Connecting via SSH Tunnel

thany posted 12 months ago in General

I have to connect via an SSH tunnel to my server. I believe this is very common practice. Yet, HeidiSQL doesn't appear to support this. Can this please be added?

I saw in the "connecting" help section (lolwut, I'm not allowed to post a direct link) a tab SSH Tunnel in the session manager. I don't have that tab, but I do have the latest version ( of the program. So I'm guessing the help might be a little bit ahead of its time perhaps?

One thing I've tried is to just enter my private key file in "SSL private key" on the Advanced tab, but when I do that, all I get is Can't connect to MySQL server on [my server ip], but no actual usable error message.

jpyy posted 12 months ago

The help page is missing the important detail of selecting network type "MySQL (SSH tunnel)" on the Settings tab, which then gives you the needed SSH tunnel tab.

soneritics posted 12 months ago

Heidi certainly supports connecting through an SSH tunnel.

In the Settings tab choose MySQL (SSH tunnel) In that same tab, the settings for the MySQL client go. Your IP address will therefor probably be The username and password will be known by you.

You also have a new tab, SSH Tunnel. Add your connection information here. SSH port is 22. Your username is the one you connect to your server using SSH. Use the private key file field to point to your private key file.

I am using the private key file that I use for Pageant, the .ppk file.

michou posted 12 months ago

Is there any chance the SSH tunnel support could be improved to also allow connections that require 2FA/MFA? My current setup involves connecting via a bastion on which authentication is done via a private key *and* an OTP code generated via Google Authenticator.

In the latest version (, I can set up the tunnel, but when plink gets prompted for they keyboard-interactive OTP code, HeidiSQL only shows a message box with now way to enter the actual code (see attachment).

My current workaround consists in manually creating the SSH tunnel with plink and then connecting HeidiSQL via the mapped local port – but it's ugly ????

1 attachment(s):
  • Screenshot-2017-08-01-19.41.47
gtsiou posted 4 months ago

I know this thread is old-ish but if someone is still looking for an answer on this, using the passphrase in the password field of the ssh tab, will work fine. It is unintuitive since password != passphrase but it is what it is. No ugly port-tunneling through putty needed;)

michou posted 4 months ago

Yes, but sometimes, there would be *two* interactive prompts, as the server asks for a second passphrase before the 2FA step. So, really, what is needed here is true support for interactive SSH prompts.

Not many tools support this (I couldn't find any that does on Windows), but there's at least SequelPro (albeit on macOS) that does it, so it can be done :)

Thanks for a great tool, m

Please login to leave a reply, or register at first.