Bug #49418 SSH keys with passphrases not usable
Submitted: 3 Dec 2009 20:35 Modified: 5 Feb 2010 16:08
Reporter: Kolbe Kegel Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Workbench: Administration Severity:S2 (Serious)
Version:5.2.10 4686 OS:Mac OS X
Assigned to: Maksym Yehorov CPU Architecture:Any

[3 Dec 2009 20:35] Kolbe Kegel
Description:
It seems that WB does not support SSH keys that require passphrases. Whether this is by design or not, it is highly problematic, as SSH keys without passphrases pose a serious security risk.

Test Connection fails with this message: "Could not connect SSH tunnel: ERROR Authentication failed.".

The failure occurs whether or not an SSH Agent is running with this key added.

How to repeat:
1) New Connection
2) Connection Method: Standard TCP/IP over SSH
3) Enter user & host details
4) Enter path to a passphrase-protected SSH key
5) Hit Test Connection

Console messages:

2009-12-03 12:32:47	[0x0-0x1af1af].com.sun.MySQLWorkbench[8115]	6149 INFO Connecting to SSH server at remote:22...
2009-12-03 12:32:47	[0x0-0x1af1af].com.sun.MySQLWorkbench[8115]	6149 ERROR Failed to connect to remote:22: AuthenticationException('Authentication failed.',)

Suggested fix:
WB should utilize key file in such a way that the SSH Agent, if one is running, can be used. User should be prompted for passphrase if the selected key has not been added to an SSH agent.
[15 Dec 2009 12:15] Maksym Yehorov
Fixed. WB asks for password to unlock keys now.
[27 Jan 2010 21:04] Maksym Yehorov
Fixed
[29 Jan 2010 22:41] Johannes Taxacher
fix confirmed. will be included in 5.2.16
[5 Feb 2010 16:08] Tony Bedford
An entry has been added to the 5.2.16 changelog:

MySQL Workbench did not support SSH keys that required a passphrase to be entered.