New feature: SSH tunnel

ansgar's profile image ansgar posted 14 years ago in News Permalink
r3229 implements SSH tunneling via plink.exe on the session manager:



Thanks to all which voted for this issue.
1 attachment(s):
  • sshtunnel
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
Great!

But some destination servers allow to open ssh-connection on non standart port only (default is 22).
I solve this by adding -P port_num as plink.exe startup option. But this setting is global for all heidi connections through ssh-tunnel!

Please, add ssh-port field to SSH tunnel tab to allow to edit per-connection ssh-port number.
justpusher's profile image justpusher posted 14 years ago Permalink
Is it possible to implement authorization by key? It would be great. Authorization via password is sometimes disabled on server.
[expired user #4706]'s profile image [expired user #4706] posted 14 years ago Permalink
This is a wonderful feature.
Thank you!
I always connect through tunnel ssh opening putty first and then heidisql. Now I don't have even to run putty first. It is wonderful.
I agree with justpusher, would be nice to be able to connect using the keys but also like this is great.
ansgar's profile image ansgar posted 14 years ago Permalink
Thinking that using keys would make the code more complex than it is - I'd say this should be set up manually using putty, for now.
ansgar's profile image ansgar posted 14 years ago Permalink
Same goes for other options like the custom SSH port - which sounds slightly uncommon to me.
justpusher's profile image justpusher posted 14 years ago Permalink
As far as I know, plink can be forced for using a key with a command-line option: plink -i path/to/key
I tried to specify key in option "path to plink" in that way. Plink is opened in separate window which closes quickly (I can't notice if he authorizes successfully). HeidiSQL then reports "Cannot connect to server".

As for me, I don't see a big problem in running tunnels separately (with ssh or plink). But also I can't feel a big profit of tunneling feature while it does not support keysunhappy

Maybe I can help developing this feature? I'm quite familiar with Delphi and ssh tools.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
OK, but I need to use different plink.exe options to making tunnel. For example, to connect to the first DB I must connect with 1322 port at the server. I've added "-P 1322" for plink.exe. Second DB at the server with 22 ssh-port, so I deleted "-P 1322" option. To connect to the first server I need to add option again, then deleting it and to add again ... :(
How can I configure plink.exe per several connection?
justpusher's profile image justpusher posted 14 years ago Permalink
2 wtask:
you can use putty sessions as parameters to plink. It may be a little easier than to change port every time.
If you saved a connection settings in putty as a session "server1", you can use it in plink:
plink.exe -load server1

But I agree, it is not very handy.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
Putty doesn't allow to save passwords anyway or I don't know how to do this. What is the difference between your suggestion and my temporary solution?
justpusher's profile image justpusher posted 14 years ago Permalink
Maybe I just didn't understand you. Editing putty session is a bit easier than editing a port. There's no big difference.

By the way, we can write a small tool to use instead of plink. It will read port, password and key file path from some config file and launch plink. I'll think about it tomorrow smile
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
Oh, no, please don't start create hacking toolsmileNow it lacks only one thing. How to make Heidi to save plink's options per connection, like this:
Connection | Path to plink
Database1 | C:/putty/plink.exe -P 1322
Database2 | C:/putty/plink.exe another_plink_option
Database3 | C:/putty/plink.exe
ansgar's profile image ansgar posted 14 years ago Permalink
Please see comments in issue #401.
ansgar's profile image ansgar posted 14 years ago Permalink
Yes, no wrapper for plink required - would be very ugly. I'll just commit my changes, which will allow you to
* set a different SSH host/ip and port
* set a private key file
ansgar's profile image ansgar posted 14 years ago Permalink
@wtask: Btw, plink options are saved per connection. Only the plink.exe location is a global setting, all others are stored together with your session settings.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
Thank you! I see.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
Something wrong with ssh in build 3235. Looks like plink.exe use cache and try to open always the first ssh connection from list... I couldn't connect to my second host.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
... or errors in Heidi settings after applying update to latest build. On other PC everything is ok.
ansgar's profile image ansgar posted 14 years ago Permalink
Please update again, I just fixed some minor last stuff.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
Thank you, at present everything is ok
jfalch's profile image jfalch posted 14 years ago Permalink
In session managerĀ“s SSH tunnel tab, please consider adding an additional checkbox "compressed" (generates -C switch with plink).
[expired user #4706]'s profile image [expired user #4706] posted 14 years ago Permalink
This is great!
Thanks
justpusher's profile image justpusher posted 14 years ago Permalink
Feature works perfectly! Thanks.
[expired user #4864]'s profile image [expired user #4864] posted 14 years ago Permalink
Before I've used tunnelling through Putty, so this feature makes the daily life somewhat easier.

