Description:
First:
Bug #92663 does not apply!
Keys are NOT generated by putty.
All keys are in OpenSSH PEM format (ssk-keygen -t ed25519)!
RSA are working!
Ed25519 are NOT!

The connection can not established via "Standard TCP/IP over SSH" using an ed25519 key.
Only RSA keys are working.
ed25519 keys are more secure than other ssh keys and working in MySQL Workbench < 8.0.

ED25519 KEY:
Could not connect the SSH Tunnel
Access denied for 'none'. Authentication that can continue: publickey

LogFile ed25519:
11:04:24 [INF][     SSH tunnel]: Opening SSH tunnel to <IP-ADDRESS>
11:04:24 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: ForwardX11, line: 60
11:04:24 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: ForwardX11, line: 73
11:04:24 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 79
11:04:24 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 162
11:04:24 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 231
11:04:24 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 297
11:04:24 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.8.5 (c) 2003-2018 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
11:04:24 [INF][      SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 11
11:04:24 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
11:04:24 [INF][      SSHCommon]: libssh: ssh_kex_select_methods ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-rsa,aes256-ctr,aes256-ctr,hmac-sha2-256,hmac-sha2-256,none,none,,
11:04:24 [INF][      SSHCommon]: libssh: ssh_packet_dh_reply ssh_packet_dh_reply: Received SSH_KEXDH_REPLY
11:04:24 [INF][      SSHCommon]: libssh: ssh_client_curve25519_reply ssh_client_curve25519_reply: SSH_MSG_NEWKEYS sent
11:04:24 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
11:04:24 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Signature verified and valid
11:04:24 [INF][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey
11:04:24 [INF][     SSHSession]: Banner: 
11:04:24 [INF][      SSHCommon]: libssh: ssh_pki_import_privkey_base64 ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=true
11:04:24 [INF][      SSHCommon]: libssh: ssh_pki_openssh_import ssh_pki_openssh_import: Opening OpenSSH private key: ciphername: aes256-cbc, kdf: bcrypt, nkeys: 1
11:04:24 [ERR][     SSHSession]: User authentication failed.
11:04:24 [ERR][     SSH tunnel]: Authentication error opening SSH tunnel: Access denied for 'none'. Authentication that can continue: publickey

RSA KEY:
Successfully made the MySQL connection
Information related to this connection:
Host: <IP-ADDRESS>
Port: 3306
User: madmin
SSL: enabled with DHE-RSA-AES256-SHA
A successful MySQL connection was made with the parameters defined for this connection.

LogFile RSA:
11:33:03 [INF][     SSH tunnel]: Opening SSH tunnel to <IP-ADDRESS>
11:33:03 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: ForwardX11, line: 60
11:33:03 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: ForwardX11, line: 73
11:33:03 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 79
11:33:03 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 162
11:33:03 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 231
11:33:03 [INF][      SSHCommon]: libssh: ssh_config_parse_line ssh_config_parse_line: Unapplicable option: LocalForward, line: 297
11:33:03 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.8.5 (c) 2003-2018 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
11:33:03 [INF][      SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 19
11:33:03 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
11:33:03 [INF][      SSHCommon]: libssh: ssh_kex_select_methods ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-rsa,aes256-ctr,aes256-ctr,hmac-sha2-256,hmac-sha2-256,none,none,,
11:33:04 [INF][      SSHCommon]: libssh: ssh_packet_dh_reply ssh_packet_dh_reply: Received SSH_KEXDH_REPLY
11:33:04 [INF][      SSHCommon]: libssh: ssh_client_curve25519_reply ssh_client_curve25519_reply: SSH_MSG_NEWKEYS sent
11:33:04 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
11:33:04 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Signature verified and valid
11:33:04 [INF][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey
11:33:04 [INF][     SSHSession]: Banner: 
11:33:04 [INF][      SSHCommon]: libssh: ssh_pki_import_privkey_base64 ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=true
11:33:04 [INF][     SSH tunnel]: SSH tunnel opened on port: 63131

How to repeat:
How to repeat:
Generate ed25519 and use it via "Standard TCP/IP over SSH".
It will not work.

I'm still analyzing Bug #94603, because of this, we hope you add your comments to the original bug instead.

