Re: [Fab-user] Quick test of 1.4

[Jeff Forcier]

I'm CCing the list on this in case the explanation below helps out
anybody else :)

> Is there a special syntax for specifying
> that host B is available through host A?  Or is it going to just be
> something like fab -H host1 <task executing run('ssh host2 $command')>?

That's more https://github.com/fabric/fabric/issues/38 -- they're
related but not the same thing. (I might try to tackle that for 1.4 as
well; haven't decided yet.)


Tunneling/gatewaying is bouncing off one server to another, at the SSH
level, so while it's *effectively like* running "run('ssh host2 foo')"
against host1, it doesn't involve spawning a shell on host1 or using
host1's "ssh" client program (only the server, IIRC.)

This is useful for when host2 cannot be reached from your localhost at
all -- thus "gateway".


Agent forwarding allows connections from the remote host to other
hosts to use your local agent for authenticating. A common scenario
for this is pulling down (onto the remote box) private Git repos
served over SSH from some other system.

The problem here is not that you can't reach the Git repo, it's that
you *must* talk to the Git repo via SSH *from the remote box*. Without
agent forwarding (i.e. with Fab 1.3 and below) you need to have keys
installed on the remote box, or use interactive password auth.

That latter point is where agent forwarding works well with
gatewaying, again if my memory of how gateways work is accurate.


Hope that helps,
Jeff

-- 
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org