distal-attribute
distal-attribute
distal-attribute
distal-attribute

New feature: SSH tunnel

User, date Message
Written by ansgar
4 years ago
Category: News
4801 posts since Fri, 07 Apr 06
r3229 implements SSH tunneling via plink.exe on the session manager:



Thanks to all which voted for this issue.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
Great!

But some destination servers allow to open ssh-connection on non standart port only (default is 22).
I solve this by adding -P port_num as plink.exe startup option. But this setting is global for all heidi connections through ssh-tunnel!

Please, add ssh-port field to SSH tunnel tab to allow to edit per-connection ssh-port number.
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
Is it possible to implement authorization by key? It would be great. Authorization via password is sometimes disabled on server.
Written by mastrino
4 years ago
2 posts since Fri, 12 Feb 10
This is a wonderful feature.
Thank you!
I always connect through tunnel ssh opening putty first and then heidisql. Now I don't have even to run putty first. It is wonderful.
I agree with justpusher, would be nice to be able to connect using the keys but also like this is great.
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
Thinking that using keys would make the code more complex than it is - I'd say this should be set up manually using putty, for now.
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
Same goes for other options like the custom SSH port - which sounds slightly uncommon to me.
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
As far as I know, plink can be forced for using a key with a command-line option: plink -i path/to/key
I tried to specify key in option "path to plink" in that way. Plink is opened in separate window which closes quickly (I can't notice if he authorizes successfully). HeidiSQL then reports "Cannot connect to server".

As for me, I don't see a big problem in running tunnels separately (with ssh or plink). But also I can't feel a big profit of tunneling feature while it does not support keysunhappy

Maybe I can help developing this feature? I'm quite familiar with Delphi and ssh tools.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
OK, but I need to use different plink.exe options to making tunnel. For example, to connect to the first DB I must connect with 1322 port at the server. I've added "-P 1322" for plink.exe. Second DB at the server with 22 ssh-port, so I deleted "-P 1322" option. To connect to the first server I need to add option again, then deleting it and to add again ... :(
How can I configure plink.exe per several connection?
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
2 wtask:
you can use putty sessions as parameters to plink. It may be a little easier than to change port every time.
If you saved a connection settings in putty as a session "server1", you can use it in plink:
plink.exe -load server1

But I agree, it is not very handy.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
Putty doesn't allow to save passwords anyway or I don't know how to do this. What is the difference between your suggestion and my temporary solution?
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
Maybe I just didn't understand you. Editing putty session is a bit easier than editing a port. There's no big difference.

By the way, we can write a small tool to use instead of plink. It will read port, password and key file path from some config file and launch plink. I'll think about it tomorrow smile
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
Oh, no, please don't start create hacking toolsmileNow it lacks only one thing. How to make Heidi to save plink's options per connection, like this:
Connection | Path to plink
Database1 | C:/putty/plink.exe -P 1322
Database2 | C:/putty/plink.exe another_plink_option
Database3 | C:/putty/plink.exe
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
Please see comments in issue #401.
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
Yes, no wrapper for plink required - would be very ugly. I'll just commit my changes, which will allow you to
* set a different SSH host/ip and port
* set a private key file
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
@wtask: Btw, plink options are saved per connection. Only the plink.exe location is a global setting, all others are stored together with your session settings.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
Thank you! I see.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
Something wrong with ssh in build 3235. Looks like plink.exe use cache and try to open always the first ssh connection from list... I couldn't connect to my second host.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
... or errors in Heidi settings after applying update to latest build. On other PC everything is ok.
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
Please update again, I just fixed some minor last stuff.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
Thank you, at present everything is ok
Written by jfalchMoney, Euro
4 years ago
354 posts since Sat, 17 Oct 09
In session manager´s SSH tunnel tab, please consider adding an additional checkbox "compressed" (generates -C switch with plink).
Written by mastrino
4 years ago
2 posts since Fri, 12 Feb 10
This is great!
Thanks
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
Feature works perfectly! Thanks.
Written by md2perpe
4 years ago
3 posts since Thu, 15 Apr 10
Before I've used tunnelling through Putty, so this feature makes the daily life somewhat easier.

However, I get a loud beep in my PC speaker when connecting to a server. I don't understand if it's from HeidiSQL or from plink. Does anyone know how to get rid of that beep?
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
I would have bet that is caused by a plink connection error, but when you're successfully connecting that cannot be the case. Probably some unimportant "notice" from plink.exe. Not sure. Just try to execute the plink.exe command line manually you see in your SQL log - should also beep.
Written by md2perpe
4 years ago
3 posts since Thu, 15 Apr 10
I cannot see any failure nor a plink command in the log:

/* Connecting to db.ztormint.net via SSH tunnel, username root, using password: No ... */
/* Attempt to create plink.exe process ... */
/* Connected. Thread-ID: 579926 */
/* Characterset: utf8 */
SHOW STATUS LIKE 'Uptime';
SHOW DATABASES;
USE `ztorm`;
SHOW TABLE STATUS FROM `ztorm`;
SHOW FUNCTION STATUS WHERE `Db`='ztorm';
SHOW PROCEDURE STATUS WHERE `Db`='ztorm';
SHOW TRIGGERS FROM `ztorm`;

Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
Ah yes.. that log row was removed for security reasons.
Written by microUgly
4 years ago
20 posts since Fri, 16 Apr 10
Should this feature still work in the latest builds?

