Fixed Bug: Connecting through SSH Tunnel Using Plink

anthonycl posted 7 months ago in Creating a connection
I believe I found a potential bug fix, perhaps this is already known. I have always never been able to use the SSH tunnel because I was getting localhost connection errors. After further diagnostic, I discovered its because I never used Plink to connect to this host in the past.

Simply run this command in your windows preferred terminal (cmd.exe, cygwin, etc) and agree to accept the host and store the cache:

C:\Program Files (x86)\PuTTY\plink.exe -ssh [SSH USERNAME]@[SSH HOST] -P [SSH PORT]

Then close out and try to connect in HeidiSQL again.

* Please note that the location of plink may differ.

To the HeidiSQL developers, if this is not already in an upcoming fix, is there a way to catch the response from Plink asking to agree and either automatically agree or prompt the user to agree. Plink's response looks something like this:

"The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
Store key in cache? (y/n) y"
ansgar posted 7 months ago
Yes, there are several users complaing about this issue. I never thought there is an automated solution but today I found this: http://deangrant.wordpress.com/2012/05/16/accept-server-host-key-when-automating-ssh-session-using-putty-plink/

It mainly says you can run an echo command piping the plink command:

echo y | plink.exe ...

I don't have a SSH enabled server right now, so would you be so nice and test if that works?
ansgar posted 7 months ago
No, "echo y | plink.exe ..." does not work, as we have a CreateProcess call which wants one application name and one string of parameters, not just a dos command. I am stuck.
ansgar posted 7 months ago
Please try out r4736. I am using hardcoded "C:\Windows\System32\cmd.exe" as the application name for CreateProcess, and "echo y | plink.exe ..." as command line. I cannot test that really, but the same approach works with a simple "cmd.exe echo j del /P test.txt" command. So I'm hoping that also works with plink.
djn posted 7 months ago
Sorry to be bringing bad news, but it doesn't seem to work for me... :-(

How did I test:
from Windows XP SP3 with HeidiSQL 4736 (just downloaded the compiled.exe)
to MySQL 5.6-something on CentOS 6.5 (VM inside of VirtualBox)
- first I checked that I can normally tunnel to an already cached address with sshd accepting only keyfile logins, iptables up blocking all ports but 22, a database user allowed only @'localhost' - worked fine;
-then I changed the IP address to the virtual machine and restarted networking to force a new caching request;
- tried to connect just as before, but for the new target IP address - HeidiSQL hanged there for a while and then put out a message about some 'initial packet' (sorry, forgot to take note of the exact phrasing);
-connected once to the target with plink on the command line, successfully;
-tried again with HeidiSQL with the same parameters as before: this time it went through without a hitch.

ansgar posted 7 months ago
I tried now using a virtual XP machine and freeSSHD on it. I can connect directly, without having to run plink.exe manually once. Can you please try again and post the error you got?
djn posted 7 months ago
Sure! I tried again with a brand new address and got:

SQL Error (2013) in statement #0: Lost connection to MySQL server at 'waiting for initial commmunication packet', system error: 0

Just as the last time around after an initial command line plink connection it worked fine instead.
djn posted 7 months ago
More bad news: I've tried once more, this time with r4738, and it stopped working even after an initial commandline connection.
ansgar posted 7 months ago
Shit. It's working here on a SSH enabled virtual XP machine. But I guess I will need to grab output and send input to the plink process for getting it to work properly. If that only wasn't so complicated.
forestwalker posted 7 months ago
Hi! After r4736 the plink tunneling stopped working here on wine :(

The message is (user, host and port are real and working ones, just hid for now):

PLink exited unexpected. Command line was:
/C echo y | "C:\Program Files\putty\PLINK.EXE" -ssh [user]@[host] -P [port] -i "W:\.ssh\secret.ppk" -N -L 3322:

Before that the plink tunnel was perfectly fine (except the manual fingerprint confirmation issue). Is there a way to disable this new behavior (/C echo y)? (By the way a setting for this can be fine for those who want manually check and confirm new SSH fingerprints.)

It seems like HeidiSQL cannot fetch the cmd.exe path although echoing %COMSPEC% returns the right "C:\windows\system32\cmd.exe" path.
ansgar posted 7 months ago
Please let me implement that nicer, I am on the way to do that. Just go back to the previous revisions for now if the current logic does not work for you.
forestwalker posted 7 months ago
No offensesmileI'm used to using bleeding edge dev code, just trying to help.
I was experimenting with it a bit but cannot get it to work :/ I don't know how this should work on a "real" winxp, but wine seems to handle this a bit strange.
anonymous posted 7 months ago
I think there is a problem using plink. In de last version, if I open a connection to another server, I get a list of DB's of the previous server/connection. In the task manager i have to kill the plink process. After that, if I login via ssh to the server I get the right list of DB's. All plink processes remains open after closing heidisql.
ansgar posted 7 months ago
Should all be fixed in r4746
forestwalker posted 7 months ago
CongratssmileWorks like a charm!
NetMaster posted 7 months ago
Not working for me! I am running r4749 on a local Win XP SP3, attempting to connect to a linux based mySQL server @ Dreamhost. Been working fine until I upgraded.

It works great using TCP/IP, but if I try SSH Tunneling (which worked before the upgrade) through PuTTY (naming mySQL server),.. after a 3 second pause I get, "SQL Error (2003) in statement #0: Can't connect to MySQL server on 'localhost' (10061)"

If I just name my server (i.e. drop the mysql.blah_blah.com), then I get, "SQL Error (2013) in statement #0: Lost connection to MySQL server at 'reading initial communication packet', system error: 2"

forestwalker posted 7 months ago
If you are using the internal SSH tunnel, You don't need an extra putty, they do the same thing (moreover as plink is part of the putty stack chances are that exactly the same happens...). You'll have to choose: HeidiSQL w/ SSH tunnel and setup every tunnel preferences on the SSH tab OR use HeidiSQL w/ TCP/IP and setup the tunnel with the external PuTTY.
ansgar posted 7 months ago
PuTTY or plink??
NetMaster posted 7 months ago

ansgar wrote: PuTTY or plink??

Sorry,... i had tried it both ways, tunneling through puTTY with TCP/IP using localhost (but I was concerned that that may not be as secure), as well as using plink via C:\Program Files\PuTTY\plink.exe (which is why i erroneously just called "PuTTY").

Anyhow I found my error (after a few hours sleep),... I was configuring the Settings tab to connect to mysql.blahblah.com, then forgot to change the SSH tunnel tab to to connect to my actual host site (blahblah.com).

It's always something foolishly simple!

Thanks for both of your quick responses. I am sorru to have wasted your time.
forestwalker posted 7 months ago
You're welcomesmileGood to hear you've solved itsmileIt really can be suck to make tunnels work...
Akro posted 7 months ago
Tried revision 4751 and ssh tunnel doesnt work anymore (its work on stable revision). It show the error message:
Impossible d'exécuter PLink: plink.exe -ssh root@ -P 9388 -i "C:\Users\Akro\.ssh\id_rsa_wp.ppk" -N -L 3307:

And after it show a MessageBox with:
Connection.Active = false

If i use the command in the shell it seem to work.

Please login to leave a reply, or register at first.