>>>>
>>>>>>>>>> because Fabric is not using the ssh config file of gateway
>>>>>>>>>> server. So it will prompt for password
>>>>>>>>>>
>>>>>>>>>> Issue is posted here (http://serverfault.com/
>>>>>>>>>> questions/685141/fabric-using-ssh-config-settings-on-env-gateway)
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Roshan
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> *The only way to do great work is to love what you do. If you
>>>>>>>>>> haven’t found it yet, keep looking. Don’t settle. As with
>>>>>>>>>> all matters of the heart, you’ll know when you find it.” - Steve
>>>>>>>>>> Jobs*
>>>>>>>>>>
>>>>>>>>>> On Mon, Jul 25, 2016 at 10:05 PM, R M Waters <
>>>>>>>>>> robert.wat...@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> You could try using `env.use_ssh_config` instead of gateway,
>>>>>>>>>>> and use a local ssh client config that works how you want outside
>>>>>>>>>>> of fabric
>>>>>>>>>>> (i.e. you can log into the final host through the jump host using
>>>>>>>>>>> the
>>>>>>>>>>> existing keyfiles, using ProxyCommand/IdentityFile). I suppose
>>>>>>>>>>> that fabric
>>>>>>>>>>> instructed to use that config *should* then work as well (but I
>>>>>>>>>>> don't know
>>>>>>>>>>> for sure, apologies). Here is an SO answer that seems to explain
>>>>>>>>>>> how to do
>>>>>>>>>>> what you are asking with ~/.ssh/config: http://
>>>>>>>>>>> serverfault.com/a/337328
>>>>>>>>>>>
>>>>>>>>>>> On Sun, Jul 24, 2016 at 2:07 PM, Roshan Shetty <
>>>>>>>>>>> roshan.al...@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>> I have asked this question on stack overflow but i haven't
>>>>>>>>>>>> received any response.
>>>>>>>>>>>>
>>>>>>>>>>>> My scenario:
>>>>>>>>>>>>
>>>>>>>>>>>> Local host -> Gateway -> Remote host
>>>>>>>>>>>>
>>>>>>>>>>>> I am using env.gateway variable to specify gateway host.
>>>>>>>>>>>>
>>>>>>>>>>>> sample code
>>>>>>>>>>>>
>>>>>>>>>>>> `env.user = "ec2-user"
>>>>>>>>>>>>
>>>>>>>>>>>> env.key_filename =
>>>>>>>>>>>> ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]
>>>>>>>>>>>>
>>>>>>>>>>>> env.hosts = ['x.x.x.244', 'x.x.x.132']
>>>>>>>>>>>> env.gateway = 'x.x.x.189'
>>>>>>>>>>>>
>>>>>>>>>>>> def getdate():
>>>>>>>>>>>> content = run('date')
>>>>>>>>>>>>
>>>>>>>>>>>> `
>>>>>>>>>>>> My problem is with pem key path.
>>>>>>>>>>>>
>>>>>>>>>>>> /home/roshan.r/test.pem is located in current directory. which
>>>>>>>>>>>> is used for login into gateway server.
>>>>>>>>>>>>
>>>>>>>>>>>> Other two mentioned pem files are located in gateway servers.
>>>>>>>>>>>> Those will be used to login to next machie.
>>>>>>>>>>>>
>>>>>>>>>>>> When i run this program i'm getting file not found error.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks for any help !!
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Roshan
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *The only way to do great work is to love what you do. If you
>>>>>>>>>>>> haven’t found it yet, keep looking. Don’t settle. As with
>>>>>>>>>>>> all matters of the heart, you’ll know when you find it.” - Steve
>>>>>>>>>>>> Jobs*
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Fab-user mailing list
>>>>>>>>>>>> Fab-user@nongnu.org
>>>>>>>>>>>> https://lists.nongnu.org/mailman/listinfo/fab-user
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>>>
>>
>
_______________________________________________
Fab-user mailing list
Fab-user@nongnu.org
https://lists.nongnu.org/mailman/listinfo/fab-user