However, I get a loud beep in my PC speaker when connecting to a server. I don't understand if it's from HeidiSQL or from plink. Does anyone know how to get rid of that beep?
ansgar's profile image ansgar posted 14 years ago Permalink
I would have bet that is caused by a plink connection error, but when you're successfully connecting that cannot be the case. Probably some unimportant "notice" from plink.exe. Not sure. Just try to execute the plink.exe command line manually you see in your SQL log - should also beep.
[expired user #4864]'s profile image [expired user #4864] posted 14 years ago Permalink
I cannot see any failure nor a plink command in the log:
/* Connecting to db.ztormint.net via SSH tunnel, username root, using password: No ... */
/* Attempt to create plink.exe process ... */
/* Connected. Thread-ID: 579926 */
/* Characterset: utf8 */
SHOW STATUS LIKE 'Uptime';
SHOW DATABASES;
USE `ztorm`;
SHOW TABLE STATUS FROM `ztorm`;
SHOW FUNCTION STATUS WHERE `Db`='ztorm';
SHOW PROCEDURE STATUS WHERE `Db`='ztorm';
SHOW TRIGGERS FROM `ztorm`;
ansgar's profile image ansgar posted 14 years ago Permalink
Ah yes.. that log row was removed for security reasons.
[expired user #4867]'s profile image [expired user #4867] posted 14 years ago Permalink
Should this feature still work in the latest builds?

Since upgrading to to 5.1 it stopped working. I'm currently using version 5.1.0.3274.

The error is a typical "SQL Error (2003): Can't connectf to MySQL server on 'localhost' (10061)".

I enabled logging but this event doesn't generate a log entry.

I did not that prior 5.1, the first time I would try to connect, the connection would fail, but then it would work the second time.
[expired user #4867]'s profile image [expired user #4867] posted 14 years ago Permalink
I just seen in the change log that one of the bugfixes is that plink would exit after a failed connection.

Is there a chance that Heidisql is not allowing enough time for plink to initiate a connection before it decides it can't connect to MySQL?

This might explain why it previously work for me on the second attempt--because plink was still open and had been allowed enough time for the connection to be made.

Most of my servers are overseas and can take a small amount of time for a connection to be made.
justpusher's profile image justpusher posted 14 years ago Permalink
As I understood, I should specify the port of real remote mysql server (3306) in `port` field on 1st tab, and local temporary port (ex., 7000) in "Local port" field on 2nd tab.

But if I do so, it does not work (error:could not connect).
Instead, it works if I swap those settings. So I specify 3306 in local port and 7000 in main port. And it works! Maybe I'm doing something wrong?

If everything is correct, I think you should swap those two settings or write a little help what every of them means.

