Pageant Key Conflict With Ssh Tunnel

[tomp_gl]

Hi,

I just started using SQLyog enterprise, and it is conflicting with Pageant, my SSH key caching application which holds my different SSH keys and their passphrases and automatically supplies them to WinSCP and Putty when they connect. When I use SSH tunnelling with key or password authentication in SQLyog I get the “Too many authentication failures…” message because presumably pageant is serving up mismatched keys from its cache to the remote ssh daemon before SQLyog supplies the key I specified in the connection settings.

There are 2 work arounds I know of – I can close Pageant and loose my key cache (very annoying), or I can increase the number of retry attempts in the sshd config file to the number of keys I have (which will keep growing over time).

Is there any other alternatives to this?

Thanks

[Supratik]

Hi,

Can you please confirm once again whether the SSH key of the host you wanted to connect is added in Pageant.

The error “Too many authentication failures…” is reproducible when we set the value of MaxAuthTries in sshd_config to a lower value(1 or 2) and the SSH key used to connect to host is not present in the Pageant list.

One alternative to this problem can be, add the SSH key which you have specified in SQLyog connection settings to Pageant list.

Please let me know if you have any questions.

Regards

Supratik

[tomp_gl]

When the problem occurred, I had 5 keys in Pageant, including the key SQLyog uses. MaxAuthTries is set to 3.

I tried again just now but I could not reproduce the problem.

Thanks

[tomp_gl]

Well the problem is occurring again now. I have 6 keys in Pageant, including the key SQLyog uses. MaxAuthTries is set to 3.

Thanks

[Supratik]

If you are using Pageant and if you have a large number of keys loaded into it, SSH server will

count each offering of the key as an authentication attempt. I think increasing the “MaxAuthTries”

value is a good solution to this problem.

Regards

Supratik

[tomp_gl]

What if I have 50 keys in Pageant? I don't want to increase MaxAuthTries to 50…

http://winscp.net/eng/docs/message_too_man…cation_failures

Thanks

[tomp_gl]

Can you look at integrating pageant support into the next SQLyog version? It is quite an essential tool for unix administrators…

[Supratik]

SQLyog uses Plink for SSH connections and if Pageant is running it will use Pageant to authenticate. I think

if this error is appearing for a SQLyog connection it may also appear for the other applications that uses keys

from Pageant key list.

Can you please provide me with few details..

1) In your present setup did you get the same error for WinSCP and Putty anytime ?

2) Does all your SSH connections uses Pageant to authenticate ?

3) Are you specifying the key that's required for the authentication in the session configuration in WinSCP or Putty for any connection?

Quote:

Can you look at integrating pageant support into the next SQLyog version? It is quite an essential tool for unix administrators…

We will discuss on this feature, to have an option in SQLyog whether to obtain keys from Pageant or not.

Regards

Supratik

[tomp_gl]

To answer your questions:

1) In your present setup did you get the same error for WinSCP and Putty anytime ?

No

2) Does all your SSH connections uses Pageant to authenticate ?

Yes

3) Are you specifying the key that's required for the authentication in the session configuration in WinSCP or Putty for any connection?

Yes

Thanks

[nithin]

Hello

We will add an option for pageant , so that user can specify the source of keys.

I have added this to our issue tracker.

http://code.google.com/p/sqlyog/issues/detail?id=1116

We will update the status once we discussed.

Thanks

[tomp_gl]

Thanks!

[Author]

Posts