Dear oh dear !!!
I would like to share my experience while trying to connect through ssh tunneling to my mysql servers.
First of all download both plink.exe and putty.exe since developed by the same guy the share resources.
When setting up a new connection first login with putty saving in the profile your connection info. Accept the new certificate login to your account and check if your mysql username and password works by typing mysql -u username -p
the you will be prompted for password.
Use a profile name other than the host of the ssh server,
we will use it in Heidi to define the ssh server.
An other thing to keep in mind is that you are connecting local to the mysql server while in ssh tunneling so the account must have local access.
Please note that 127.0.0.1 opens tcp/ip connection to the server while localhost tries to trigger a named pipe or a socket connection so give the appropriate access to your mysql account.
If the mysql server is local to your machine you should connect through localhost socket if available.
If it is not local, you can bounce out by giving the remote host/ip but the connection from the ssh tunnel to the remote mysql wont be secured.
After using putty to save the connection to its profile (no credentials are saved there only host and port) lets make the rest setup to Heidi.
On the session manager choose Network type: SSH tunneling,
Host/ip should be localhost if mysql is local to the ssh server.
Username and password of the mysql account tring to connect . 3306 leave it as is.
Click SSH Tunnel tab, give the path to the plink.exe ( I recommend putting the putty to the same dir )
SSH host should have the profile name you saved in the putty profile and port 0 ( info will be loaded from putty )
Username and password of the ssh account you are connecting to. Use your ppk key if you have one.
Localport should be set to a port that you local pc wont have an port already open or Heidi will try to connect there :P
So set it to 33001 or something like that (for every link that you are using a ssh tunnel use a deferent local port).
Remember that since you are opening the connection to the remote server the listening port local to your pc wont have any problems with firewall (the standard setup is that they block ports that have not an established connection , meaning that a remote client starts the connection).
And we are ready to connect :)