Nevertheless, I want to say a BIG thanks to developers for this feature. It's really GREAT!
justpusher's profile image justpusher posted 14 years ago Permalink
Addition to previous comment.
I tried connecting to same server on my colleague's computer. Situation is opposite to mine.
On that computer I need to specify 3306 as main port, and 7000 as local port, so the settings are swapped comparing to my settings.
Seems to be a very interesting bug.
justpusher's profile image justpusher posted 14 years ago Permalink
@microUgly
Try to swap vales in local port (2st tab) and port (1st tab). This helped in my case.
justpusher's profile image justpusher posted 14 years ago Permalink
After update to latest night build and re-creating all sessions my bug disappeared. So the question is closed, sorry.smile
[expired user #4867]'s profile image [expired user #4867] posted 14 years ago Permalink
This still isn't working for me.

I'm confident this will be a timeout issue. I'm getting an error that it can't connect before negotiation could possibly be complete.

I can also manually create a plink connection without a problem.
ansgar's profile image ansgar posted 14 years ago Permalink
So, plink.exe has no connection yet when MySQL connection is tried to open? Could be the case, there is a one second waiter after opening plink.exe:
WaitForSingleObject(FPlinkProcInfo.hProcess, 1000);

There should be some loop which detects if plink is still running.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
I understood, why I can't connect to MySQL with SSH tunnel. On my first laptop wich works under Windows 7 x32 I've used official putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. But on another PC I have Windows x64. And it is strange, but x32 plink.exe in this case does not connect to the server and waits for interactive password. So when I've installed x64 version of putty's utils from https://splunk.net:444/page/putty_64bit, Heidy successfully creates ssh-tunnel to MySQL server.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
Only first time, plink x64 ask for confirmation for key saving. Heidi doesn't detect this.
justpusher's profile image justpusher posted 14 years ago Permalink
SSH tunnels still don't work well for me.

I tried to establish tunnel to localhost - it's working properly (yes, I do have sshd server). But for any other server I get `SQL Error (2003): Can't connect to MySQL server on 'localhost' (10061)` error.

I agree with microUgly, it seems that Heidi does not wait enough time while plink establishes a tunnel. For my servers, it takes about 2 seconds to connect via ssh.

Again, if I establish connection myself with plink via command line, everything works perfectly.

If constant waiting more than 1 second is unwanted, I suggest waiting till getting `Using username "pusher"` text from plink. As a noticed, after this text appears, the tunnel is already established.
[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
There is not only the "not waiting" problem. Plink.exe may try to interact with user when it is started by Heidi. In my case plink.exe x86 runing on Windows x64 ignores password passing as parameter and ask to enter it again. So Heidi couldn't properly open connection. Also, when plink is creating a new connection for the first time it will ask confirmation about certificate and will hang Heidi again...
justpusher's profile image justpusher posted 14 years ago Permalink
@wtask. Your problems really take place, but you can solve them easily.
For a problem with confirmation about certificate: it's enough to run plink once manually from command line and accept the certificate.
For a problem with specifying password: you can (and you should) use authorization via private/public key instead of password authorization. Even more, if you specify a private key file in default putty settings, then you do not need to enter neither password nor public key path! It's very handy.

[expired user #4720]'s profile image [expired user #4720] posted 14 years ago Permalink
@justpusher Yes, just one time. But until before need to invent this.
I replied, plink.exe x86 under Windows 7 x32 doesn't request a password again, when it specified. But it is occured when i tried use plink.exe x86 in Windows7 x64.
And I know all about putty's limits of using passwords. But we are discussing Heidi ssh-tunnel via plink.exe.
[expired user #4867]'s profile image [expired user #4867] posted 14 years ago Permalink
"There should be some loop which detects if plink is still running."

Does this make it an acknowledge issue we can expect to see a fix for sometime in the future?
ansgar's profile image ansgar posted 14 years ago Permalink
Hehe, not necessarily, as issues are normally managed at Google Code. Forum posts are nicer for dicussions but can easily be forgotten. So, good to have users asking from time to time the right questions :)
[expired user #4867]'s profile image [expired user #4867] posted 14 years ago Permalink
Thanks for pointing that out. Issue logged - http://code.google.com/p/heidisql/issues/detail?id=1914

Please login to leave a reply, or register at first.