heidisql / Tickets / #2902 SSH-tunnel via Plink: HeidiSQL doesn't provide a way to make a host "known" and fails to connect

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2012-07-23

Originally posted by: magnita...@gmail.com

To be clear, I noticed it because I use KiTTY (a fork of PuTTY), which is portable and thus instead of writing known host keys in registry keeps them in files inside its own subdirectory. That's why no keys were found by plink. And there is no way of adding them within HeidiSQL+plink flow or to connect to the server without storing the key. Maybe the latter choice would be appropriate if we don't want to ask the user for additional input (but in fact it's still required to unlock password-protected private key).

*Originally posted by:* [magnita...@gmail.com](http://code.google.com/u/109640865455848652996/) To be clear, I noticed it because I use KiTTY \(a fork of PuTTY\), which is portable and thus instead of writing known host keys in registry keeps them in files inside its own subdirectory. That's why no keys were found by plink. And there is no way of adding them within HeidiSQL+plink flow or to connect to the server without storing the key. Maybe the latter choice would be appropriate if we don't want to ask the user for additional input \(but in fact it's still required to unlock password-protected private key\).

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2012-10-02

Originally posted by: p...@ppy.sh

This has always happened for me, and I have heard from colleagues which have spend a lot of time tracking down the reason for connection failures resulting from this issue. Can be easily resolved by manually connecting via PuTTY or plink from a command line and adding the host as a known host, but should really prompt the user from HeidiSQL itself.

*Originally posted by:* [p...@ppy.sh](http://code.google.com/u/108555233068064484888/) This has always happened for me, and I have heard from colleagues which have spend a lot of time tracking down the reason for connection failures resulting from this issue. Can be easily resolved by manually connecting via PuTTY or plink from a command line and adding the host as a known host, but should really prompt the user from HeidiSQL itself.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2013-02-25

Originally posted by: isaac.raway@gmail.com

Ugh this has hit me hard over the last few weeks. I could swear that this use to happen.

*Originally posted by:* [isaac.raway@gmail.com](http://code.google.com/u/isaac.raway@gmail.com/) Ugh this has hit me hard over the last few weeks. I could swear that this use to happen.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2013-12-16

Originally posted by: a...@anse.de

Issue 3470 has been merged into this issue.

Related

Tickets: ~~#3470~~

*Originally posted by:* [a...@anse.de](http://code.google.com/u/109183940118681839166/) [Issue 3470](#3470) has been merged into this issue.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-02-21

Originally posted by: bogdan.ghervan

*+ 1 on this issue*. It took me a lot of time to figure this out when it first happened (kept on getting "Can't connect to MySQL server on 'localhost' (10061)" until I figured it out). I'm still experiencing this issue several times a week, as I spend roughly half of my business day fiddling around several databases.

The reason I'm experiencing this repeatedly is that even though I'm attempting to connect to the same databases, the servers I have to tunnel through are cloud instances and their RSA2 key fingerprints change with every new launch.

The current workaround for me is:
1) attempt to connect and be refused the connection;
2) separately connect with PuTTY and accept the new host key;
3) go back to HeidiSQL and successfully connect.

I guess HeidiSQL would need to capture the security prompt and proxy it to the user. I've attached a screen shot depicting how PuTTY typically reacts to this situation.

*Originally posted by:* [bogdan.ghervan](http://code.google.com/u/bogdan.ghervan/) \*+ 1 on this issue\*. It took me a lot of time to figure this out when it first happened \(kept on getting "Can't connect to MySQL server on 'localhost' \(10061\)" until I figured it out\). I'm still experiencing this issue several times a week, as I spend roughly half of my business day fiddling around several databases. The reason I'm experiencing this repeatedly is that even though I'm attempting to connect to the same databases, the servers I have to tunnel through are cloud instances and their RSA2 key fingerprints change with every new launch. The current workaround for me is: 1\) attempt to connect and be refused the connection; 2\) separately connect with PuTTY and accept the new host key; 3\) go back to HeidiSQL and successfully connect. I guess HeidiSQL would need to capture the security prompt and proxy it to the user. I've attached a screen shot depicting how PuTTY typically reacts to this situation.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

security-alert.png

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-22

Originally posted by: a...@anse.de

[r4736] tries to pipe a "echo y | plink.exe ..." into the plink command line. That approach works with a "echo j | del /P test.txt" command. Cannot test SSH here, so if you could test that would be nice.

Labels: Severity-Broken
Status: Accepted

Related

Commit: [r4736]

*Originally posted by:* [a...@anse.de](http://code.google.com/u/109183940118681839166/) [r4736] tries to pipe a "echo y | plink.exe ..." into the plink command line. That approach works with a "echo j | del /P test.txt" command. Cannot test SSH here, so if you could test that would be nice. **Labels:** Severity-Broken **Status:** Accepted

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-24

Originally posted by: bogdan.ghervan

Thank you for making this a priority. A fix for this issue would be much appreciated.

