Creating an SSH Tunneled connection with encrypted key

ratheous posted 7 years ago in Creating a connection
I'm unable to establish a tunneled connection to a server which I've configured to only allow ssh connections with public key/RSA authentication, using an encrypted private key. I am able to log in using putty and my private key (imported through puttygen). I've also successfully established tunneled connections with other servers which did allow password authentication using HeidiSQL.

Furthermore, I can establish a tunneled connection to the mysql server I'm having trouble with if I configure the tunnel in putty and log in with that prior to connecting with HeidiSQL, rather than using the HeidiSQL SSH Tunnel settings.

I've tried leaving the password field blank, which does not cause HeidiSQL to ask me for my passphrase; I've tried entering my passphrase in the password field; I even tried entering the account password just for the heck of it, even though password auth is disabled. Every attempt ends with the error "SQL Error (2003): Can't connect to MySQL server on 'localhost' (10061)".

Just to verify that plink wasn't the culprit, I ran the following:

plink.exe [USER]@{IP} -P [SERVER SSH PORT] -i "[LOCAL PATH TO PRIVATE KEY .ppk]" -L 3306:localhost:3306

plink responds:

Using username "[USER]".
Passphrase for key "imported-openssh-key":

After which I enter my passphrase and receive a command prompt, so plink is working correctly as far as I can tell.

Is this supposed to work?

The server is OpenSUSE 12.1 if it matters.

I don't claim to be an expert on any of this, so let me know if I don't use the correct terms or you need more information.

jfalch posted 7 years ago
AFAIK using n encrypted private key (ie passing a passphrase to plink) seems not currently to be supported by heidisql. I suggest that you use pageant (a putty auxiliary program) to load the private key before starting heidisql; pageant will ask you for the key┬┤s passphrase when loading, will then remain resident, and will later automagically pass the key to plink without requiring the passphrase again.
cbj4074 posted 3 weeks ago

7 years later, is this still the status quo?

I ask because I configured a connection using an SSH key on Windows (via PuTTY/plink.exe) that is encrypted with a passphrase and while a little dialog pops-up seemingly prompting me for the private key's passphrase, there's no input field (just an OK button).

I'm inclined to think that the passphrase field is somehow obscured because I have my display scaled to 150%.

In any case, before I troubleshoot further, I'd love to know if, in general, passphrase-protected private SSH keys are supported in the current release.

Thanks in advance (if anybody is still listening)!

ansgar posted 3 weeks ago

Issue #284 is what you are just asking for. Please go there and star the issue, maybe add a comment so I know there is some interest in getting support for passphrases.

cbj4074 posted 3 weeks ago

Thank you @ansgar! I appreciate the quick reply. I have thumbs-upped the issue and subscribed to notifications.

As a corollary, it's nice to see that threads on this forum aren't closed just because they're old. I find that widespread practice to be quite silly, given that age has nothing to do with relevance.

Thanks again!

Please login to leave a reply, or register at first.