Thank you for your interest in MySQL.

regards,
Umesh

"libssh 0.8.5 (c) 2003-2018"

I just found that libssh added ecdsa and ed25519 support in version 0.9.0, which was released a month ago.

https://www.libssh.org/2019/06/28/libssh-0-9-0/

When can we expect it to make into MySQL Workbench?

Right now MySQL Workbench is the only thing keeping me from using ed25519 keys.

Oh, nevermind. It was certificate support that they added.

My inability to use an ed25519 key was because MySQL Workbench doesn't seem to deal with key passphrases. It worked after I removed passphrase from the key.

I am using windows 10 and latest MySQL Workbench (8.0.17) and I am also facing same error.

14:00:57 [INF][     SSH tunnel]: Opening SSH tunnel to <imedidata>
14:00:57 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.8.5 (c) 2003-2018 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
14:00:57 [INF][      SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 4248
14:00:57 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
14:00:58 [INF][      SSHCommon]: libssh: ssh_kex_select_methods ssh_kex_select_methods: Negotiated curve25519-sha256@libssh.org,ecdsa-sha2-nistp256,aes256-ctr,aes256-ctr,hmac-sha2-256,hmac-sha2-256,none,none,,
14:00:59 [INF][      SSHCommon]: libssh: ssh_packet_dh_reply ssh_packet_dh_reply: Received SSH_KEXDH_REPLY
14:00:59 [INF][      SSHCommon]: libssh: ssh_client_curve25519_reply ssh_client_curve25519_reply: SSH_MSG_NEWKEYS sent
14:00:59 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
14:00:59 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Signature verified and valid
14:01:00 [INF][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey
14:01:00 [INF][     SSHSession]: Banner: 
14:01:00 [INF][      SSHCommon]: libssh: ssh_pki_import_privkey_base64 ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=true
14:01:00 [INF][      SSHCommon]: libssh: ssh_pki_openssh_import ssh_pki_openssh_import: Opening OpenSSH private key: ciphername: aes256-ctr, kdf: bcrypt, nkeys: 1

14:01:00 [ERR][     SSHSession]: User authentication failed.
14:01:00 [ERR][     SSH tunnel]: Authentication error opening SSH tunnel: Access denied for 'none'. Authentication that can continue: publickey

What needs to be done?

This bug is marked as a duplicate, however I cannot find any similar bugs, that specifically relate to ed25519 keys not working with a passphrase.

Is there a fix that I have missed?

When I try and connect, using an OpenSSL generated ed25519 key I get the following error:

Could not connect the SSH Tunnel
Access denied for 'none'. Authentication that can continue: publickey, password

