Bug #71478 Prompt for password for SSH private key despite using SSH agent
Submitted: 25 Jan 2014 14:28 Modified: 10 Sep 2014 12:39
Reporter: Oliver Kuckertz Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Workbench Severity:S3 (Non-critical)
Version:6.1.7 OS:MacOS (10.9.4)
Assigned to: CPU Architecture:Any
Tags: ssh

[25 Jan 2014 14:28] Oliver Kuckertz 
Description:
When creating a new connection on OS X in MySQL workbench using an SSH tunnel and public key authentication, MySQL Workbench will always prompt for a password, even if no password is required for unlocking the private key because the SSH agent is used.

This appears to be a purely cosmetic issue: Entering an empty password and opting to store it in the keychain results in a successful connection.

How to repeat:
1. Setup keyless authentication to a remote server using a new SSH key. The SSH key may be password-protected.
2. Register the new SSH key with OS X's SSH agent and opt to store the passphrase in the system's keychain using ssh-add -K $HOME/.ssh/id_rsa
3. Ensure no passwords are stored in the keychain the key by Workbench (ssh_keyfile@...)
4. In Workbench, create a new connection to a remote server using an SSH tunnel
5. Select the previously created SSH key
6. Hit test connection

Suggested fix:
Do not ask for a passphrase when connecting to a remote host through SSH using public key authentication, unless a passphrase is required to unlock the private key.
[14 Aug 2014 18:40] MySQL Verification Team 
Please try version 6.1.7. Thanks.
[14 Aug 2014 18:56] Oliver Kuckertz 
I can reproduce this issue using version 6.1.7. To reproduce, I have deleted the entry named ssh_keyfile@... from my login keychain and attempted to connect using MySQL Workbench. It prompted for a password.
[10 Sep 2014 4:11] Alfredo Kojima 
If you are using a SSH key with an agent, you don't need to specify the key in Workbench at all.
[10 Sep 2014 12:39] Oliver Kuckertz 
I attempted to remove the key path from Workbench like you suggested. This unfortunately did not work. Here is what I did:
1. Edit my connection and clear the SSH key path. I also hit the "clear" button for the SSH password and checked in Keychain that the (empty) SSH key password entry was indeed gone.
2. Save and connect
3. I was then prompted to enter a password for the SSH connection.
4. There is no password, so I attempted to proceed without by hitting OK. [And even if that worked, this is what this issue is about - it should not prompt for a password for either the server or key.]
5. A message box titled "Could not connect the SSH Tunnel", which explains that there was an authentication error, popped up.

After re-adding the path to the (password-protected, but registered with ssh-agent) SSH key and providing an empty password for it when prompted, the connection worked again.

Workbench does not seem to automatically use my SSH keyfile.
[18 Nov 2014 15:04] William Nurmi 
I'm having the exact same issue on MySQL Workbench 6.2.3.12313. The workbench insist on asking for the password even though it should not. The steps to resolve it as posted by Oliver did not help though.

Any input would be appreciated!