Connecting via SSH Tunnel

[expired user #10896]'s profile image [expired user #10896] posted 7 years ago in General Permalink

I have to connect via an SSH tunnel to my server. I believe this is very common practice. Yet, HeidiSQL doesn't appear to support this. Can this please be added?

I saw in the "connecting" help section (lolwut, I'm not allowed to post a direct link) a tab SSH Tunnel in the session manager. I don't have that tab, but I do have the latest version (9.4.0.5125) of the program. So I'm guessing the help might be a little bit ahead of its time perhaps?

One thing I've tried is to just enter my private key file in "SSL private key" on the Advanced tab, but when I do that, all I get is Can't connect to MySQL server on [my server ip], but no actual usable error message.

[expired user #10900]'s profile image [expired user #10900] posted 7 years ago Permalink

The help page is missing the important detail of selecting network type "MySQL (SSH tunnel)" on the Settings tab, which then gives you the needed SSH tunnel tab.

[expired user #10903]'s profile image [expired user #10903] posted 7 years ago Permalink

Heidi certainly supports connecting through an SSH tunnel.

In the Settings tab choose MySQL (SSH tunnel) In that same tab, the settings for the MySQL client go. Your IP address will therefor probably be 127.0.0.1. The username and password will be known by you.

You also have a new tab, SSH Tunnel. Add your connection information here. SSH port is 22. Your username is the one you connect to your server using SSH. Use the private key file field to point to your private key file.

I am using the private key file that I use for Pageant, the .ppk file.

[expired user #10908]'s profile image [expired user #10908] posted 7 years ago Permalink

Is there any chance the SSH tunnel support could be improved to also allow connections that require 2FA/MFA? My current setup involves connecting via a bastion on which authentication is done via a private key *and* an OTP code generated via Google Authenticator.

In the latest version (9.4.0.5174), I can set up the tunnel, but when plink gets prompted for they keyboard-interactive OTP code, HeidiSQL only shows a message box with now way to enter the actual code (see attachment).

My current workaround consists in manually creating the SSH tunnel with plink and then connecting HeidiSQL via the mapped local port – but it's ugly ????

1 attachment(s):
  • Screenshot-2017-08-01-19.41.47
[expired user #11358]'s profile image [expired user #11358] posted 7 years ago Permalink

I know this thread is old-ish but if someone is still looking for an answer on this, using the passphrase in the password field of the ssh tab, will work fine. It is unintuitive since password != passphrase but it is what it is. No ugly port-tunneling through putty needed;)

[expired user #10908]'s profile image [expired user #10908] posted 7 years ago Permalink

Yes, but sometimes, there would be *two* interactive prompts, as the server asks for a second passphrase before the 2FA step. So, really, what is needed here is true support for interactive SSH prompts.

Not many tools support this (I couldn't find any that does on Windows), but there's at least SequelPro (albeit on macOS) that does it, so it can be done :)

Thanks for a great tool, m

[expired user #12452]'s profile image [expired user #12452] posted 6 years ago Permalink

Many years later, still no good solution? Is the popularity of mfa too slow? Even the best database GUI tool in the universe (workbench, heidisql) doesn't support MFA, I can't buy a MAC for that, can I?

[expired user #10908]'s profile image [expired user #10908] posted 6 years ago Permalink

@ryan, the workaround is to manually create the tunnel via plink / ssh and then use the local connection in HeidiSQL pointed at the local end of your tunnel.

[expired user #12452]'s profile image [expired user #12452] posted 6 years ago Permalink

@michou I'm new at plink, can you tell me how to create tunnel via plink? very thank you !

[expired user #10908]'s profile image [expired user #10908] posted 6 years ago Permalink

This blog post describes in detail how to do that: https://www.skyverge.com/blog/how-to-set-up-an-ssh-tunnel-with-putty/

[expired user #12452]'s profile image [expired user #12452] posted 6 years ago Permalink

@michou Thank you! you are so nice.

ansgar's profile image ansgar posted 6 years ago Permalink

If someone would describe these interactive prompts in detail, in a regular issue on Github, I am open to extend HeidiSQL's current logic for Plink.

Escondido's profile image Escondido posted 6 years ago Permalink

I spent a ridiculous amount of time trying to figure this out before I succeeded. Now it works perfectly. I hope it helps. Steps are as follows.

-Log into remote database and access mysql database

mysql -u root -p

-Add a remote user

create user 'remoteusernamehere'@'%' identified by 'insertpasswordhere'; (% means user can access from ANY IP address, replace with your static IP address if you want)

-Grant all privileges for new user

grant all on . to 'username'@'%';

-Exit out of mysql and server

-Open HeidiSQL and create NEW Session

select MariaDB or MySQL (SSH tunnel)

hostname/ip= 127.0.0.1

user= remoteusernamehere

password= insertpasswordhere

Port= 3306

-Select SSH Tunnel Tab (make sure you have already downloaded plink)

plink.exe location= self explanatory

SSH host + port= your remote server ip address and port (usually 22)

username= remote server username

password= remote server password

plink.exe timeout= 4

private key file = I left it blank

local port: 22

-Save and click Open

ezeelogin's profile image ezeelogin posted 3 years ago Permalink

I was also facing some issue yesterday for SSH Tunnel but through this forums space got resolved the issue must say the people are here very helpful and supportive to support each other on SSH Tunnel and other things.. also read an similar article on other website as well to thank you

Please login to leave a reply, or register at first.