I have a SOCKS proxy setup to a gateway server which is created by setting up a host definition in my ssh_config
to use DynamicForward localhost:9876
. To connect with SSH to the remote server I've setup another host definition to use ProxyCommand /usr/bin/nc -x localhost:9876 %h %p
which is all working fine.
However my fabric script needs 开发者_StackOverflow社区to connect to that remote server. How can I tell it to use the SOCKS proxy when it connects?
Tunnelling is now (March 2013) supported by Fabric natively: see the discussion leading to the changes in code and the commit message with a bit of rationale.
Fabric's SSH layer does not support gateways or proxies at the moment but they "may end up patching/forking it sometime to add that functionality." (from here).
There's also an outstanding issue on Fabric to implement tunneling.
This blog post suggests overriding the run function.
You can use tsocks and the OpenSSH client's built-in support for creating SOCKS tunnels. It requires a bit of configuration but it works fine. Below is how I got started on Ubuntu 10.04.
# Install the tsocks library and shell script.
sudo apt-get install tsocks
# Configure the range of IP addresses you need access to.
sudo nano /etc/tsocks.conf
# Use the OpenSSH client to create a socks proxy (stepping
# stones are hosts used to gain access to private subnets).
ssh -D 1080 stepping.stone
# Now connect to any given address in your configured range.
# tsocks will intercept the connection and route it using
# the SOCKS proxy we created with the previous command.
tsocks ssh 1.2.3.4
The fact that Fabric doesn't work without a VPN connection was a deal breaker for me, so this is a great solution; all it requires is SSH access to one host.
on Fabric (1.12.0)
(doc):
env.use_ssh_config = True
精彩评论