Dialog for verifying the host key over SSH

I think it would be useful to create a dialog for verifying ssh host.

Right now if host key is not present in local cache, SSH connection will fail silently. I think HeidiSQL uses plink -batch option for that.

It would be cool if HeidiSQL could parse warning and show dialog what to do.

I'm using HeidiSQL on linux and every time I'm connecting to new host i need to remember to connect to my server using plink over wine first. This is a bit annoying.

Yes, this is issue #2902. Only that's a horrifying issue to solve. But yes, this is surely a problem.

Please test r4736 - works here without getting the "accept key" dialog. But not yet tested on Wine.

Ah, the -batch option in plink does not provide a way to silence the "accept key" dialog, it just does not ask and fails if you don't have accepted the key yet.

does NOT work on my XP SP3 - with a session of type 'ssh tunnel', always shows an alert:
PLink exited unexpected. Command line was: /C echo y|"C:\Programme\Remote\PuTTy\plink.exe" -ssh falch@bsi-netz.de -N -L 3307:127.0.0.1:3306
and does not connect.
NB: a) the server´s key is already cached in registry;
b) i´m using an alternate command processor, (tcc.exe from JPSoft.com), and %COMSPEC% is correctly set to point to it.

NB executing
%COMSPEC% /C echo y|"C:\Programme\Remote\PuTTy\plink.exe" -ssh falch@bsi-netz.de -N -L 3307:127.0.0.1:3306
will invoke plink Ok, show Using username ... and builds the tunnel.

r4738 now uses the path of your COMSPEC environment variable. Please try again.

error message prefix has changed: now it´s
could not execute PLink:
/C ...

otherwise unchanged, sorry.

PS: could you not check for the existence of a cached host key fingerprint, and use the "%COMSPEC% /C echo y|" method only if there is none for the current host ? They live in the registry at HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys.

You mean, that "echo y | plink ..." interrupts plink.exe in some way? But why does that then work here with an uncached and a cached key?

"echo y|plink ..." does indeed completely interrupt plink.exe insofar as it is not executed -> no connect.
The new message prefix "Could not execute PLink:" seems to indicate to me a failure in CreateProcess (or whatever you are using).

"why does that then work here" ? Sorry, I have no idea. I only can assume that it might be related to my command processor tcc, which in around 10 years has to be proven to be otherwise completely compatible with cmd.exe, including calls from CreateProcess().
Possibly the "execute PLink" error code might help...

I fear I have to parse stdout and stderror, and send input to stdin for the plink process. If only that was better documented. It's quite complicated and such code looks very old-style, pointers left and right.

That´s quite tough, I agree. I think I remember a JEDI component that does this; unfortunately, I do not have access to my development environment before friday...

I think accepting all hosts is not a good idea. You are vulnerable for man in the middle attack.

I think to do this properly you need to choose on of:

1. In 'createprocess' pipe to stdin, stdout, stderr and parse whats there - if warning present, show dialog to user with options to accept or deny host. I saw few examples for that in delphi I can post them later here.

2. Use some library for creating ssh connection, which will give you mode options for error handling and configuration. This would potentially be a big task but maybe its a good idea to get rid of plink dependency anyway.

Your second idea is not new, I also thought about including some SSH library to build into Heidi. But I could not find a single one which is compatible to the GPL library. All of those I found were commercial. So I'll stick to plink.exe for now. Which is not the baddest idea, as plink/putty is very popular in the world of free software. Parsing input and sending output of/to a process could only be better documented. Feel free to send code snippets here.

For 1.: http://forum.codecall.net/topic/72472-execute-a-console-program-and-capture-its-output/
Here autor is waiting to process to finish instead we should:
do {
sleep for some time

}

Ignore prev post ...

For 1.: http://forum.codecall.net/topic/72472-execute-a-console-program-and-capture-its-output/
Here autor is waiting to process to finish instead we should:
do {
sleep for some time
check if there is some more data in stdout, copy it to local buffer
slit buffer by new lines
} while (lastChar is not ')' or '>')

or something similar :)

for 2. i found http://wiki.freepascal.org/Synapse#SSH.2FTelnet_client_sample_program
I'm not sure about licenses tho. And for a quick fix first approach seems to be easier.

I could try to implement this later but I need get my hands on legit delphi copy. Probably i could download a trial from shomewere. I haven't coded in pascal for ages but it can be fun

I have checked at least 4 example snippets from some forum and stackoverflow, and none of them worked here. Always access violations or empty output or whatever.

What about using CreateProcess() to run plink.exe in a visible console window? Heidi would still be able to control (exit) the process, only the wait timeout is difficult, as I would not knew whether plink is waiting for a server response or waits for user input ("store key in cache? (y/n)"). If it runs into a network timeout after 30 seconds there is surely an exitcode I can parse, but what about the point where the user has hit "y"?

I have found a very promising unit which does all the process stuff, including a confirmation dialog for the "store in cache" question: http://www.delphipraxis.net/70989-komponente-fuer-ssh-verbindung-6.html

Yeah, this is exactly what i meant :)

I downloaded delphi trial, but installation takes ages ...
I got several warnings about unit - i don't know how to resolve those, but since you already fixed the issue I'm not going to investigate it further.

I have not yet committed, and I'm not yet happy with the code. But I am on the way to adapt that from different code examples into Heidi's connection layer.