Support the new ProxyJump ssh config option

[hexchain]

OpenSSH introduced a new ProxyJump option which makes it a lot easier to setup ssh jump hosts. It would be nice that fabric could support it.

[bitprophet]

This is presumably similar to Fabric's built-in gateway setting, no? Haven't had a chance to try out -J myself yet.

FWIW Fabric 2 (alpha out soon!) allows infinitely nested gateway connections which I'm guessing is at least as flexible as ProxyJump if not more so. E.g.:

bastion = Connection(host='external-bastion.mycompany.com')
inner_gw = Connection(host='internal-gateway.mycompany.com', gateway=bastion)
real_target = Connection(host='very-internal-server.mycompany.com', gateway=inner_gw)

[hexchain]

Yes, it's similar to the gateway option, but for OpenSSH it's cleaner, and you don't have to write ProxyCommand anymore.

What I'd like to see is that fabric understands the option when parsing SSH config file, so no need to specify -g.

[bitprophet]

Yea, sorry, I meant to acknowledge that part - should be pretty easy to make

ProxyJump user@host1, user2@host2:port2, ...

implicitly turn into a nested series of gateway=Command(...) arguments as noted above.

I haven't gotten solid ssh config support hooked up for Fabric 2 yet (it's taking a much more explicit tack towards state & configuration, so implicit loading of ssh config files needs some thinking) but when I do I'll do my best to make sure this is included. Thanks!

[bitprophet]

(And Fabric 1 would only be able to honor a single value in ProxyJump, but still, would be a nice-to-have there as well. I'd accept a PR for that, actually.)

[ghost]

i am trying to preform action's on remote machine that in order to get there i need to go through 2-3 for pushing file
other scenario is when i am trying to pull a file from a remote server that i also need to jump 2-3 servers

currently i see that the env.gateway gets only 1 host ,
hi
i am trying to preform action's on remote machine that in order to get there i need to go through 2-3 for pushing file
other scenario is when i am trying to pull a file from a remote server that i also need to jump 2-3 servers

currently i see that the env.gateway gets only 1 host ,

how can i achieve it with fabric 1

[frenchja]

But does the --gateway option allow for different SSH keys, like the ProxyJump directive? Within the ~/.ssh/config, one has the ability to define separate keys for the target and bastion boxes. However, the password prompt at the target box leads me to believe that Fabric ignores the secondary key that's specified in the ~/.ssh/config.

[bitprophet]

See my earlier comments, Fabric 1 has a simple, one-hop gateway functionality, 2.x will be public soon and offers far more flexibility.

[bitprophet]

v2 has this working now, both single and (as of today) multi-hop ProxyJump.

Just did myself a little demo wherein my SSH config file was autoloaded and its ProxyJump honored to talk to a host that was 2 other hosts away (so Host final\n\tProxyJump gateway1,gateway2 + fab -H final).

(Nothing but administrivia in the way of the public alpha now...>_>)