MySQL Workbench, Windows XP and SSH public key auth.

July 19, 2011 – 6:46 pm by Maksym Yehorov

It happens that sometimes you need to access a remote box which supports ssh key authentication. Recently I was trying to reproduce a bug related to SSH public key authentication, so here I would like to share some of my experience.

There will be no explanation of the public key authentication itself here, rather the actual setup and steps to have a public key auth for Windows(client) -> Linux(server) working. Why Windows you would ask? Because interactions for Linux->Linux and for Mac OS X -> Linux simply work using the Unix way, while for Windows you may need some extra actions to do.

 

Setup

What I had at endpoints:

    Linux – Ubuntu 11.04, sshd is set up to deny password auth.
    Windows – well, it is an XP SP3 i386 box. MySQL Workbench 5.2.34+ is installed

First of all I created an encrypted pair of RSA keys, using Linux box’s ssh-keygen. After that the public key was added to ~/.ssh/authorized_keys and the private one was moved to the Windows box.

Naturally my first attempt was to simply specify path to the private key file in the server settings, just as I would do in Linux or OS X.

 

Remote management section

 

That did not work, just as the bug report had said. Moving key to $HOME/.ssh/id_rsa did not help. Could that be that paramiko can not handle openssh keys on Windows, or openssh’s encryption method?

 

Error message on connect via SSH public keys

 

Bazaar has similar issues on Windows, the solution they suggest is to either put keys into .ssh dir, or use pageant tool from PuTTY.  I tried .ssh, that did not work. So the latter way turned into conversion of the openssh private key into PuTTY ppk format. The conversion is done using PuTTYgen, then the key is loaded in the pageant. More details are given in the mentioned bazaar guide Bzr and SSH.

And this worked! Let me sum up the steps:

    1. Generate keys, using either openssh on Linux, OSX, Cygwin, or using PuTTYgen;
    2. Specify private ssh key in the appropriate section of the Workbench’s “Server Instance Editor”;
    3. Add key to pageant tool.
    4. At this moment passwords to unlock keys have to be entered both in MySQL Workbench and the pageant.
    5. Use it…
Maksym Yehorov

  1. 3 Responses to “MySQL Workbench, Windows XP and SSH public key auth.”

  2. Hi Maksym,

    The private key should not be moved around, and should not be on the same server as where it is used for security reasons. It is better to generate the key with PuTTYgen and add the public key into ~/.ssh/authorized_keys file on the remote server. Do not forget to add a strong password for the private key. If you use the ssh agent, you need to type that password only once.

    By Mircea Vutcovici on Aug 15, 2011

  3. gracias

    By nelson on Aug 20, 2011

  4. Thanks! This worked, you are a lifesaver.

    By Mike on Mar 23, 2012

Post a Comment


2 × three =