distal-attribute
distal-attribute
distal-attribute
distal-attribute

Dialog for verifying the host key over SSH

User, date Message
Written by KrotkiMoney, Euro
4 months ago
Category: Feature discussion
6 posts since Wed, 19 Mar 14
I think it would be useful to create a dialog for verifying ssh host.

Right now if host key is not present in local cache, SSH connection will fail silently. I think HeidiSQL uses plink -batch option for that.

It would be cool if HeidiSQL could parse warning and show dialog what to do.

I'm using HeidiSQL on linux and every time I'm connecting to new host i need to remember to connect to my server using plink over wine first. This is a bit annoying.
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
Yes, this is issue #2902. Only that's a horrifying issue to solve. But yes, this is surely a problem.
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
Please test r4736 - works here without getting the "accept key" dialog. But not yet tested on Wine.
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
Ah, the -batch option in plink does not provide a way to silence the "accept key" dialog, it just does not ask and fails if you don't have accepted the key yet.
Written by jfalchMoney, Euro
4 months ago
380 posts since Sat, 17 Oct 09
does NOT work on my XP SP3 - with a session of type 'ssh tunnel', always shows an alert:
PLink exited unexpected. Command line was: /C echo y|"C:\Programme\Remote\PuTTy\plink.exe" -ssh falch@bsi-netz.de -N -L 3307:127.0.0.1:3306
and does not connect.
NB: a) the server´s key is already cached in registry;
b) i´m using an alternate command processor, (tcc.exe from JPSoft.com), and %COMSPEC% is correctly set to point to it.
Written by jfalchMoney, Euro
4 months ago
380 posts since Sat, 17 Oct 09
NB executing
%COMSPEC% /C echo y|"C:\Programme\Remote\PuTTy\plink.exe" -ssh falch@bsi-netz.de -N -L 3307:127.0.0.1:3306
will invoke plink Ok, show Using username ... and builds the tunnel.
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
r4738 now uses the path of your COMSPEC environment variable. Please try again.
Written by jfalchMoney, Euro
4 months ago
380 posts since Sat, 17 Oct 09
error message prefix has changed: now it´s
could not execute PLink:
/C ...

otherwise unchanged, sorry.
Written by jfalchMoney, Euro
4 months ago
380 posts since Sat, 17 Oct 09
PS: could you not check for the existence of a cached host key fingerprint, and use the "%COMSPEC% /C echo y|" method only if there is none for the current host ? They live in the registry at HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys.
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
You mean, that "echo y | plink ..." interrupts plink.exe in some way? But why does that then work here with an uncached and a cached key?
Written by jfalchMoney, Euro
4 months ago
380 posts since Sat, 17 Oct 09
"echo y|plink ..." does indeed completely interrupt plink.exe insofar as it is not executed -> no connect.
The new message prefix "Could not execute PLink:" seems to indicate to me a failure in CreateProcess (or whatever you are using).

"why does that then work here" ? Sorry, I have no idea. I only can assume that it might be related to my command processor tcc, which in around 10 years has to be proven to be otherwise completely compatible with cmd.exe, including calls from CreateProcess().
Possibly the "execute PLink" error code might help...
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
I fear I have to parse stdout and stderror, and send input to stdin for the plink process. If only that was better documented. It's quite complicated and such code looks very old-style, pointers left and right.
Written by jfalchMoney, Euro
4 months ago
380 posts since Sat, 17 Oct 09
That´s quite tough, I agree. I think I remember a JEDI component that does this; unfortunately, I do not have access to my development environment before friday...
Written by KrotkiMoney, Euro
4 months ago
6 posts since Wed, 19 Mar 14
I think accepting all hosts is not a good idea. You are vulnerable for man in the middle attack.

I think to do this properly you need to choose on of:

1. In 'createprocess' pipe to stdin, stdout, stderr and parse whats there - if warning present, show dialog to user with options to accept or deny host. I saw few examples for that in delphi I can post them later here.

2. Use some library for creating ssh connection, which will give you mode options for error handling and configuration. This would potentially be a big task but maybe its a good idea to get rid of plink dependency anyway.
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
Your second idea is not new, I also thought about including some SSH library to build into Heidi. But I could not find a single one which is compatible to the GPL library. All of those I found were commercial. So I'll stick to plink.exe for now. Which is not the baddest idea, as plink/putty is very popular in the world of free software. Parsing input and sending output of/to a process could only be better documented. Feel free to send code snippets here.
Written by KrotkiMoney, Euro
4 months ago
6 posts since Wed, 19 Mar 14
For 1.: http://forum.codecall.net/topic/72472-execute-a-console-program-and-capture-its-output/
Here autor is waiting to process to finish instead we should:
do {
sleep for some time

}
Written by KrotkiMoney, Euro
4 months ago
6 posts since Wed, 19 Mar 14
Ignore prev post ...

For 1.: http://forum.codecall.net/topic/72472-execute-a-console-program-and-capture-its-output/
Here autor is waiting to process to finish instead we should:
do {
sleep for some time
check if there is some more data in stdout, copy it to local buffer
slit buffer by new lines
} while (lastChar is not ')' or '>')

or something similar :)

for 2. i found http://wiki.freepascal.org/Synapse#SSH.2FTelnet_client_sample_program
I'm not sure about licenses tho. And for a quick fix first approach seems to be easier.
Written by KrotkiMoney, Euro
4 months ago
6 posts since Wed, 19 Mar 14
I could try to implement this later but I need get my hands on legit delphi copy. Probably i could download a trial from shomewere. I haven't coded in pascal for ages but it can be funsmile
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
I have checked at least 4 example snippets from some forum and stackoverflow, and none of them worked here. Always access violations or empty output or whatever.

What about using CreateProcess() to run plink.exe in a visible console window? Heidi would still be able to control (exit) the process, only the wait timeout is difficult, as I would not knew whether plink is waiting for a server response or waits for user input ("store key in cache? (y/n)"). If it runs into a network timeout after 30 seconds there is surely an exitcode I can parse, but what about the point where the user has hit "y"?
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
I have found a very promising unit which does all the process stuff, including a confirmation dialog for the "store in cache" question: http://www.delphipraxis.net/70989-komponente-fuer-ssh-verbindung-6.html
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
Written by KrotkiMoney, Euro
4 months ago
6 posts since Wed, 19 Mar 14
Yeah, this is exactly what i meant :)

I downloaded delphi trial, but installation takes ages ...
I got several warnings about unit - i don't know how to resolve those, but since you already fixed the issue I'm not going to investigate it further.
Written by ansgar
4 months ago
4940 posts since Fri, 07 Apr 06
I have not yet committed, and I'm not yet happy with the code. But I am on the way to adapt that from different code examples into Heidi's connection layer.
 

Please login to leave a reply, or register at first.