Bug #104227 interactive SSH login needed - external component has thrown an exception
Submitted: 6 Jul 2021 21:07 Modified: 27 May 2022 12:58
Reporter: Maria Amador Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Workbench Severity:S2 (Serious)
Version:8.0.15 OS:Linux
Assigned to: MySQL Verification Team CPU Architecture:Any
Tags: WBBugReporter

[6 Jul 2021 21:07] Maria Amador 
Description:
Issue: how to enable interactive login on MySQL Workbench?  Centrify MFA was recently implemented to our unix servers where our MySQL is hosted; and now when I try to connect via Workbench I am only prompted for server password (which was successful), but not for the MFA password.   This is causing the error 'external component has thrown an exception'.   I am able to log in to the unix box via SSH client (putty, mobaxterm, gitbas) and Filezilla with interactive login, where I get prompted twice for passwords (server AD pswd, then MFA pswd).

----log file details as follows (6 Jul 2021 wb.log), I've masked server,port details -

11:59:18 [INF][     SSH tunnel]: Starting tunnel
11:59:18 [INF][     SSH tunnel]: Existing SSH tunnel not found, opening new one
11:59:25 [INF][     SSH tunnel]: Opening SSH tunnel to usdfw24as57-hdp.mrshmc.com:22
11:59:25 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.8.5 (c) 2003-2018 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
11:59:25 [INF][      SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 2976
11:59:25 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
11:59:26 [INF][      SSHCommon]: libssh: ssh_kex_select_methods ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-ed25519,aes256-ctr,aes256-ctr,hmac-sha2-256,hmac-sha2-256,none,none,,
11:59:26 [INF][      SSHCommon]: libssh: ssh_packet_dh_reply ssh_packet_dh_reply: Received SSH_KEXDH_REPLY
11:59:26 [INF][      SSHCommon]: libssh: ssh_client_curve25519_reply ssh_client_curve25519_reply: SSH_MSG_NEWKEYS sent
11:59:26 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
11:59:26 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Signature verified and valid
11:59:27 [INF][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,password,keyboard-interactive
11:59:27 [INF][     SSHSession]: Banner: 
This system is for the use by authorized users only. All data contained
on all systems is owned by the company and may be monitored, intercepted,
recorded, read, copied, or captured in any manner and disclosed in any
manner, by authorized company personnel. Users (authorized or unauthorized)
have no explicit or implicit expectation of privacy. Unauthorized or improper
use of this system may result in administrative, disciplinary action, civil
and criminal penalties. Use of this system by any user, authorized or
unauthorized, constitutes express consent to this monitoring, interception,
recording, reading, copying, or capturing and disclosure.

IF YOU DO NOT CONSENT, LOG OFF NOW.

##################################################################
# *** This Server is using Centrify                          *** #
# *** Remember to use your Active Directory account          *** #
# ***    password when logging in                            *** #
##################################################################

12:01:25 [ERR][      Workbench]: External component has thrown an exception.
Exception = System.Runtime.InteropServices.SEHException
Message = External component has thrown an exception.
FullText = System.Runtime.InteropServices.SEHException (0x80004005): External component has thrown an exception.
   at MySQL.Forms.ViewEventTarget.HandleMouseClick(Object sender, MouseEventArgs e)
   at System.Windows.Forms.Control.OnMouseClick(MouseEventArgs e)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
-----

---compared to an older log file (8 Jun 2021 wb.4.log) when Centrify MFA was not enabled yet and I was able to use Workbench without issues -
14:06:39 [INF][     SSH tunnel]: Opening SSH tunnel to <server:port>
14:06:39 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.8.5 (c) 2003-2018 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
14:06:39 [INF][      SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 3040
14:06:39 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
14:06:40 [INF][      SSHCommon]: libssh: ssh_kex_select_methods ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-ed25519,aes256-ctr,aes256-ctr,hmac-sha2-256,hmac-sha2-256,none,none,,
14:06:40 [INF][      SSHCommon]: libssh: ssh_packet_dh_reply ssh_packet_dh_reply: Received SSH_KEXDH_REPLY
14:06:40 [INF][      SSHCommon]: libssh: ssh_client_curve25519_reply ssh_client_curve25519_reply: SSH_MSG_NEWKEYS sent
14:06:40 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
14:06:40 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Signature verified and valid
14:06:41 [INF][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,password,keyboard-interactive
14:06:41 [INF][     SSHSession]: Banner: 
This system is for the use by authorized users only. All data contained
on all systems is owned by the company and may be monitored, intercepted,
recorded, read, copied, or captured in any manner and disclosed in any
manner, by authorized company personnel. Users (authorized or unauthorized)
have no explicit or implicit expectation of privacy. Unauthorized or improper
use of this system may result in administrative, disciplinary action, civil
and criminal penalties. Use of this system by any user, authorized or
unauthorized, constitutes express consent to this monitoring, interception,
recording, reading, copying, or capturing and disclosure.

IF YOU DO NOT CONSENT, LOG OFF NOW.

##################################################################
# *** This Server is using Centrify                          *** #
# *** Remember to use your Active Directory account          *** #
# ***    password when logging in                            *** #
##################################################################

14:06:41 [INF][     SSH tunnel]: SSH tunnel opened on port: 49692
14:06:44 [INF][SQL Editor Form]: Opened connection 'hive metadata PROD' to MySQL Community Server (GPL) version 5.6.48
14:06:46 [INF][        WQE.net]: Launching SQL IDE
14:06:49 [INF][        WQE.net]: SQL IDE UI is ready
-----

thank you.

How to repeat:
Workbench access was ok prior to Centrify MFA on unix box.

Workbench access not ok after Centrify MFA implemented on same unix box.

Note the Unix box was already using Centrify before, and it's only when MFA was introduced that logging in from Workbench is not working anymore due to the missing prompt for 2nd password.
[6 Jul 2021 23:37] MySQL Verification Team 
Thank you for the bug report. Are you able to connect with the mysql client and ssh ? or just WorkBench has this problem?. Thansk.
[7 Jul 2021 17:39] Maria Amador 
only Workbench (am on Windows 10) has the problem.   I am able to connect to the same unix server via client SSH (putty,mobaxterm,gitbash) and Filezilla (with interactive login selected via Site Mgr option), with Centrify MFA.   Accessing MySQL from within the unix server is also OK.
thanks.
[27 Oct 2021 13:21] MySQL Verification Team 
Hello Maria Amador,

Thank you for the bug report.
MySQL 8.0.27 and higher includes support for multi-factor authentication hence please upgrade to latest version and report us back if you are still facing the issue. For more info please see https://dev.mysql.com/doc/refman/8.0/en/multifactor-authentication.html 

Regards,
Ashwini Patil
[28 Nov 2021 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[21 Dec 2021 14:49] Maria Amador 
upgraded Workbench to 8.0.27 build 1228725 BUT the problem persists.  The upgrade made no difference at all.
[27 Apr 2022 12:58] MySQL Verification Team 
Hello Maria Amador,

Thank you for the feedback.
Could you please provide the steps on how you enabled MFA in windows?

Regards,
Ashwini Patil
[28 May 2022 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".