Bug #49418 SSH keys with passphrases not usable
Submitted: 3 Dec 2009 20:35 Modified: 5 Feb 2010 16:08
Reporter: Kolbe Kegel Email Updates:
Status: Closed Impact on me:
Category:MySQL Workbench: Administration Severity:S2 (Serious)
Version:5.2.10 4686 OS:Mac OS X
Assigned to: Maksym Yehorov CPU Architecture:Any

[3 Dec 2009 20:35] Kolbe Kegel
It seems that WB does not support SSH keys that require passphrases. Whether this is by design or not, it is highly problematic, as SSH keys without passphrases pose a serious security risk.

Test Connection fails with this message: "Could not connect SSH tunnel: ERROR Authentication failed.".

The failure occurs whether or not an SSH Agent is running with this key added.

How to repeat:
1) New Connection
2) Connection Method: Standard TCP/IP over SSH
3) Enter user & host details
4) Enter path to a passphrase-protected SSH key
5) Hit Test Connection

Console messages:

2009-12-03 12:32:47	[0x0-0x1af1af].com.sun.MySQLWorkbench[8115]	6149 INFO Connecting to SSH server at remote:22...
2009-12-03 12:32:47	[0x0-0x1af1af].com.sun.MySQLWorkbench[8115]	6149 ERROR Failed to connect to remote:22: AuthenticationException('Authentication failed.',)

Suggested fix:
WB should utilize key file in such a way that the SSH Agent, if one is running, can be used. User should be prompted for passphrase if the selected key has not been added to an SSH agent.
[15 Dec 2009 12:15] Maksym Yehorov
Fixed. WB asks for password to unlock keys now.
[27 Jan 2010 21:04] Maksym Yehorov
[29 Jan 2010 22:41] Johannes Taxacher
fix confirmed. will be included in 5.2.16
[5 Feb 2010 16:08] Tony Bedford
An entry has been added to the 5.2.16 changelog:

MySQL Workbench did not support SSH keys that required a passphrase to be entered.