Bug #58091 Cannot change ssh host key
Submitted: 9 Nov 2010 19:38 Modified: 13 May 2014 22:56
Reporter: Jake Bishop Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Workbench: Administration Severity:S2 (Serious)
Version:5.2.29 OS:Windows
Assigned to: Assigned Account CPU Architecture:Any

[9 Nov 2010 19:38] Jake Bishop 
Description:
After rebuilding our mysql server we can nolonger connect to mysql using the workbench. While trying to connect an error dialog appears with the message:

Error connection to ssh tunnel:host key for server xxx.xxx.xxx.xxx does not match

How to repeat:
rebuild server with same ip address etc and try to connect via ssh

Suggested fix:
prompt for deletion of the stored ssh key if it does not match
[1 Dec 2010 12:22] Maksym Yehorov 
Just to clarify. Are you able to change key file name in server instance settings?
[1 Dec 2010 13:09] Jake Bishop 
I cant change the key file in the settings because it is retrieved automatically from the server.
[1 Dec 2010 13:10] Jake Bishop 
There just needs to be a way to accept the new key (with a warning that you are doing it). Like putty etc does it.
[1 Dec 2010 13:31] Maksym Yehorov 
Do you mean host fingerprint, or SSH RSA/DSA public/private key?
[1 Dec 2010 13:42] Jake Bishop 
ooh now you're asking... ;)

to be honest i'm not sure. i think its the fingerprint (because we do not select a public key file in the settings). 

Basically the first time we connected via ssh it asked us if we want to accept some sort of key. Now the server was rebuilt and when we try to connect it says the keys dont match.
[1 Dec 2010 14:21] Maksym Yehorov 
Currently we do not store ssh host keys, it will be added.
To fix your issue, try to find file named known_hosts and remove line with old key.
[1 Dec 2010 14:54] Jake Bishop 
I'm on windows. Any idea where i might find the known_hosts file. It doesn't seem to appear anywhere when searching.
[1 Dec 2010 14:54] Jake Bishop 
I'm on windows. Any idea where i might find the known_hosts file. It doesn't seem to appear anywhere when searching.
[24 May 2011 15:48] Maksym Yehorov 
Jake,

do you use other ssh tools to connect to the server in question?

As I said we do not store ssh server fingerprints, Workbench only loads them from a given file, on linux/unix it is usually ~/.ssh/known_hosts, and I am not sure where on windows the file is and how it is named.

You may need to modify some Workbench files to helps us track down the problem.
Is it ok for you?
[24 May 2011 17:45] Jake Bishop 
I'm now using a mac, so i cant really help anymore. sorry.
It would be nice if it can just catch the error if the host key does not match and prompt to re-write it if you want. This is what quite a few other SSH programs do (eg winSCP).
[15 Sep 2011 13:16] Scott Emick 
I just had the same problem.  Find known_hosts, on Windows 2008 R2 server, it is located at %userprofile%\.ssh\known_hosts.  Remove the entry for the server whose fingerprint has changed.  Now you're good to go.
[30 May 2012 8:02] Christian Kopp 
This problem is still not fixed in version 5.2.40, even on Mac OS X. When trying to make a connection through a ssh tunnel and the ssh host has a new host key, it is not possible to accept the the new key for the ssh part of the connection or delete the old key. Where are the hosts keys for MySQL Workbench stored? AFAIK not in the system files (known_hosts) on a Mac OS X system, the ssh command line client is working fine without any warning...
[13 May 2014 22:56] Philip Olson 
Fixed as of the upcoming MySQL Workbench 6.1.6 release, and here's the changelog entry:

---
MySQL Workbench now shows a SSH fingerprint dialog box when connecting to an
SSH server, to notify you when the fingerprint does not correspond to the
fingerprint stored (in "known_hosts") for that particular server.
---

The documentation was also updated to reflect this information.

Thank you for the bug report.