Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH tunnel does not prompt to store host key in local cache #639

Closed
dejury opened this issue May 5, 2019 · 15 comments

Comments

Projects
None yet
4 participants
@dejury
Copy link

commented May 5, 2019

Steps to reproduce this issue

  1. Set up an SSH tunnel inside HeidiSQL with PLINK or Kitty
  2. Try to connect. It gives an error. For plink it gives the error from the screenshot. I mostly use Kitty to tunnel, then it gives: unknown option -batch

Naamloos

Current behavior

Gives an error.

Expected behavior

Should just connect to the SSH.

Environment

Windows 10

  • HeidiSQL version:
    10.1.0.5552 64 bit
  • Operating system:
    Windows 10
@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented May 5, 2019

I never added support for Kitty, so please use the current version of plink. It may be that the older versions of plink also give that error, but you should update that anyway, due to security issues. Please report back if that fixes the issue.

@dejury

This comment has been minimized.

Copy link
Author

commented May 5, 2019

The error shown in the screenshot is the most recent version of plink.exe 64 bit. Downloaded from the page suggested in HeidiSQL.

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented May 5, 2019

Ok, I overread that you were using plink which then gives the error from your screenshot. However, that -batch parameter is probably unsupported by Kitty.

For debugging why that plink process exits unexpectedly, please fire it in a separate command line window, and post here what happens.

@dejury

This comment has been minimized.

Copy link
Author

commented May 6, 2019

On my work PC it is working with plink, so sorry for bothering you. Though it is strange, I used kitty before on my Work PC to connect and that worked until some of the latest nightly builds...

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented May 6, 2019

Well if Kitty does not support that -batch parameter, then this might be the reason. However, you could look at what the prompt tells you when you fire the command yourself. That way we can dive deeper into the issue.

@shuigenhe

This comment has been minimized.

Copy link

commented May 7, 2019

Well if Kitty does not support that -batch parameter, then this might be the reason. However, you could look at what the prompt tells you when you fire the command yourself. That way we can dive deeper into the issue.

这个错误,应该是plink.exe 的 -batch 选项引起的。

-batch disable all interactive prompts

1、在SSH连接时,需要使用hostkey。hostkey需要保存到注册表。
2、如果在注册表,没有找到hostkey。使用/不使用 -batch 选项,会有不同影响。
2-1:不使用 -batch,plink会提示是否保存hostkey。

C:\Program Files\PuTTY>plink.exe -ssh username@192.168.1.101 -pw "******" -P 22 -N -L 3309:192.168.1.102:3306

The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 e0:bd:2d:86:d5:0d:98:fb:fd:e5:f4:b9:cc:97:14:42
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)

2-2:使用 -batch,在注册表没有hostkey时,会直接退出plink。

C:\Program Files\PuTTY>plink.exe -ssh -batch username@192.168.1.101 -pw "******" -P 22 -N -L 3309:192.168.1.102:3306

The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 e0:bd:2d:86:d5:0d:98:fb:fd:e5:f4:b9:cc:97:14:42
Connection abandoned.

3、以上信息请参考,谢谢。

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented May 7, 2019

@shuigenhe does your comment mean that -ssh -batch is causing an abandoned connection, while -ssh and -batch alone work? My Chinese is a bit rusty... :)

@dejury

This comment has been minimized.

Copy link
Author

commented May 7, 2019

Well if Kitty does not support that -batch parameter, then this might be the reason. However, you could look at what the prompt tells you when you fire the command yourself. That way we can dive deeper into the issue.

But why did it change? I did not update Kitty at all. Then something inside HeidiSQL must have been changed which changes this option.

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented May 7, 2019

See issue #521 for a discussion on these plink parameters.

@shuigenhe

This comment has been minimized.

Copy link

commented May 8, 2019

@shuigenhe does your comment mean that -ssh -batch is causing an abandoned connection, while -ssh and -batch alone work? My Chinese is a bit rusty... :)

启用 -batch 选项,第一次通过ssh连接数据库时,不会出现下面的确认界面,因为 -batch 禁用了所有plink.exe的提示。

999

@vbojan

This comment has been minimized.

Copy link

commented May 15, 2019

I confirm that this is caused when a server signature is missing or doesn't match the stored one and HeidiSQL v10.1.0.5565 (and a few previous builds) will show the error dialog like in the 1st post.

What older versions (like 10.1.0.5464) used to do in this case was to show a confirmation dialog allowing to store new server fingerprint into registry as shown in the previous post.

This is what plink returns in this scenario:
"The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
..."

To replicate the issue simply delete related server fingerprint from the registry (HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys) and try to connect to that server.

@ansgarbecker ansgarbecker added bug confirmed and removed needs-info labels May 15, 2019

@ansgarbecker ansgarbecker added this to the v10.2 milestone May 15, 2019

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented May 15, 2019

That's it - the message for a non-cached key previously was a prompt, waiting for user input. The -batch parameter turns that prompt consistently into a non-prompt, and just exits with "Connection abandoned".

I will remove that -batch parameter again.

@ansgarbecker ansgarbecker changed the title SSH tunnel doesn't work since one of the latest nightly builds SSH tunnel does not prompt to store host key in local cache May 15, 2019

@dejury

This comment has been minimized.

Copy link
Author

commented May 15, 2019

Cool! Confirmed this change works :) Thanks a lot!

@shuigenhe

This comment has been minimized.

Copy link

commented May 17, 2019

非常感谢!

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented May 17, 2019

You're welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.