Since upgrading to to 5.1 it stopped working. I'm currently using version 5.1.0.3274.

The error is a typical "SQL Error (2003): Can't connectf to MySQL server on 'localhost' (10061)".

I enabled logging but this event doesn't generate a log entry.

I did not that prior 5.1, the first time I would try to connect, the connection would fail, but then it would work the second time.
Written by microUgly
4 years ago
20 posts since Fri, 16 Apr 10
I just seen in the change log that one of the bugfixes is that plink would exit after a failed connection.

Is there a chance that Heidisql is not allowing enough time for plink to initiate a connection before it decides it can't connect to MySQL?

This might explain why it previously work for me on the second attempt--because plink was still open and had been allowed enough time for the connection to be made.

Most of my servers are overseas and can take a small amount of time for a connection to be made.
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
As I understood, I should specify the port of real remote mysql server (3306) in `port` field on 1st tab, and local temporary port (ex., 7000) in "Local port" field on 2nd tab.

But if I do so, it does not work (error:could not connect).
Instead, it works if I swap those settings. So I specify 3306 in local port and 7000 in main port. And it works! Maybe I'm doing something wrong?

If everything is correct, I think you should swap those two settings or write a little help what every of them means.

Nevertheless, I want to say a BIG thanks to developers for this feature. It's really GREAT!
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
Addition to previous comment.
I tried connecting to same server on my colleague's computer. Situation is opposite to mine.
On that computer I need to specify 3306 as main port, and 7000 as local port, so the settings are swapped comparing to my settings.
Seems to be a very interesting bug.
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
@microUgly
Try to swap vales in local port (2st tab) and port (1st tab). This helped in my case.
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
After update to latest night build and re-creating all sessions my bug disappeared. So the question is closed, sorry.smile
Written by microUgly
4 years ago
20 posts since Fri, 16 Apr 10
This still isn't working for me.

I'm confident this will be a timeout issue. I'm getting an error that it can't connect before negotiation could possibly be complete.

I can also manually create a plink connection without a problem.
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
So, plink.exe has no connection yet when MySQL connection is tried to open? Could be the case, there is a one second waiter after opening plink.exe:

WaitForSingleObject(FPlinkProcInfo.hProcess, 1000);


There should be some loop which detects if plink is still running.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
I understood, why I can't connect to MySQL with SSH tunnel. On my first laptop wich works under Windows 7 x32 I've used official putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. But on another PC I have Windows x64. And it is strange, but x32 plink.exe in this case does not connect to the server and waits for interactive password. So when I've installed x64 version of putty's utils from https://splunk.net:444/page/putty_64bit, Heidy successfully creates ssh-tunnel to MySQL server.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
Only first time, plink x64 ask for confirmation for key saving. Heidi doesn't detect this.
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
SSH tunnels still don't work well for me.

I tried to establish tunnel to localhost - it's working properly (yes, I do have sshd server). But for any other server I get `SQL Error (2003): Can't connect to MySQL server on 'localhost' (10061)` error.

I agree with microUgly, it seems that Heidi does not wait enough time while plink establishes a tunnel. For my servers, it takes about 2 seconds to connect via ssh.

Again, if I establish connection myself with plink via command line, everything works perfectly.

If constant waiting more than 1 second is unwanted, I suggest waiting till getting `Using username "pusher"` text from plink. As a noticed, after this text appears, the tunnel is already established.
Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
There is not only the "not waiting" problem. Plink.exe may try to interact with user when it is started by Heidi. In my case plink.exe x86 runing on Windows x64 ignores password passing as parameter and ask to enter it again. So Heidi couldn't properly open connection. Also, when plink is creating a new connection for the first time it will ask confirmation about certificate and will hang Heidi again...
Written by justpusherMoney, Euro
4 years ago
24 posts since Wed, 31 Mar 10
@wtask. Your problems really take place, but you can solve them easily.
For a problem with confirmation about certificate: it's enough to run plink once manually from command line and accept the certificate.
For a problem with specifying password: you can (and you should) use authorization via private/public key instead of password authorization. Even more, if you specify a private key file in default putty settings, then you do not need to enter neither password nor public key path! It's very handy.

Written by wtask
4 years ago
29 posts since Mon, 22 Feb 10
@justpusher Yes, just one time. But until before need to invent this.
I replied, plink.exe x86 under Windows 7 x32 doesn't request a password again, when it specified. But it is occured when i tried use plink.exe x86 in Windows7 x64.
And I know all about putty's limits of using passwords. But we are discussing Heidi ssh-tunnel via plink.exe.
Written by microUgly
4 years ago
20 posts since Fri, 16 Apr 10
"There should be some loop which detects if plink is still running."

Does this make it an acknowledge issue we can expect to see a fix for sometime in the future?
Written by ansgar
4 years ago
4801 posts since Fri, 07 Apr 06
Hehe, not necessarily, as issues are normally managed at Google Code. Forum posts are nicer for dicussions but can easily be forgotten. So, good to have users asking from time to time the right questions :)
Written by microUgly
4 years ago
20 posts since Fri, 16 Apr 10
Thanks for pointing that out. Issue logged - http://code.google.com/p/heidisql/issues/detail?id=1914
 

Please login to leave a reply, or register at first.