Connecting via SSH Tunnel

thany posted 2 years ago in General

I have to connect via an SSH tunnel to my server. I believe this is very common practice. Yet, HeidiSQL doesn't appear to support this. Can this please be added?

I saw in the "connecting" help section (lolwut, I'm not allowed to post a direct link) a tab SSH Tunnel in the session manager. I don't have that tab, but I do have the latest version ( of the program. So I'm guessing the help might be a little bit ahead of its time perhaps?

One thing I've tried is to just enter my private key file in "SSL private key" on the Advanced tab, but when I do that, all I get is Can't connect to MySQL server on [my server ip], but no actual usable error message.

jpyy posted 2 years ago

The help page is missing the important detail of selecting network type "MySQL (SSH tunnel)" on the Settings tab, which then gives you the needed SSH tunnel tab.

soneritics posted 2 years ago

Heidi certainly supports connecting through an SSH tunnel.

In the Settings tab choose MySQL (SSH tunnel) In that same tab, the settings for the MySQL client go. Your IP address will therefor probably be The username and password will be known by you.

You also have a new tab, SSH Tunnel. Add your connection information here. SSH port is 22. Your username is the one you connect to your server using SSH. Use the private key file field to point to your private key file.

I am using the private key file that I use for Pageant, the .ppk file.

michou posted 2 years ago

Is there any chance the SSH tunnel support could be improved to also allow connections that require 2FA/MFA? My current setup involves connecting via a bastion on which authentication is done via a private key *and* an OTP code generated via Google Authenticator.

In the latest version (, I can set up the tunnel, but when plink gets prompted for they keyboard-interactive OTP code, HeidiSQL only shows a message box with now way to enter the actual code (see attachment).

My current workaround consists in manually creating the SSH tunnel with plink and then connecting HeidiSQL via the mapped local port – but it's ugly ????

1 attachment(s):
  • Screenshot-2017-08-01-19.41.47
gtsiou posted 1 year ago

I know this thread is old-ish but if someone is still looking for an answer on this, using the passphrase in the password field of the ssh tab, will work fine. It is unintuitive since password != passphrase but it is what it is. No ugly port-tunneling through putty needed;)

michou posted 1 year ago

Yes, but sometimes, there would be *two* interactive prompts, as the server asks for a second passphrase before the 2FA step. So, really, what is needed here is true support for interactive SSH prompts.

Not many tools support this (I couldn't find any that does on Windows), but there's at least SequelPro (albeit on macOS) that does it, so it can be done :)

Thanks for a great tool, m

ryan posted 3 weeks ago

Many years later, still no good solution? Is the popularity of mfa too slow? Even the best database GUI tool in the universe (workbench, heidisql) doesn't support MFA, I can't buy a MAC for that, can I?

michou posted 3 weeks ago

@ryan, the workaround is to manually create the tunnel via plink / ssh and then use the local connection in HeidiSQL pointed at the local end of your tunnel.

ryan posted 3 weeks ago

@michou I'm new at plink, can you tell me how to create tunnel via plink? very thank you !

michou posted 3 weeks ago

This blog post describes in detail how to do that:

ryan posted 3 weeks ago

@michou Thank you! you are so nice.

ansgar posted 3 weeks ago

If someone would describe these interactive prompts in detail, in a regular issue on Github, I am open to extend HeidiSQL's current logic for Plink.

Please login to leave a reply, or register at first.