distal-attribute
distal-attribute
distal-attribute
distal-attribute

New feature: SSH tunnel

ansgar posted 5 years ago in News
r3229 implements SSH tunneling via plink.exe on the session manager:



Thanks to all which voted for this issue.
wtask posted 5 years ago
Great!

But some destination servers allow to open ssh-connection on non standart port only (default is 22).
I solve this by adding -P port_num as plink.exe startup option. But this setting is global for all heidi connections through ssh-tunnel!

Please, add ssh-port field to SSH tunnel tab to allow to edit per-connection ssh-port number.
justpusher posted 5 years ago
Is it possible to implement authorization by key? It would be great. Authorization via password is sometimes disabled on server.
mastrino posted 5 years ago
This is a wonderful feature.
Thank you!
I always connect through tunnel ssh opening putty first and then heidisql. Now I don't have even to run putty first. It is wonderful.
I agree with justpusher, would be nice to be able to connect using the keys but also like this is great.
ansgar posted 5 years ago
Thinking that using keys would make the code more complex than it is - I'd say this should be set up manually using putty, for now.
ansgar posted 5 years ago
Same goes for other options like the custom SSH port - which sounds slightly uncommon to me.
justpusher posted 5 years ago
As far as I know, plink can be forced for using a key with a command-line option: plink -i path/to/key
I tried to specify key in option "path to plink" in that way. Plink is opened in separate window which closes quickly (I can't notice if he authorizes successfully). HeidiSQL then reports "Cannot connect to server".

As for me, I don't see a big problem in running tunnels separately (with ssh or plink). But also I can't feel a big profit of tunneling feature while it does not support keysunhappy

Maybe I can help developing this feature? I'm quite familiar with Delphi and ssh tools.
wtask posted 5 years ago
OK, but I need to use different plink.exe options to making tunnel. For example, to connect to the first DB I must connect with 1322 port at the server. I've added "-P 1322" for plink.exe. Second DB at the server with 22 ssh-port, so I deleted "-P 1322" option. To connect to the first server I need to add option again, then deleting it and to add again ... :(
How can I configure plink.exe per several connection?
justpusher posted 5 years ago
2 wtask:
you can use putty sessions as parameters to plink. It may be a little easier than to change port every time.
If you saved a connection settings in putty as a session "server1", you can use it in plink:
plink.exe -load server1

But I agree, it is not very handy.
wtask posted 5 years ago
Putty doesn't allow to save passwords anyway or I don't know how to do this. What is the difference between your suggestion and my temporary solution?
justpusher posted 5 years ago
Maybe I just didn't understand you. Editing putty session is a bit easier than editing a port. There's no big difference.

By the way, we can write a small tool to use instead of plink. It will read port, password and key file path from some config file and launch plink. I'll think about it tomorrow smile

wtask posted 5 years ago
Oh, no, please don't start create hacking toolsmileNow it lacks only one thing. How to make Heidi to save plink's options per connection, like this:
Connection | Path to plink
Database1 | C:/putty/plink.exe -P 1322
Database2 | C:/putty/plink.exe another_plink_option
Database3 | C:/putty/plink.exe
ansgar posted 5 years ago
Please see comments in issue #401.
ansgar posted 5 years ago
Yes, no wrapper for plink required - would be very ugly. I'll just commit my changes, which will allow you to
* set a different SSH host/ip and port
* set a private key file
ansgar posted 5 years ago
@wtask: Btw, plink options are saved per connection. Only the plink.exe location is a global setting, all others are stored together with your session settings.
wtask posted 5 years ago
Thank you! I see.
wtask posted 5 years ago
Something wrong with ssh in build 3235. Looks like plink.exe use cache and try to open always the first ssh connection from list... I couldn't connect to my second host.
wtask posted 5 years ago
... or errors in Heidi settings after applying update to latest build. On other PC everything is ok.
ansgar posted 5 years ago
Please update again, I just fixed some minor last stuff.
wtask posted 5 years ago
Thank you, at present everything is ok
jfalch posted 5 years ago
In session managerĀ“s SSH tunnel tab, please consider adding an additional checkbox "compressed" (generates -C switch with plink).
mastrino posted 5 years ago
This is great!
Thanks

justpusher posted 5 years ago
Feature works perfectly! Thanks.
md2perpe posted 5 years ago
Before I've used tunnelling through Putty, so this feature makes the daily life somewhat easier.

However, I get a loud beep in my PC speaker when connecting to a server. I don't understand if it's from HeidiSQL or from plink. Does anyone know how to get rid of that beep?
ansgar posted 5 years ago
I would have bet that is caused by a plink connection error, but when you're successfully connecting that cannot be the case. Probably some unimportant "notice" from plink.exe. Not sure. Just try to execute the plink.exe command line manually you see in your SQL log - should also beep.
md2perpe posted 5 years ago
I cannot see any failure nor a plink command in the log:

/* Connecting to db.ztormint.net via SSH tunnel, username root, using password: No ... */
/* Attempt to create plink.exe process ... */
/* Connected. Thread-ID: 579926 */
/* Characterset: utf8 */
SHOW STATUS LIKE 'Uptime';
SHOW DATABASES;
USE `ztorm`;
SHOW TABLE STATUS FROM `ztorm`;
SHOW FUNCTION STATUS WHERE `Db`='ztorm';
SHOW PROCEDURE STATUS WHERE `Db`='ztorm';
SHOW TRIGGERS FROM `ztorm`;

ansgar posted 5 years ago
Ah yes.. that log row was removed for security reasons.
microUgly posted 5 years ago
Should this feature still work in the latest builds?