I know that it is easier to implement the fix like this, but I don't think we should automatically force a "Yes" response behind the scenes, but rather prompt the user to evaluate whether he should proceed or not. There's a security concern behind these prompts being fired.

*Originally posted by:* [bogdan.ghervan](http://code.google.com/u/bogdan.ghervan/) Thank you for making this a priority. A fix for this issue would be much appreciated. I know that it is easier to implement the fix like this, but I don't think we should automatically force a "Yes" response behind the scenes, but rather prompt the user to evaluate whether he should proceed or not. There's a security concern behind these prompts being fired.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-26

Originally posted by: fredric....@gmail.com

Agreed, this solution is not good from a security perspective.

*Originally posted by:* [fredric....@gmail.com](http://code.google.com/u/108495287643579021938/) Agreed, this solution is not good from a security perspective.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-26

Originally posted by: bogdan.ghervan

I looked a bit into plink, and although it's not that flexible I found a workaround that is superior(-ish) to the original proposed solution.

It would mean using the "-batch" parameter. According to the documentation (http://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter7.html#plink-option-batch):
"If you use the -batch option, Plink will never give an interactive prompt while establishing the connection. If the server's host key is invalid, for example (see section 2.2), then the connection will simply be abandoned instead of asking you what to do next."

So trying to connect to a server with a host key yet unknown, would throw a specific error message which could be parsed (I already checked - there isn't a special error exit code to go with the message). At that point HeidiSQL could prompt the user to either accept the host key or not, and if the user accepts it, HeidiSQL would have to try to connect once again, but this time forcing a "Yes" response behind the scenes, like you originally intended to.

This still doesn't ensure with 100% certainty that the server HeidiSQL is eventually connecting too is the one initially advertised by the prompt.

I am attaching a screen shot that illustrates the use of the "-batch" parameter, since you said you don't have a SSH server readily available to connect to.

*Originally posted by:* [bogdan.ghervan](http://code.google.com/u/bogdan.ghervan/) I looked a bit into plink, and although it's not that flexible I found a workaround that is superior\(-ish\) to the original proposed solution. It would mean using the "-batch" parameter. According to the documentation \([http://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter7.html#plink-option-batch](http://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter7.html#plink-option-batch)\): "If you use the -batch option, Plink will never give an interactive prompt while establishing the connection. If the server's host key is invalid, for example \(see section 2.2\), then the connection will simply be abandoned instead of asking you what to do next." So trying to connect to a server with a host key yet unknown, would throw a specific error message which could be parsed \(I already checked - there isn't a special error exit code to go with the message\). At that point HeidiSQL could prompt the user to either accept the host key or not, and if the user accepts it, HeidiSQL would have to try to connect once again, but this time forcing a "Yes" response behind the scenes, like you originally intended to. This still doesn't ensure with 100% certainty that the server HeidiSQL is eventually connecting too is the one initially advertised by the prompt. I am attaching a screen shot that illustrates the use of the "-batch" parameter, since you said you don't have a SSH server readily available to connect to.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

plink.png

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-27

Originally posted by: ja...@pawlinski.pl

I'm using renci ssh library in my project, works much more stable than
plink and can be controled easily from application while with plink we
often ended up with nearly hundred of them hanging in process list.

*Originally posted by:* [ja...@pawlinski.pl](http://code.google.com/u/108829213082866759892/) I'm using renci ssh library in my project, works much more stable than plink and can be controled easily from application while with plink we often ended up with nearly hundred of them hanging in process list.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-27

Originally posted by: a...@anse.de

That seems to be C# code. I am still looking for a native Delphi library which does ssh port forwarding and which is open source or at least freeware.

*Originally posted by:* [a...@anse.de](http://code.google.com/u/109183940118681839166/) That seems to be C\# code. I am still looking for a native Delphi library which does ssh port forwarding and which is open source or at least freeware.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-28

Originally posted by: a...@anse.de

This issue was closed by revision [r4746].

Status: Fixed

Related

Commit: [r4746]

*Originally posted by:* [a...@anse.de](http://code.google.com/u/109183940118681839166/) This issue was closed by revision [r4746]. **Status:** Fixed

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-28

Originally posted by: a...@anse.de

Should all be fixed now. But please some feedback. There is quite a lot of new code which probably has some glitches.