17:14:03 [INF][     SSH tunnel]: Existing SSH tunnel not found, opening new one
17:14:03 [INF][     SSH tunnel]: Opening SSH tunnel to [hiddendomain].co.uk:22
17:14:03 [DB2][      SSHCommon]: SSH Connection config info:
17:14:03 [DB2][      SSHCommon]: SSH bufferSize: 10240
17:14:03 [DB2][      SSHCommon]: SSH connectTimeout: 10
17:14:03 [DB2][      SSHCommon]: SSH readWriteTimeout: 5
17:14:03 [DB2][      SSHCommon]: SSH commandTimeout: 1
17:14:03 [DB2][      SSHCommon]: SSH commandRetryCount: 3
17:14:03 [DB2][      SSHCommon]: SSH optionsDir: 
17:14:03 [DB2][      SSHCommon]: SSH known hosts file: C:\Users\[hidden-user]\.ssh\known_hosts
17:14:03 [DB2][      SSHCommon]: SSH local host: 127.0.0.1
17:14:03 [DB2][      SSHCommon]: SSH local port: 0
17:14:03 [DB2][      SSHCommon]: SSH remote host: 127.0.0.1
17:14:03 [DB2][      SSHCommon]: SSH remote port: 3306
17:14:03 [DB2][      SSHCommon]: SSH remote ssh host: [hidden-domain].co.uk
17:14:03 [DB2][      SSHCommon]: SSH remote ssh port: 22
17:14:03 [DB2][      SSHCommon]: SSH strict host key check: yes
17:14:03 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.9.6 (c) 2003-2021 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
17:14:04 [INF][      SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 4272
17:14:04 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
17:14:04 [DB3][      SSHCommon]: libssh: socket_callback_connected socket_callback_connected: Socket connection callback: 1 (0)
17:14:04 [INF][      SSHCommon]: libssh: ssh_client_connection_callback ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
17:14:04 [INF][      SSHCommon]: libssh: ssh_analyze_banner ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
17:14:04 [INF][      SSHCommon]: libssh: ssh_analyze_banner ssh_analyze_banner: We are talking to an OpenSSH client version: 8.9 (80900)
17:14:04 [DB3][      SSHCommon]: libssh: ssh_known_hosts_read_entries ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
17:14:04 [INF][      SSHCommon]: libssh: ssh_kex_select_methods ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-ed25519,aes256-gcm@openssh.com,aes256-gcm@openssh.com,aead-gcm,aead-gcm,none,none,,
17:14:04 [INF][      SSHCommon]: libssh: ssh_init_rekey_state ssh_init_rekey_state: Set rekey after 4294967296 blocks
17:14:04 [INF][      SSHCommon]: libssh: ssh_init_rekey_state ssh_init_rekey_state: Set rekey after 4294967296 blocks
17:14:04 [INF][      SSHCommon]: libssh: ssh_packet_client_curve25519_reply ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent
17:14:04 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
17:14:04 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Signature verified and valid
17:14:04 [DB3][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,password
17:14:04 [INF][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,password
17:14:04 [INF][     SSHSession]: Banner: 
17:14:04 [INF][      SSHCommon]: libssh: ssh_pki_import_privkey_base64 ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=true
17:14:04 [INF][      SSHCommon]: libssh: ssh_pki_openssh_import ssh_pki_openssh_import: Opening OpenSSH private key: ciphername: aes256-ctr, kdf: bcrypt, nkeys: 1
17:14:04 [ERR][     SSHSession]: User authentication failed.
17:14:04 [ERR][     SSH tunnel]: Authentication error opening SSH tunnel: Access denied for 'none'. Authentication that can continue: publickey,password

Is there any additional information I can provide that would be helpful?

As far as i know ed25519 keys work, but only if they are not password protected.

This is still occurring. I can confirm that it still affects version 8.0.32

This report should probably not be marked duplicate as there are no other reports that talk directly about the lack of support for keys using ed25519 that also have a passphrase.
The OS for this report should also include Windows.

Any effort on this would be appreciated.

Version 8 now supports ed25519 but only if the private key is not password protected. ed25519 should also be able to be used if the private key is password protected.

This bug is still present in 8.0.34, you still cannot use a passphrase protected ed25519 ssh key

with the recent release of openssh 9.5 (https://www.openssh.com/txt/release-9.5), ed25519 keys are now the default. Anyone trying to use workbench with a passphrase protected key will encounter issues, so maybe this ticket should be increase in prority.

Coming back to this a year later, I would like to note the following things:

1. On 8.0.36 build 3737333 64bit on Windows 11, I still CANNOT use an ed25519 ssh key that has a passphrase on it.

2. As Jason mentioned, ed25519 is now the default for newer version of OpenSSH, meaning there will be an overall larger share of users who generate ed25519 keys, which means the number of users that also generate passphrase protected keys will increase. The priority of this should probably be increased.

3. As myself and others have noted, there are no tickets in the system that talk about the inability to connect with passphrase protected ed25519 keys, so this ticket SHOULD NOT be marked Duplicate. The search query I used is: https://bugs.mysql.com/search.php?search_for=ed25519&bug_type%5B%5D=MySQL+Workbench&status...   
Of the two tickets that ARE linked on this one, #92663 is in no way relevant, and #94603 is not visible to check if it is a duplicate.

This is getting to be frustrating. The solution shouldn't be to "just use" an RSA key or use an unprotected ed25519 key.

Hi Folks

Just a little Push since we are also affected by this. And i think it would be great AND a neccesesity that the Default (ed25519 ) Key is supported with Password (which should be common to use it with)

Best Regards

My ticket was closed as duplicate: https://bugs.mysql.com/bug.php?id=113441
but the ticket it duplicates is private: https://bugs.mysql.com/bug.php?id=94603. Does anyone know what progress has been made on this issue?