Bug #50131 SSH tunnel don't work using non standard port
Submitted: 7 Jan 2010 10:12 Modified: 8 Jan 2010 12:04
Reporter: Jonathan DELIZY Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Workbench Severity:S3 (Non-critical)
Version:5.2.11 OS:Linux (Official Ubuntu 9.10 x86_64 build from mysql.com)
Assigned to: CPU Architecture:Any
Tags: ssh, tunnel, workbench

[7 Jan 2010 10:12] Jonathan DELIZY 
Description:
I'm trying to connect to a remote database through an SSH tunnel.
On the public IP used, there is too port used for SSH :
22 is used for the firewall SSH daemon
22022 is redirected to an host on the remote LAN.

I'm trying to connect through SSH on port 22022 since this host give me access to the DB LAN that is not accessible from the firewall.

  FW       -->       HOST A       -->       HOST B
PUB IP & LAN A  LAN A & LAN B           LAN B
SSH 22          SSH 22022 FROM PUB IP   MYSQL 3306

Under Mysql Workbench, I've created a connection with the following settings :
Connection method : standard tcp/ip over SSH
ssh hostname : 123.456.789.123:22022
ssh username : my_user
mysql hostname : host_B_IP
mysql server port : 3306

Trying to connect with this settings failed with the message :

Could not connect SSH tunnel: ERROR Host key for server 123.456.789.123 does not match!

Creating the same tunnel using the ssh command works like a charm:
ssh my_user@123.456.789.123 -p22022 -L 3306:host_B_IP:3306

Don't know if this is caused by having two different SSH daemon listening on 22 and 22022.

How to repeat:
Create an new connection with previously mentioned settings and try to connect.
[7 Jan 2010 12:04] Johannes Taxacher 
the "Could not connect SSH tunnel: ERROR Host key for server 123.456.789.123 does not match!" sounds like ssh client refuses to connect because he's getting a different server key (because 22022 is actually forwarded to another machine).
only explaination for me would be that paramiko doesn't use the common known_hosts file and has the key of your FW saved for the connection (maybe from a previous/first connection test) and therefore it refuses now to connect to the same hostname (but actually another sshserver with a differnt key).

maybe you can try to remove the offending key fom your known_hosts file and try to connect again to be sure the wrong key is not in there (but as you say that connecting via cmd-line works would imply that theres the right host key already in known_hosts file)
[7 Jan 2010 12:20] Jonathan DELIZY 
I've tried removing ~/.ssh/known_hosts before reporting this bug and it changed nothing.

Reading your reply, I remembered about a previous utilization of Workbench so I deleted ~/mysql/workbench

Now it works.

Perhaps the error message could simply be completed to inform which file to edit to remove the offending key.

Thanks for your help.
[8 Jan 2010 12:04] Susanne Ebrecht 
Many thanks to writing a bug report.

Unfortunately, we can't do much here.

The workaround you gave above is the only solution.

I will set this to "not a bug".