#2885 HeidiSQL should ask for private key's passphrase when connecting through SSH tunnel

[Anonymous]

Originally created by: mel... (code.google.com)@gmail.com

What is the problem that needs to be solved (required)?
If you use a private key with passphrase to connect through a SSH tunnel, you must save it in HeidiSQL session manager in order it to work, which is not secure, since it's simply obfuscated in the Windows registry.

Also, whether you save it or not, you can see the plain text passphrase in the process parameters of plink.exe (using Process Explorer, for example), which is also not very good.

I tried with stable HeidiSQL 7.0.0.4051 and nightly build [r4160].

What is a practical way to implement this idea (optional)?
I know that interfacing with plink is hard, but *ideal* solution, although not sure if possible, would be that HeidiSQL would give the passphrase to plink through stdin when it asks for it. For example, when you use plink manually, this happens:

------
C:\>plink -L 3306:localhost:3306 user@example.com -i "private.ppk"
Using username "user".
Passphrase for key "private-sample-key": <here the user can type>
------

If this were possible, HeidiSQL should then ask for the passphrase if 1) the passphrase box is empty and 2) detects if the key is encrypted (second line of the key is different than "Encryption: none").

Another solution to this problem would be using Pageant, but that's less than ideal, and also less secure. I would rather use plink manually and connect HeidiSQL to localhost.

[Anonymous]

Originally posted by: vanav@vanav.org

Yes, please, ask key password interactively.

Workaround 1:
> pageant "private.key.ppk" -c "C:\Program Files\HeidiSQL\heidisql.exe"
Network type: MySQL (SSH tunnel)
Hostname: 127.0.0.1
Port: 3306
SSH host: example.com
Username: user
Private key file: "private.key.ppk"
Local port: 3307

Workaround 2:
> plink user@example.com -i "private.key.ppk" -N -L 3307:127.0.0.1:3306
Network type: MySQL (TCP/IP)
Hostname: 127.0.0.1
Port: 3307