MySQL Blog Archive
For the latest blogs go to
MySQL Workbench, Windows XP and SSH public key auth.

It happens that sometimes you need to access a remote box which supports ssh key authentication. Recently I was trying to reproduce a bug related to SSH public key authentication, so here I would like to share some of my experience.

There will be no explanation of the public key authentication itself here, rather the actual setup and steps to have a public key auth for Windows(client) -> Linux(server) working. Why Windows you would ask? Because interactions for Linux->Linux and for Mac OS X -> Linux simply work using the Unix way, while for Windows you may need some extra actions to do.



What I had at endpoints:

    Linux – Ubuntu 11.04, sshd is set up to deny password auth.
    Windows – well, it is an XP SP3 i386 box. MySQL Workbench 5.2.34+ is installed

First of all I created an encrypted pair of RSA keys, using Linux box’s ssh-keygen. After that the public key was added to ~/.ssh/authorized_keys and the private one was moved to the Windows box.

Naturally my first attempt was to simply specify path to the private key file in the server settings, just as I would do in Linux or OS X.


Remote management section


That did not work, just as the bug report had said. Moving key to $HOME/.ssh/id_rsa did not help. Could that be that paramiko can not handle openssh keys on Windows, or openssh’s encryption method?


Error message on connect via SSH public keys


Bazaar has similar issues on Windows, the solution they suggest is to either put keys into .ssh dir, or use pageant tool from PuTTY.  I tried .ssh, that did not work. So the latter way turned into conversion of the openssh private key into PuTTY ppk format. The conversion is done using PuTTYgen, then the key is loaded in the pageant. More details are given in the mentioned bazaar guide Bzr and SSH.

And this worked! Let me sum up the steps:

    1. Generate keys, using either openssh on Linux, OSX, Cygwin, or using PuTTYgen;
    2. Specify private ssh key in the appropriate section of the Workbench’s “Server Instance Editor”;
    3. Add key to pageant tool.
    4. At this moment passwords to unlock keys have to be entered both in MySQL Workbench and the pageant.
    5. Use it…