*Originally posted by:* [a...@anse.de](http://code.google.com/u/109183940118681839166/) Should all be fixed now. But please some feedback. There is quite a lot of new code which probably has some glitches.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-30

Originally posted by: magnita...@gmail.com

Works great for me, thank you!
P.S. If I didn't move to Linux, I'd have only one minor wish left regarding plink: ability to use "..\putty\plink.exe" and "%USERPROFILE%\Dropbox\putty\plink.exe" kinds of path.

*Originally posted by:* [magnita...@gmail.com](http://code.google.com/u/109640865455848652996/) Works great for me, thank you\! P.S. If I didn't move to Linux, I'd have only one minor wish left regarding plink: ability to use "..\putty\plink.exe" and "%USERPROFILE%\Dropbox\putty\plink.exe" kinds of path.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-30

Originally posted by: a...@anse.de

And the reason why you cannot use paths like that is, that HeidiSQL complains about a non existing plink.exe file in such cases? If yes, HeidiSQL just warns you, it does not prevent you from using such paths, right?

*Originally posted by:* [a...@anse.de](http://code.google.com/u/109183940118681839166/) And the reason why you cannot use paths like that is, that HeidiSQL complains about a non existing plink.exe file in such cases? If yes, HeidiSQL just warns you, it does not prevent you from using such paths, right?

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-31

Originally posted by: bogdan.ghervan

So here's my feedback:

1) On my first attempt to connect to a server whose fingerprint had changed, I got a "Update cached key?" confirmation dialog. I pressed "Yes" only to receive a "PLink returned an unexpected code" type of error and the full command it had issued behind the scenes. Clicking "Open" one more time successfully opened the connection. I am unable to reproduce this error again, by manually changing the stored key from the Windows registry, and then let HeidiSQL/plink "update" it. I'll let you know if I ever come across it ever again.

2) The text on the confirmation dialog needs to change a bit with respect to the actual buttons being shown. Instead of <<enter "y">> or <<press Return to cancel>> the user should rather be instructed to "press yes" or "press Cancel", respectively.

*Originally posted by:* [bogdan.ghervan](http://code.google.com/u/bogdan.ghervan/) So here's my feedback: 1\) On my first attempt to connect to a server whose fingerprint had changed, I got a "Update cached key?" confirmation dialog. I pressed "Yes" only to receive a "PLink returned an unexpected code" type of error and the full command it had issued behind the scenes. Clicking "Open" one more time successfully opened the connection. I am unable to reproduce this error again, by manually changing the stored key from the Windows registry, and then let HeidiSQL/plink "update" it. I'll let you know if I ever come across it ever again. 2\) The text on the confirmation dialog needs to change a bit with respect to the actual buttons being shown. Instead of <<enter "y">> or <<press Return to cancel>> the user should rather be instructed to "press yes" or "press Cancel", respectively.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

update-cached-key.png

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-31

Originally posted by: a...@anse.de

I cannot reproduce your first issue either. But please shout if you come across it once again.

The second thing is quite difficult to solve. While I'm already parsing the last prompt away "(y/n)", those inbetween other sentences and randomly phrased differently are not detectable reliable. Or?

*Originally posted by:* [a...@anse.de](http://code.google.com/u/109183940118681839166/) I cannot reproduce your first issue either. But please shout if you come across it once again. The second thing is quite difficult to solve. While I'm already parsing the last prompt away "\(y/n\)", those inbetween other sentences and randomly phrased differently are not detectable reliable. Or?

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2014-03-31

Originally posted by: magnita...@gmail.com

Re #16: Yes, you are almost* right, I should check before writing, but that red font confused me.
* "..\putty\plink.exe" worked, "%USERPROFILE%\Dropbox\PuTTY\PLINK.EXE" did not.
Not that it's important for me now, just FYI.

Re #18: How about simple replacements «enter "y"» => «press Yes», «enter "n"» => «press No», «press Return to cancel. Pressing Return» => «press Cancel. Pressing Cancel»? Am I missing something?

*Originally posted by:* [magnita...@gmail.com](http://code.google.com/u/109640865455848652996/) Re \#16: Yes, you are almost\* right, I should check before writing, but that red font confused me. \* "..\putty\plink.exe" worked, "%USERPROFILE%\Dropbox\PuTTY\PLINK.EXE" did not. Not that it's important for me now, just FYI. Re \#18: How about simple replacements «enter "y"» => «press Yes», «enter "n"» => «press No», «press Return to cancel. Pressing Return» => «press Cancel. Pressing Cancel»? Am I missing something?

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SSH-tunnel via Plink: HeidiSQL doesn't provide a way to make a host "known"...

Searches

Help

#2902 SSH-tunnel via Plink: HeidiSQL doesn't provide a way to make a host "known" and fails to connect

Related

Discussion

Related

Related

Related