I think it would be useful to create a dialog for verifying ssh host.
Right now if host key is not present in local cache, SSH connection will fail silently. I think HeidiSQL uses plink -batch option for that.
It would be cool if HeidiSQL could parse warning and show dialog what to do.
I'm using HeidiSQL on linux and every time I'm connecting to new host i need to remember to connect to my server using plink over wine first. This is a bit annoying.
Dialog for verifying the host key over SSH
Yes, this is issue #2902. Only that's a horrifying issue to solve. But yes, this is surely a problem.
does NOT work on my XP SP3 - with a session of type 'ssh tunnel', always shows an alert:
PLink exited unexpected. Command line was: /C echo y|"C:\Programme\Remote\PuTTy\plink.exe" -ssh falch@bsi-netz.de -N -L 3307:127.0.0.1:3306
and does not connect.
NB: a) the server´s key is already cached in registry;
b) i´m using an alternate command processor, (tcc.exe from JPSoft.com), and %COMSPEC% is correctly set to point to it.
PLink exited unexpected. Command line was: /C echo y|"C:\Programme\Remote\PuTTy\plink.exe" -ssh falch@bsi-netz.de -N -L 3307:127.0.0.1:3306
and does not connect.
NB: a) the server´s key is already cached in registry;
b) i´m using an alternate command processor, (tcc.exe from JPSoft.com), and %COMSPEC% is correctly set to point to it.
Code modification/commit
from ansgar.becker,
10 years ago,
revision 8.3.0.4738
Get path to cmd.exe via COMSPEC environment variable. See http://www.heidisql.com/forum.php?t=15206
"echo y|plink ..." does indeed completely interrupt plink.exe insofar as it is not executed -> no connect.
The new message prefix "Could not execute PLink:" seems to indicate to me a failure in CreateProcess (or whatever you are using).
"why does that then work here" ? Sorry, I have no idea. I only can assume that it might be related to my command processor tcc, which in around 10 years has to be proven to be otherwise completely compatible with cmd.exe, including calls from CreateProcess().
Possibly the "execute PLink" error code might help...
The new message prefix "Could not execute PLink:" seems to indicate to me a failure in CreateProcess (or whatever you are using).
"why does that then work here" ? Sorry, I have no idea. I only can assume that it might be related to my command processor tcc, which in around 10 years has to be proven to be otherwise completely compatible with cmd.exe, including calls from CreateProcess().
Possibly the "execute PLink" error code might help...
I think accepting all hosts is not a good idea. You are vulnerable for man in the middle attack.
I think to do this properly you need to choose on of:
1. In 'createprocess' pipe to stdin, stdout, stderr and parse whats there - if warning present, show dialog to user with options to accept or deny host. I saw few examples for that in delphi I can post them later here.
2. Use some library for creating ssh connection, which will give you mode options for error handling and configuration. This would potentially be a big task but maybe its a good idea to get rid of plink dependency anyway.
I think to do this properly you need to choose on of:
1. In 'createprocess' pipe to stdin, stdout, stderr and parse whats there - if warning present, show dialog to user with options to accept or deny host. I saw few examples for that in delphi I can post them later here.
2. Use some library for creating ssh connection, which will give you mode options for error handling and configuration. This would potentially be a big task but maybe its a good idea to get rid of plink dependency anyway.
Your second idea is not new, I also thought about including some SSH library to build into Heidi. But I could not find a single one which is compatible to the GPL library. All of those I found were commercial. So I'll stick to plink.exe for now. Which is not the baddest idea, as plink/putty is very popular in the world of free software. Parsing input and sending output of/to a process could only be better documented. Feel free to send code snippets here.
For 1.: http://forum.codecall.net/topic/72472-execute-a-console-program-and-capture-its-output/
Here autor is waiting to process to finish instead we should:
do {
sleep for some time
}
Here autor is waiting to process to finish instead we should:
do {
sleep for some time
}
Ignore prev post ...
For 1.: http://forum.codecall.net/topic/72472-execute-a-console-program-and-capture-its-output/
Here autor is waiting to process to finish instead we should:
do {
sleep for some time
check if there is some more data in stdout, copy it to local buffer
slit buffer by new lines
} while (lastChar is not ')' or '>')
or something similar :)
for 2. i found http://wiki.freepascal.org/Synapse#SSH.2FTelnet_client_sample_program
I'm not sure about licenses tho. And for a quick fix first approach seems to be easier.
For 1.: http://forum.codecall.net/topic/72472-execute-a-console-program-and-capture-its-output/
Here autor is waiting to process to finish instead we should:
do {
sleep for some time
check if there is some more data in stdout, copy it to local buffer
slit buffer by new lines
} while (lastChar is not ')' or '>')
or something similar :)
for 2. i found http://wiki.freepascal.org/Synapse#SSH.2FTelnet_client_sample_program
I'm not sure about licenses tho. And for a quick fix first approach seems to be easier.
I have checked at least 4 example snippets from some forum and stackoverflow, and none of them worked here. Always access violations or empty output or whatever.
What about using CreateProcess() to run plink.exe in a visible console window? Heidi would still be able to control (exit) the process, only the wait timeout is difficult, as I would not knew whether plink is waiting for a server response or waits for user input ("store key in cache? (y/n)"). If it runs into a network timeout after 30 seconds there is surely an exitcode I can parse, but what about the point where the user has hit "y"?
What about using CreateProcess() to run plink.exe in a visible console window? Heidi would still be able to control (exit) the process, only the wait timeout is difficult, as I would not knew whether plink is waiting for a server response or waits for user input ("store key in cache? (y/n)"). If it runs into a network timeout after 30 seconds there is surely an exitcode I can parse, but what about the point where the user has hit "y"?
I have found a very promising unit which does all the process stuff, including a confirmation dialog for the "store in cache" question: http://www.delphipraxis.net/70989-komponente-fuer-ssh-verbindung-6.html
Code modification/commit
from ansgar.becker,
10 years ago,
revision 8.3.0.4739
Add Plinkremote unit as a preparation for a better integration of plink.exe into our SSH tunnel.
See
* http://www.delphipraxis.net/70989-komponente-fuer-ssh-verbindung-6.html
* http://www.heidisql.com/forum.php?t=15206
* issue #2902
Please login to leave a reply, or register at first.