Description:
----[For better reports, please attach the log file after submitting. You can find it in /Users/vcardillo/Library/Application Support/MySQL/Workbench/log/wb.log]
I have enabled both private key, AND password login, on a "bastion" host. This is accomplished via:
/etc/ssh/sshd_config:
PasswordAuthentication yes
AuthenticationMethods publickey,password
Anyways, I can successfully log into the bastion host with my key + password, and then subsequently hop into the mysql box afterwards.
Also, using Workbench, I currently have a working "Standard TCP/IP Over SSH" connection type working, on an existing bastion host that uses only key login.
I can not get the Workbench client to connect to the mysql instance, using the "Standard TCP/IP Over SSH" connection type, on the bastion host that requires both key + password login.
How to repeat:
1) Configure a bastion host to use both password and key login. On Ubuntu 16.04:
/etc/ssh/sshd_config:
PasswordAuthentication yes
AuthenticationMethods publickey,password
2) Ensure that you can connect to the bastion host, using both your key and your password.
3) Once on the bastion, ensure you can hop into your mysql box.
4) In Workbench, set up the "Standard TCP/IP Over SSH" connection type. Fill out both the SSH Key File field, and the SSH Password field (by clicking "Store in Keychain...").
5) Attempt to connect to the mysql instance.
Error pop up:
"Could not connect the SSH Tunnel
Authentication error. Please check that your username and password are correct and try again.
Details (Original exception message):
Authentication failed, please check credentials.
Please refer to logs for details"
Click "Cancel".
Log output:
```
3:33:13 [INF][ SSH tunnel]: Starting tunnel
13:33:13 [INF][ SSH tunnel]: Existing SSH tunnel not found, opening new one
13:33:17 [INF][ SSH tunnel]: Opening SSH tunnel to w.x.y.z
13:33:21 [ERR][sshtunnel.py:notify_exception_error:235]: Traceback (most recent call last):
File "/Applications/MySQLWorkbench.app/Contents/Resources/sshtunnel.py", line 303, in _connect_ssh
look_for_keys=has_key, allow_agent=has_key, timeout=SSH_CONNECTION_TIMEOUT)
File "/Applications/MySQLWorkbench.app/Contents/Resources/libraries/paramiko/client.py", line 367, in connect
look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host)
File "/Applications/MySQLWorkbench.app/Contents/Resources/libraries/paramiko/client.py", line 584, in _auth
raise saved_exception
AuthenticationException: Authentication failed.
13:33:22 [ERR][ SSH tunnel]: Authentication error opening SSH tunnel: Authentication error. Please check that your username and password are correct and try again.
Details (Original exception message):
Authentication failed, please check credentials.
Please refer to logs for details
13:34:01 [INF][ WBContext]: Connection to omg-qual-db1-bastion2 cancelled by user: Tunnel connection cancelled
```
Suggested fix:
This works fine in Sequel Pro. A user should be able to use both a password and an SSH key for the "Standard TCP/IP Over SSH" connection type option.
Description: ----[For better reports, please attach the log file after submitting. You can find it in /Users/vcardillo/Library/Application Support/MySQL/Workbench/log/wb.log] I have enabled both private key, AND password login, on a "bastion" host. This is accomplished via: /etc/ssh/sshd_config: PasswordAuthentication yes AuthenticationMethods publickey,password Anyways, I can successfully log into the bastion host with my key + password, and then subsequently hop into the mysql box afterwards. Also, using Workbench, I currently have a working "Standard TCP/IP Over SSH" connection type working, on an existing bastion host that uses only key login. I can not get the Workbench client to connect to the mysql instance, using the "Standard TCP/IP Over SSH" connection type, on the bastion host that requires both key + password login. How to repeat: 1) Configure a bastion host to use both password and key login. On Ubuntu 16.04: /etc/ssh/sshd_config: PasswordAuthentication yes AuthenticationMethods publickey,password 2) Ensure that you can connect to the bastion host, using both your key and your password. 3) Once on the bastion, ensure you can hop into your mysql box. 4) In Workbench, set up the "Standard TCP/IP Over SSH" connection type. Fill out both the SSH Key File field, and the SSH Password field (by clicking "Store in Keychain..."). 5) Attempt to connect to the mysql instance. Error pop up: "Could not connect the SSH Tunnel Authentication error. Please check that your username and password are correct and try again. Details (Original exception message): Authentication failed, please check credentials. Please refer to logs for details" Click "Cancel". Log output: ``` 3:33:13 [INF][ SSH tunnel]: Starting tunnel 13:33:13 [INF][ SSH tunnel]: Existing SSH tunnel not found, opening new one 13:33:17 [INF][ SSH tunnel]: Opening SSH tunnel to w.x.y.z 13:33:21 [ERR][sshtunnel.py:notify_exception_error:235]: Traceback (most recent call last): File "/Applications/MySQLWorkbench.app/Contents/Resources/sshtunnel.py", line 303, in _connect_ssh look_for_keys=has_key, allow_agent=has_key, timeout=SSH_CONNECTION_TIMEOUT) File "/Applications/MySQLWorkbench.app/Contents/Resources/libraries/paramiko/client.py", line 367, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host) File "/Applications/MySQLWorkbench.app/Contents/Resources/libraries/paramiko/client.py", line 584, in _auth raise saved_exception AuthenticationException: Authentication failed. 13:33:22 [ERR][ SSH tunnel]: Authentication error opening SSH tunnel: Authentication error. Please check that your username and password are correct and try again. Details (Original exception message): Authentication failed, please check credentials. Please refer to logs for details 13:34:01 [INF][ WBContext]: Connection to omg-qual-db1-bastion2 cancelled by user: Tunnel connection cancelled ``` Suggested fix: This works fine in Sequel Pro. A user should be able to use both a password and an SSH key for the "Standard TCP/IP Over SSH" connection type option.