How to use with a password-protected private key?

[Rillke]

How to use with a password-protected SSH key?

When my private key is password-protected, I receive the following:

user123@eteam:~/snap/mysql-workbench-community/9/.mysql/workbench$ tail -fn 1 log/wb.log 
12:03:46 [INF][      WBContext]: Connection to staging.somehost cancelled by user: Tunnel connection cancelled
12:06:35 [INF][     SSH tunnel]: Existing SSH tunnel not found, opening new one
12:06:35 [INF][     SSH tunnel]: Opening SSH tunnel to staging.somehost.uni-halle.de:22
12:06:35 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.9.5 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
12:06:35 [INF][      SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 15
12:06:35 [INF][      SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
12:06:35 [INF][      SSHCommon]: libssh: ssh_client_connection_callback ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
12:06:35 [INF][      SSHCommon]: libssh: ssh_analyze_banner ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
12:06:35 [INF][      SSHCommon]: libssh: ssh_analyze_banner ssh_analyze_banner: We are talking to an OpenSSH client version: 7.2 (70200)
12:06:35 [INF][      SSHCommon]: libssh: ssh_kex_select_methods ssh_kex_select_methods: Negotiated curve25519-sha256@libssh.org,ssh-ed25519,aes256-gcm@openssh.com,aes256-gcm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-256-etm@openssh.com,none,none,,
12:06:35 [INF][      SSHCommon]: libssh: ssh_init_rekey_state ssh_init_rekey_state: Set rekey after 4294967296 blocks
12:06:35 [INF][      SSHCommon]: libssh: ssh_init_rekey_state ssh_init_rekey_state: Set rekey after 4294967296 blocks
12:06:35 [INF][      SSHCommon]: libssh: ssh_packet_client_curve25519_reply ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent
12:06:35 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
12:06:35 [INF][      SSHCommon]: libssh: ssh_packet_newkeys ssh_packet_newkeys: Signature verified and valid
12:06:35 [INF][      SSHCommon]: libssh: ssh_packet_userauth_failure ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,password
12:06:35 [INF][     SSHSession]: Banner: 
12:06:35 [INF][      SSHCommon]: libssh: ssh_pki_import_privkey_base64 ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=true
12:06:35 [INF][      SSHCommon]: libssh: ssh_pki_openssh_import ssh_pki_openssh_import: Opening OpenSSH private key: ciphername: aes256-ctr, kdf: bcrypt, nkeys: 1
12:06:35 [ERR][     SSHSession]: User authentication failed.
12:06:35 [ERR][     SSH tunnel]: Authentication error opening SSH tunnel: Access denied for 'none'. Authentication that can continue: publickey,password

This used to work when gnome-keyring? unlocked the keys during login with a non-snapped version of Workbench. They are still unlocked during login; ssh <hostname> in a terminal just works without having to type the key passphrase.

When removing password-protection from the PK, Workbench connects successfully.

[tonybolzan]

Apparently this is a MySQL Workbench error and not a Snap packaging error. This repository is only for packaging, for the software you must open the issue with Oracle or MySQL.

Please perform these tests with MySQL Workbench on deb/rpm to check if it is related to Snap or not.

I use SSH Agent with Yubikey protected with a password PIN, and here work like a charm.

[Rillke]

I use SSH Agent with Yubikey protected with a password PIN, and here work like a charm.

Thanks, that's what I wanted to know. I assue you're using the snap 8.0.25 2021-09-09 (9) 130MB? IIRC, I can't install the latest debian/ubuntu 21 package provided by Oracle because it has unsatisfyable dependencies under Ubuntu 22.

[tonybolzan]

@Rillke Try latest (Edge) version 8.0.29

sudo snap install mysql-workbench-community --edge

[Rillke]

This is an issue related to my SSH setup. Same issue with the non-snap version. I haven't got a workaround, yet because I don't know enough about how Ubuntu manages ssh key passphrases. What I can tell is just that I don't have to type them after login through GUI. I just know that something called gnome-keyring-daemon and ssh-agent is running in the background and that I can view stored passwords in a tool called seahorse.

[GoodJob]

Same problem, version is 8.0.32.

User is provided, but the error is: Access denied for 'none'. Authentication that can continue: publickey,password

The id_rsa is provided. I made successful connections with DBeaver and Sequel Pro with same parameters.

Other connections which use SSH password in Workbench are working well