ssh and putty OK ssh and sqlyog NONO

[callidus]

Hi

I have installed mysql and ssh on a linux server several times and every time I have faild to connect with Sqlyog Ent latest version with ssh tunneling and have to use the SqlyogTunnel.php file (works like a charm)

I can connect with putty every time with no problem

I have to do something odd.

Is there anyone that can give me a hint on what way to start my problemsearch

[Ritesh]

What is the error message you are getting?

[callidus]

Ritesh wrote on Jul 20 2005, 10:35 AM:

What is the error message you are getting?

The message is (you can se a screendump in the file attachment)

“Could not etablish SSH connection

Make sure that the SSH server is running and you are entering correct values for SSH port forwarding”

At the same time I'm able to connect and login with Putty 0.58 from the same remote computer.

The sshd_config say

“AllowTcpForwarding yes”

[Ritesh]

I dont see any attachment 😮

Can you give me more details about your SSH setup? What details you are providing in Tunneling tab for SSH?

It seems that the information given by you is not correct. I will be glad to help you with the setup.

[peterlaursen]

You are sure that this is not a firewall issue ??

I also do believe that if you use a local port that has been occupied by another program (such as Putty) SQLyog will not detect this, as it would if it was a SQLyog instance that had occupied the port. You can try any local port that has not been used by another program.

[callidus]

Ritesh wrote on Jul 20 2005, 02:05 PM:

I dont see any attachment  😮

Can you give me more details about your SSH setup? What details you are providing in Tunneling tab for SSH?

It seems that the information given by you is not correct. I will be glad to help you with the setup.

I tried to attache a file with screendump or show them on this replay but it will not work 😮

Following is from the sshd_config file in the my own server with the sshserver and mysql databas

Quote:

# Package generated configuration file

# What ports, IPs and protocols we listen for

Port 22

# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 1,2

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 768

# Logging

SyslogFacility AUTH

LogLevel INFO

# Authentication:

LoginGraceTime 600

PermitRootLogin yes

StrictModes yes

RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Change to yes to enable tunnelled clear text passwords

PasswordAuthentication no

# To change Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#AFSTokenPassing no

#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver

#KerberosTgtPassing yes

X11Forwarding no

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

KeepAlive yes

#UseLogin no

#MaxStartups 10:30:60

#Banner /etc/issue.net

Subsystem sftp /usr/lib/sftp-server

UsePAM yes

IgnoreUserKnownHosts no

GatewayPorts no

AllowTcpForwarding yes

[peterlaursen]

BTW:

what is the username that you are entering in SQLyog's tunnel-tab ?

It should be an user registered with the SSH-server and not a MySQL user.

(my apologies if that is trivial to you!)

I can get the same err msg if try to connect with a user that is not registered with SSH!

[callidus]

peterlaursen wrote on Jul 20 2005, 03:45 PM:

BTW:

what is the username that you are entering in SQLyog's tunnel-tab ?

It should be an user registered with the SSH-server and not a MySQL user.

(my apologies if that is trivial to you!)

I can get the same err msg if try to connect with a user that is not registered with SSH!

ssh_db is the user. I have created this user just to to access ssh on the server. That user is not a Mysql user. This user can log in from Putty but will not do that from Sqlyog Ent with the message:

“Could not etablish SSH connection

I wonder if that mean that the Tunnel is the malfunction, for me, not the user itself.

I have not any firewall on the remote client or on the server as I use them inside my private network and have a firewall to the outside.

As I understand from the book “Implementing SSH” (Himanshu Dwivedi) and my practice, all user on a server with Openssh have access to ssh if not special denied.

[peterlaursen]

Quote:

all user on a server with Openssh have access to ssh if not special denied.

i believe there are more implementations! I only have experience with SSH on windows using the one distributed with the MSI-installer from http://www.openssh.org.

The docs read:

Configuration

---

1. Open a command prompt and change to the installation directory (Program FilesOpenSSH is the default).

2. CD into the bin directory.

3. Use mkgroup to create a group permissions file. For local groups, use the “-l” switch. For domain groups, use the “-d” switch.

For both domain and local, it is best to run the command twice (remember to use >>, not >). If you use both, make sure to edit the file to remove any duplicate entires.

mkgroup -l >> ..etcgroup (local groups)

mkgroup -d >> ..etcgroup (domain groups)

4. Use mkpasswd to add authorized users into the passwd file. For local users, use the “-l” switch. For domain users, use the “-d” switch.

For both domain and local, it is best to run the command twice (remember to use >>, not >). If you use both, make sure to edit the file to remove any duplicate entires.

mkpasswd -l [-u ] >> ..etcpasswd (local users)

mkpasswd -d [-u ] >> ..etcpasswd (domain users)

NOTE: To add users from a domain that is not the primary domain of the machine, add the domain name after the user name.

NOTE: Ommitting the username switch adds ALL users from the machine or domain, including service accounts and the Guest account.

[Author]

Posts