You are not logged in.
I was about to open a package bug, but thought it better to inquire on the Arch forums first.
Description:
After upgrading mysql-workbench to 8.0.12-3 on my Archlinux workstation, I can no longer connect to remote databases on three separate NixOS servers via SSH.
The log file for mysql-workbench reports that a key-exchange algorithm (kex algo) failure occurred because workbench only offered diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1. These two kex algos were considered weak and disabled by OpenSSH in its 7.0 release (IIRC), and the NixOS servers are using openssh 7.6p1.
I found that workbench replaced paramiko with libssh 0.7.5 for the 8.0 release. Then, I inquired in #libssh on freenode if libssh 0.7.5 supports other kex algos. I was told that curve25519-sha256 should be the default, and also switch to libssh 0.8.1. This thread [1] also indicates that libssh should already support other kex algos, but a related post [2] on the Arch forums suggests that libssh is having the same problem with another application.
[1]: https://www.linuxquestions.org/question … 175533193/
[2]: https://bbs.archlinux.org/viewtopic.php?id=235150
So I'm not sure whether this is a mysql-workbench bug, a configuration error on my system with respect to libssh's choice of kex algos, or if libssh was compiled without support for curve25519-sha256.
I have no issue using ssh on my Arch workstation to connect to any of my three NixOS servers. It's only when I make the attempt via mysql-workbench that the ssh connection fails.
Packages:
- mysql-workbench 8.0.12-3
- libssh 0.7.5-2
wb.log
12:32:30 [INF][ WBContext UI]: Initializing workbench context UI with these values:
base dir: /usr/share/mysql-workbench
plugin path: /usr/lib/mysql-workbench/plugins
struct path: /usr/share/mysql-workbench/grt
module path: /usr/lib/mysql-workbench/modules
library path: /usr/share/mysql-workbench/libraries
user data dir: /home/user/.mysql/workbench
open at start:
open type:
run at startup:
run type:
Force SW rendering: No
Force OpenGL: No
quit when done: No
12:32:30 [INF][ WBContext]: WbContext::init
12:32:31 [INF][ WBA]: Looking for extension modules for WBA...
12:32:31 [INF][ WBA]: 0 extension modules found
12:32:31 [WRN][ grt]: /usr/share/mysql-workbench/modules/data/mysql_rdbms_info.xml:1401: link 'om.mysql.rdbms.mysql.driver.native_sshtun' <object > key=owner could not be resolved
12:32:31 [WRN][ grt]: /home/user/.mysql/workbench/connections.xml:32: link 'f6ba075c-a16e-11e8-8762-eaf92c626679' <object GrtObject> key=owner could not be resolved
12:32:31 [INF][ WBContext]: System info:
MySQL Workbench Community (GPL) for Linux/Unix version 8.0.12 CE build 13312926 (64 bit)
Configuration Directory: /home/user/.mysql/workbench
Data Directory: /usr/share/mysql-workbench
Cairo Version: 1.15.12
OS: x86_64
CPU: 8x Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz (2226.824MHz) - 23.53GiB RAM
No video adapter info available
Distribution: Arch Linux
Fips mode enabled: no
12:32:36 [INF][SSHTunnelManager]: Wakeup socket port created: 41321
12:32:36 [INF][ SSH tunnel]: Starting tunnel
12:32:36 [INF][ SSH tunnel]: Existing SSH tunnel not found, opening new one
12:32:36 [INF][ SSH tunnel]: Opening SSH tunnel to redacted.org:22
12:32:36 [INF][ SSHCommon]: libssh: ssh_connect ssh_connect: libssh 0.7.5 (c) 2003-2014 Aris Adamantiadis, Andreas Schneider, and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_stdthread
12:32:36 [INF][ SSHCommon]: libssh: ssh_socket_connect ssh_socket_connect: Nonblocking connection socket: 22
12:32:36 [INF][ SSHCommon]: libssh: ssh_connect ssh_connect: Socket connecting, now waiting for the callbacks to work
12:32:36 [ERR][ SSHSession]: Unable to connect: redacted.org:22
Error was: kex error : no match for method kex algos: server [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256], client [diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
12:32:36 [ERR][ SSH tunnel]: Unable to open SSH tunnel: kex error : no match for method kex algos: server [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256], client [diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]Steps to reproduce:
Run mysql-workbench.
Create a new MySQL connection.
Change connection method to "Standard TCP/IP over SSH".
Point SSH Hostname at VM/Server configured with OpenSSH 7.6 with default KexAlgos setting (i.e. diffie-hellman-*-sha1 disabled)
Click "Test Connection"
Observe that connection failed with error: "Cannot open SSH Tunnel: kex error...".
Last edited by boxofrox (2018-08-28 17:33:52)
Offline
Hmm.. this appears to be fixed by installing mysql-workbench-8.0.12-4 and libssh 0.8.1-2. Not sure why my previous pacman -Syu left libssh 0.7.5-2 installed, but maybe my timing was just that perfect.
Anyway, just upgraded again today with pacman -Syu and found libssh 0.8.1-2 installed, and mysq-workbench no longer reports a key exchange error when using SSH tunnels.
Offline