M BUZZ CRAZE NEWS
// news

mysql workbench failed to connect to server over ssh tunnel after server upgrade to ubuntu 16.04

By Mia Morrison

I had an active connection in MySQL Workbench to my Ubuntu 14.04 over ssh tunnel for last two years without any problem. But after Ubuntu upgrade to new 16.04 I keep receive following error:

13:41:56 [INF][ SSH tunnel]: Starting tunnel
13:41:56 [INF][ SSH tunnel]: Existing SSH tunnel not found, opening new one
13:42:03 [INF][ SSH tunnel]: Opening SSH tunnel to xxx.xxx.xxx.xxx:22
13:42:03 [INF][ SSH tunnel]: TunnelManager.wait_connection authentication error: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
13:42:03 [ERR][ SSH tunnel]: Authentication error opening SSH tunnel: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details

Notes which may be useful:

  1. I am able to connect over ssh tunnel by HeidiSQL.
  2. I fail to establish connection by Navicat and keep gettingSSH:expected key exchange group packet from server.

I read a lot to fix this issue some of suggestion are here:

  • generate new ssh key on server,
  • add KexAlgorithms to end of sshd_config,
  • upgrade paramiko package of workbench Python.

I appreciate for any help you will provide.

3 Answers

After checking problem and trying to reproduce issues on other computers and those connected successfully. I found out some how the problem is caused by caching ssh known host.

I remove the folder under the user\application data\roaming\mysql\workbench\ssh\ but still problem remains.

For final try I uninstall MySql Workbench and delete setting folder mentioned before and install recently downloaded version of MySql workbench. Fortunately everything working fine.

1

I solved this issue by downgrading python-crypto package in ubuntu 16.04. Rollback version 2.6.1-6ubuntu0.16.04.2 to 2.6.1-6build1 using below command.

sudo apt-get install python-crypto=2.6.1-6build1

ref :

Found the answer here:

Please use DEBUG3 level. Then you will see the list of key exchange algorithms configured on your server as well as the list supported by your client.

Then add the following line to your /etc/ssh/sshd_config:

KexAlgorithms <here comma-separated list of Kex Algorithms configured on your server>,<here one of the Kex Algorithms supported by your client>

For example, the OpenSSH 6.7 has the following algorithms active by default: ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1.

If you client supports only diffie-hellman-group1-sha1, then your /etc/ssh/sshd_config should contain

KexAlgorithms ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

That's OK - OpenSSH v.6.7 does support diffie-hellman-group1-sha1 too, however it is off by default. You should allow sshd to use this key exchange algorithm by putting the KexAlgorithms line to your sshd config.

Credits to Nikolay

Add-on: Restart your ssh service after

#/etc/init.d/ssh restart

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in news

'Zurdo' pounds out decision vs. Smith in cruiserweight eliminator

Review: Feud: Capote vs. The Swans, “Hats, Gloves and Effete Homosexuals”