Bug #64535 SSH Key File assumed to have no password
Submitted: 3 Mar 2012 16:08 Modified: 7 Apr 2012 22:34
Reporter: Dennis Wallace Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Workbench Severity:S2 (Serious)
Version:5.2.37 CE Rev 8576 OS:Windows
Assigned to: CPU Architecture:Any
Tags: ssh, SSH tunnel

[3 Mar 2012 16:08] Dennis Wallace 
Description:
When attempting to connect to a server via an SSH tunnel that uses an SSH Key File, the password is assumed to be empty.  If the private key file has a password, it causes all connections using that private key to fail.

How to repeat:
CREATE CERTS:
Create a new private/public key set using a new, distinct, non-empty password

ON SERVER:
Set up server to accept incoming ssh connections using certificate authentication
Set up new user with a new, distinct,non-empty password
Save the public key to the authorized SSH store for the new user (~/.ssh/authorized_keys)
Verify certificate authentication works for the user (does not require password when SSH is done)

IN WORKBENCH (remote machine):
Create a new connection with the following parameters:
Connection Method: Standard TCP/IP over SSH
SSH Hostname: <host>
SSH Username: <test account username>
SSH Key File: <point to private key file>
MySQL Hostname: localhost
MySQL Server Port: 3306
Username: <mysql admin username>
Click "Test Connection".  Connection fails with "Can't connect to MySQL server on '127.0.01' (10061)"

Click the "SSH Password: Store in Vault" button, and enter the Private Key password
Click "Test Connection".  Connection fails with "Can't connect to MySQL server on '127.0.01' (10061)"

Click the Clear the SSH Key File
Click "Test Connection".  Connection connects and requests database user password.

Suggested fix:
Add SSH Key File Password option on the setup screen.
When opening the connection:
  Decrypt the key file using the password (if given)
  If no password is entered and connection fails, request a key password
[3 Mar 2012 16:09] Dennis Wallace 
Please note - I am using Windows, so all key files are generated using PuTTYGen.  Have not tested private key generation using other utilities.
[3 Mar 2012 16:09] Dennis Wallace 
Please note - I am using Windows, so all key files are generated using PuTTYGen.  Have not tested private key generation using other utilities.
[7 Mar 2012 22:34] Alfredo Kojima 
The format of SSH keys used by Workbench is OpenSSH, not the one used by putty.
You must export your puttygen keys to OpenSSH format to use them with WB.
[8 Apr 2012 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".