modernjess
commented
2 months ago Never one to leave well enough alone, I continued digging for answers. I might have found one here:
This suggests that there is a problem using SHA1 with RSA keys and Amazon Linux 2023, as SHA1 is disabled by default.
Sure enough, I generated a new ED25519 key, put the public portion into a failing AL2023 EC2 instance, and then tried a new SQLPro connection using the ED25519 key. Sure enough, it tunnels to the DB successfully.
So I think I can say with some confidence that SSH tunneling to an AL2023 instance with SQLPro will not work when using RSA keys. Further, SQLPro SSH connections differ in this regard from plain Terminal SSH connections, for reasons that I'll leave you to investigate further.
Fortunately, there's an easy workaround: Use ED25519 key pairs instead of RSA key pairs.
I hope someone who has been banging their head against their keyboard (as I have been all day) will find this someday.
hankinsoft
Describe the bug I seem to be unable to connect to an RDS database (MariaDB, if it matters) via SSH tunneling through an Amazon Linux 2023 EC2 Instance. Interestingly, I can connect to the same database via an older Amazon Linux 2 EC2 instance in the same (public) VPC, security group, and subnet within AWS.
I can successfully connect to either EC2 instance via SSH (in Terminal) without issue.
I can also connect to the database with SQLPro via the manual SSH tunnel method:
ssh -i .ssh/key.pem -L 3307:blah.blah.us-west-1.rds.amazonaws.com:3306 ec2-user@12.34.56.78 -N(And then opening a database connection to localhost:3307)Also, both EC2 instances are running a PHP application that connects to the database in question, and both function normally in that regard. So I am fairly certain that the database is reachable via both EC2 instances, and that this isn't an issue with security groups, VPCs, etc.
To Reproduce Steps to reproduce the behavior:
Go to 'Connect…'
Click on 'New -> MySQL'
Configure database host (blah.blah.us-west-1.rds.amazonaws.com), login and password for the database
Click Advanced -> SSH Tunneling
Configure EC2 instance as Server host (in my case, I'm using the bare EC2 public IP address)
Configure login (ec2-user)
Configure key file (key.pem)
Uncheck "Store in iCloud"
Click Accept
Hit Save
Attempt to connect to the database by clicking on the new connection
Observed error message:
Failed to authenticate via private key. Authentication failed or partial success. (4)Expected behavior A successfully opened connection to the database.
Screenshots
Environment details (please complete the following information):
Additional context This seems to be the relevant part of the log, but let me know if you want more. I'm leery of posting the whole thing because I'm using production keys at the moment.
I'm quite willing to believe that I've neglected some critical detail, but for the life of me I can't figure out why the older AL2 EC2 instance works and the newer AL2023 EC2 instance does not. Also, in trying to find a possible solution, I've done some digging through the other issues here in this project, and found this one as a fairly interesting parallel. Unfortunately, it looks like it was closed without a solution.
That said, I'm moderately experienced with linux, ssh, and AWS infrastructure, and I am quite willing to be a useful guinea pig to help figure out where the issue lies. I suspect some subtle configuration difference with the SSH host is the likely candidate, but I don't know.
I'm also definitely not demanding an answer here, or a refund. SQLPro is an indispensable part of my workflow and this is (probably) not a dealbreaker issue for me. But having this feature work (as it has been, quite reliably, on previous EC2 instances) would certainly make my life easier.
And finally, it would be very helpful to know where SQLPro stores the equivalent of known_hosts, as I'd like to reset it so I can try a fresh connection. I've hunted around and come up empty -- it's definitely not storing it in the traditional ~/.ssh/ folder on my Mac.