我過去常常使用「TCP/IP over SSH」透過 MySQL Workbench 用戶端將 Windows 7 Pro x64 連接到託管在 Debian Wheezy 上的 MySQL 伺服器,但它在 Debian Jessie 上的新伺服器上不起作用,為什麼?
MySQL 工作台設定:
Connection Name: TEST
Connection Method: Standard TCP/IP over SSH
SSH Hostname: x.x.x.x:22
SSH Username: root
SSH Password: myRootPa$$word
SSH Key File: <NOT-USING-KEYFILE>
MySQL Hostname: 127.0.0.1
MySQL Server Port: 3306
Username: root
Password: myMySQLPa$$word
我仔細檢查了 IP 位址/主機名稱、使用者名稱和密碼...
Debian Wheezy 伺服器設定:
root@debian:~# cat /etc/debian_version
7.8
mysql> 選擇版本();
+------------------+
| version() |
+------------------+
| 5.5.40-0+wheezy1 |
+------------------+
1 row in set (0.00 sec)
root@debian:~# cat /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Debian Jessie 伺服器設定:
root@debian:~# cat /etc/debian_version
8.0
mysql> 選擇版本();
+-----------------+
| version() |
+-----------------+
| 5.5.43-0+deb8u1 |
+-----------------+
1 row in set (0.00 sec)
root@debian:~# cat /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
所以男人的差別在於ServerKeyBits兩個 sshd_config 檔案之間...
當我嘗試連接到 MySQL Workbench 6.3.3 時,出現錯誤Debian 傑西伺服器:
Could not connect the SSH Tunnel
Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
日誌檔:
10:00:04 [INF][ SSH tunnel]: Starting tunnel
10:00:04 [INF][ SSH tunnel]: Existing SSH tunnel not found, opening new one
10:00:07 [INF][ SSH tunnel]: Opening SSH tunnel to 10.232.50.15:22
10:00:07 [WRN][sshtunnel.py:_connect_ssh:287]: IOError, probably caused by file C:\Users\myUser\AppData\Roaming\MySQL\Workbench\ssh\known_hosts not found, the message was: [Errno 2] No such file or directory: u'C:\\Users\\myUser\\AppData\\Roaming\\MySQL\\Workbench\\ssh\\known_hosts'
10:00:07 [ERR][sshtunnel.py:notify_exception_error:233]: Traceback (most recent call last):
File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE\sshtunnel.py", line 297, in _connect_ssh
look_for_keys=has_key, allow_agent=has_key)
File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE/python/site-packages\paramiko\client.py", line 301, in connect
t.start_client()
File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE/python/site-packages\paramiko\transport.py", line 461, in start_client
raise e
SSHException: Incompatible ssh peer (no acceptable kex algorithm)
10:00:07 [INF][ SSH tunnel]: TunnelManager.wait_connection authentication error: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
10:00:07 [ERR][ SSH tunnel]: Authentication error opening SSH tunnel: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
更多資訊:
資料夾“ssh”不存在於:
C:\Users\myUser\AppData\Roaming\MySQL\Workbench
兩台伺服器上的防火牆規則:
root@debian:~# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
我可以在兩台伺服器上使用 SSH (KiTTY) 連線...
我嘗試過兩個不同版本的 MySQL Workbench:
Version 6.3.3.0 build 592 (64 bits)
Version 6.0.9.11421 build 1170 (32 bits)
這兩個版本適用於 Debian Wheezy,但不適用於 Debian Jessie。 我缺什麼?
答案1
根據https://bugs.mysql.com/bug.php?id=74658當使用 MySql Workbench 隨附的 python 函式庫 openssh 6.7 時,就會出現此問題。在將「KexAlgorithms」新增至 sshd 配置時,您可以更新 MySql Workbench 隨附的 python 函式庫。如果您無法控制 sshd 配置,這可能會很方便...
如果您向下捲動錯誤報告,則會找到下載和複製 paramiko 和 ecdsa 庫的說明。
答案2
我已經找到了解決方案。
我將此行添加到我的/etc/ssh/sshd_config文件中:
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
並重新啟動 ssh:
systemctl restart ssh
正如這篇文章所建議的: https://stackoverflow.com/questions/26577494/aptana-sftp-key-exchange
答案3
由於 bigmandan 的答案有很多內容需要滾動,我認為將其發佈在這裡以便更容易找到可能是有意義的。
對於 Windows,這就是修復。 [2015 年 6 月 3 日 15:27] Mike Hadrup 也使用 MySQL Workbench 6.3.3.0 (592) msi 和 noinstall 在 Windows 10 64 位元上使用 OpenSSH 6.7 針對 Debian 8 Jessie 進行了測試
- 從以下位置下載 zip 文件https://github.com/paramiko/paramiko並解壓縮
- 將 paramiko 從 paramiko-master 複製到 python/site-packages/ (替換現有的 paramiko)
- 下載 ecdsa-0.13.tar.gz 從https://pypi.python.org/pypi/ecdsa#downloads並解壓縮
- 將 ecdsa 從 ecdsa-0.13 複製到 python/site-packages/
您可以使用 7zip 從http://www.7-zip.org/對於 ecdsa-0.13.tar.gz gizpped tar 檔案。
注意:Windows 10 上需要 Visual Studio 2013 的 Visual C++ Redistributable Packages:https://www.microsoft.com/en-us/download/details.aspx?id=40784
在 OS X 上,將 paramiko 和 ecdsa 庫複製到:/Applications/MySQLWorkbench.app/Contents/Resources/libraries
答案4
在linux中(並且完全迴避了這個問題),我發現手動創建我自己的ssh隧道供mysql-workbench使用更簡單/更乾淨:
ssh root@host -L 3307:localhost:3306
這將建立從本機連接埠 3307 到遠端本機連接埠 3306 的 ssh 隧道。所以你只要設定 mysql-workbench 連線到 localhost:3307。