Description:
MySQL workbench provides the option to connect over ssh.
That's really good.
This allows access to remotely accessible servers.
However access to the remote servers does not seem to take into account my local ~/.ssh/config settings or allow me to use a [remote] defaults-file to configure access to the MySQL server.
How to repeat:
I access many servers (from the shell) via ssh and my key is used to give me direct access to them. However many servers are not accessible directly but indirectly making use of the ~/.ssh/config settings such as:
Host remote-mysql-server
ProxyCommand ssh -q intermediate-unix-server nc %h %p
This allows me using the shell on Linux, UNIX or Mac to do:
[myuser@mypc ~]$ ssh remote-mysql-server
Last login: Mon Dec 30 16:37:15 2013 from intermediate-unix-server
[myuser@remote-mysql-server ~]$
MySQL workbench allows me to specify the location of my ssh key, it does not seem to take into account my ~/.ssh/config settings and so I can not reach the remote server I want to reach.
It would be nice if this functionality would be added as in many cases I try to prevent giving SUPER type access to remote users where possible, and force this access to be done locally (via ssh).
I would also like to be able to specify the credentials via a defaults-file rather than specifying details explicitly. That is do the equivalent of mysql --defaults-file=/path/to/.my.cnf. This can be convenient and ensures the password is not visible from a command line. MySQL workbench does not allow me to do that. If accessing a remote MySQL server it may be you can not directly use the remote defaults file but it would be nice if this could be specified, including that access to it might require sudo. Doing this would mean that access to credentials would be controlled on the MySQL server (as local access) and no credentials need to actually be stored in MySQL workbench.
I'd expect some sort of option like:
(a) use remote defaults-file (y/n)
(b) provide path to defaults-file: .....
(c) use sudo to access content of remote defaults-file (y/n)
So while these use cases may be unusual it would be most convenient for accessing several systems which currently are not reachable without opening grants more widely than done in my current environment.
Suggested fix:
see above.
FR1: allow tunnelling information to be provided, or use _exisiting_ configuration files to avoid configuration duplication
FR2: permit the use of a local defaults-file, or a remote defaults-file (reachable by ssh), both of which may need to be accessible via sudo.
Description: MySQL workbench provides the option to connect over ssh. That's really good. This allows access to remotely accessible servers. However access to the remote servers does not seem to take into account my local ~/.ssh/config settings or allow me to use a [remote] defaults-file to configure access to the MySQL server. How to repeat: I access many servers (from the shell) via ssh and my key is used to give me direct access to them. However many servers are not accessible directly but indirectly making use of the ~/.ssh/config settings such as: Host remote-mysql-server ProxyCommand ssh -q intermediate-unix-server nc %h %p This allows me using the shell on Linux, UNIX or Mac to do: [myuser@mypc ~]$ ssh remote-mysql-server Last login: Mon Dec 30 16:37:15 2013 from intermediate-unix-server [myuser@remote-mysql-server ~]$ MySQL workbench allows me to specify the location of my ssh key, it does not seem to take into account my ~/.ssh/config settings and so I can not reach the remote server I want to reach. It would be nice if this functionality would be added as in many cases I try to prevent giving SUPER type access to remote users where possible, and force this access to be done locally (via ssh). I would also like to be able to specify the credentials via a defaults-file rather than specifying details explicitly. That is do the equivalent of mysql --defaults-file=/path/to/.my.cnf. This can be convenient and ensures the password is not visible from a command line. MySQL workbench does not allow me to do that. If accessing a remote MySQL server it may be you can not directly use the remote defaults file but it would be nice if this could be specified, including that access to it might require sudo. Doing this would mean that access to credentials would be controlled on the MySQL server (as local access) and no credentials need to actually be stored in MySQL workbench. I'd expect some sort of option like: (a) use remote defaults-file (y/n) (b) provide path to defaults-file: ..... (c) use sudo to access content of remote defaults-file (y/n) So while these use cases may be unusual it would be most convenient for accessing several systems which currently are not reachable without opening grants more widely than done in my current environment. Suggested fix: see above. FR1: allow tunnelling information to be provided, or use _exisiting_ configuration files to avoid configuration duplication FR2: permit the use of a local defaults-file, or a remote defaults-file (reachable by ssh), both of which may need to be accessible via sudo.