Since upgrading to to 5.1 it stopped working. I'm currently using version 5.1.0.3274.

The error is a typical "SQL Error (2003): Can't connectf to MySQL server on 'localhost' (10061)".

I enabled logging but this event doesn't generate a log entry.

I did not that prior 5.1, the first time I would try to connect, the connection would fail, but then it would work the second time.
microUgly posted 5 years ago
I just seen in the change log that one of the bugfixes is that plink would exit after a failed connection.

Is there a chance that Heidisql is not allowing enough time for plink to initiate a connection before it decides it can't connect to MySQL?

This might explain why it previously work for me on the second attempt--because plink was still open and had been allowed enough time for the connection to be made.

Most of my servers are overseas and can take a small amount of time for a connection to be made.
justpusher posted 5 years ago
As I understood, I should specify the port of real remote mysql server (3306) in `port` field on 1st tab, and local temporary port (ex., 7000) in "Local port" field on 2nd tab.

But if I do so, it does not work (error:could not connect).
Instead, it works if I swap those settings. So I specify 3306 in local port and 7000 in main port. And it works! Maybe I'm doing something wrong?

If everything is correct, I think you should swap those two settings or write a little help what every of them means.

Nevertheless, I want to say a BIG thanks to developers for this feature. It's really GREAT!
justpusher posted 5 years ago
Addition to previous comment.
I tried connecting to same server on my colleague's computer. Situation is opposite to mine.
On that computer I need to specify 3306 as main port, and 7000 as local port, so the settings are swapped comparing to my settings.
Seems to be a very interesting bug.
justpusher posted 5 years ago
@microUgly
Try to swap vales in local port (2st tab) and port (1st tab). This helped in my case.
justpusher posted 5 years ago
After update to latest night build and re-creating all sessions my bug disappeared. So the question is closed, sorry.smile

microUgly posted 5 years ago
This still isn't working for me.

I'm confident this will be a timeout issue. I'm getting an error that it can't connect before negotiation could possibly be complete.

I can also manually create a plink connection without a problem.
ansgar posted 5 years ago
So, plink.exe has no connection yet when MySQL connection is tried to open? Could be the case, there is a one second waiter after opening plink.exe:

WaitForSingleObject(FPlinkProcInfo.hProcess, 1000);


There should be some loop which detects if plink is still running.
wtask posted 5 years ago
I understood, why I can't connect to MySQL with SSH tunnel. On my first laptop wich works under Windows 7 x32 I've used official putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. But on another PC I have Windows x64. And it is strange, but x32 plink.exe in this case does not connect to the server and waits for interactive password. So when I've installed x64 version of putty's utils from https://splunk.net:444/page/putty_64bit, Heidy successfully creates ssh-tunnel to MySQL server.
wtask posted 5 years ago
Only first time, plink x64 ask for confirmation for key saving. Heidi doesn't detect this.
justpusher posted 5 years ago
SSH tunnels still don't work well for me.

I tried to establish tunnel to localhost - it's working properly (yes, I do have sshd server). But for any other server I get `SQL Error (2003): Can't connect to MySQL server on 'localhost' (10061)` error.

I agree with microUgly, it seems that Heidi does not wait enough time while plink establishes a tunnel. For my servers, it takes about 2 seconds to connect via ssh.

Again, if I establish connection myself with plink via command line, everything works perfectly.

If constant waiting more than 1 second is unwanted, I suggest waiting till getting `Using username "pusher"` text from plink. As a noticed, after this text appears, the tunnel is already established.
wtask posted 5 years ago
There is not only the "not waiting" problem. Plink.exe may try to interact with user when it is started by Heidi. In my case plink.exe x86 runing on Windows x64 ignores password passing as parameter and ask to enter it again. So Heidi couldn't properly open connection. Also, when plink is creating a new connection for the first time it will ask confirmation about certificate and will hang Heidi again...
justpusher posted 5 years ago
@wtask. Your problems really take place, but you can solve them easily.
For a problem with confirmation about certificate: it's enough to run plink once manually from command line and accept the certificate.
For a problem with specifying password: you can (and you should) use authorization via private/public key instead of password authorization. Even more, if you specify a private key file in default putty settings, then you do not need to enter neither password nor public key path! It's very handy.

wtask posted 4 years ago
@justpusher Yes, just one time. But until before need to invent this.
I replied, plink.exe x86 under Windows 7 x32 doesn't request a password again, when it specified. But it is occured when i tried use plink.exe x86 in Windows7 x64.
And I know all about putty's limits of using passwords. But we are discussing Heidi ssh-tunnel via plink.exe.
microUgly posted 4 years ago
"There should be some loop which detects if plink is still running."

Does this make it an acknowledge issue we can expect to see a fix for sometime in the future?
ansgar posted 4 years ago
Hehe, not necessarily, as issues are normally managed at Google Code. Forum posts are nicer for dicussions but can easily be forgotten. So, good to have users asking from time to time the right questions :)
microUgly posted 4 years ago
Thanks for pointing that out. Issue logged - http://code.google.com/p/heidisql/issues/detail?id=1914

Please login to leave a reply, or register at first.