| Bug #49418 | SSH keys with passphrases not usable | ||
|---|---|---|---|
| Submitted: | 3 Dec 2009 20:35 | Modified: | 5 Feb 2010 16:08 |
| Reporter: | Kolbe Kegel | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Workbench: Administration | Severity: | S2 (Serious) |
| Version: | 5.2.10 4686 | OS: | MacOS |
| Assigned to: | Maksym Yehorov | CPU Architecture: | Any |
[15 Dec 2009 12:15]
Maksym Yehorov
Fixed. WB asks for password to unlock keys now.
[27 Jan 2010 21:04]
Maksym Yehorov
Fixed
[29 Jan 2010 22:41]
Johannes Taxacher
fix confirmed. will be included in 5.2.16
[5 Feb 2010 16:08]
Tony Bedford
An entry has been added to the 5.2.16 changelog: MySQL Workbench did not support SSH keys that required a passphrase to be entered.
Description: It seems that WB does not support SSH keys that require passphrases. Whether this is by design or not, it is highly problematic, as SSH keys without passphrases pose a serious security risk. Test Connection fails with this message: "Could not connect SSH tunnel: ERROR Authentication failed.". The failure occurs whether or not an SSH Agent is running with this key added. How to repeat: 1) New Connection 2) Connection Method: Standard TCP/IP over SSH 3) Enter user & host details 4) Enter path to a passphrase-protected SSH key 5) Hit Test Connection Console messages: 2009-12-03 12:32:47 [0x0-0x1af1af].com.sun.MySQLWorkbench[8115] 6149 INFO Connecting to SSH server at remote:22... 2009-12-03 12:32:47 [0x0-0x1af1af].com.sun.MySQLWorkbench[8115] 6149 ERROR Failed to connect to remote:22: AuthenticationException('Authentication failed.',) Suggested fix: WB should utilize key file in such a way that the SSH Agent, if one is running, can be used. User should be prompted for passphrase if the selected key has not been added to an SSH agent.