我使用 Windows 7 Pro x64 通过 MySQL Workbench 客户端使用“TCP/IP over SSH”连接到托管在 Debian Wheezy 上的 MySQL 服务器,但它在 Debian Jessie 上的新服务器上不起作用,为什么?
MySQL Workbench 配置:
Connection Name: TEST
Connection Method: Standard TCP/IP over SSH
SSH Hostname: x.x.x.x:22
SSH Username: root
SSH Password: myRootPa$$word
SSH Key File: <NOT-USING-KEYFILE>
MySQL Hostname: 127.0.0.1
MySQL Server Port: 3306
Username: root
Password: myMySQLPa$$word
我已经仔细检查了 IP 地址/主机名、用户名和密码......
Debian Wheezy 服务器配置:
root@debian:~# cat /etc/debian_version
7.8
mysql> 选择版本();
+------------------+
| version() |
+------------------+
| 5.5.40-0+wheezy1 |
+------------------+
1 row in set (0.00 sec)
root@debian:~# cat /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Debian Jessie 服务器配置:
root@debian:~# cat /etc/debian_version
8.0
mysql> 选择版本();
+-----------------+
| version() |
+-----------------+
| 5.5.43-0+deb8u1 |
+-----------------+
1 row in set (0.00 sec)
root@debian:~# cat /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
因此,两者之间的区别在于ServerKeyBitssshd_config 文件......
当我尝试连接到Debian 杰西服务器:
Could not connect the SSH Tunnel
Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
日志文件:
10:00:04 [INF][ SSH tunnel]: Starting tunnel
10:00:04 [INF][ SSH tunnel]: Existing SSH tunnel not found, opening new one
10:00:07 [INF][ SSH tunnel]: Opening SSH tunnel to 10.232.50.15:22
10:00:07 [WRN][sshtunnel.py:_connect_ssh:287]: IOError, probably caused by file C:\Users\myUser\AppData\Roaming\MySQL\Workbench\ssh\known_hosts not found, the message was: [Errno 2] No such file or directory: u'C:\\Users\\myUser\\AppData\\Roaming\\MySQL\\Workbench\\ssh\\known_hosts'
10:00:07 [ERR][sshtunnel.py:notify_exception_error:233]: Traceback (most recent call last):
File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE\sshtunnel.py", line 297, in _connect_ssh
look_for_keys=has_key, allow_agent=has_key)
File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE/python/site-packages\paramiko\client.py", line 301, in connect
t.start_client()
File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE/python/site-packages\paramiko\transport.py", line 461, in start_client
raise e
SSHException: Incompatible ssh peer (no acceptable kex algorithm)
10:00:07 [INF][ SSH tunnel]: TunnelManager.wait_connection authentication error: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
10:00:07 [ERR][ SSH tunnel]: Authentication error opening SSH tunnel: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
更多信息:
文件夹“ssh”不存在:
C:\Users\myUser\AppData\Roaming\MySQL\Workbench
两台服务器上的防火墙规则:
root@debian:~# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
我可以使用 SSH(KiTTY)连接两台服务器......
我尝试了两个不同版本的 MySQL Workbench:
Version 6.3.3.0 build 592 (64 bits)
Version 6.0.9.11421 build 1170 (32 bits)
这两个版本适用于 Debian Wheezy,但不适用于 Debian Jessie。 我错过了什么?
答案1
根据https://bugs.mysql.com/bug.php?id=74658当使用 OpenSSH 6.7 时,MySql Workbench 附带的 Python 库会出现此问题。虽然将“KexAlgorithms”添加到 sshd 配置有效,但您可以更新 MySql Workbench 附带的 Python 库。如果您无法控制 sshd 配置,这可能会很方便...
如果您在错误报告中向下滚动,您会看到下载和复制 paramiko 和 ecdsa 库的说明。
答案2
我找到了解决方案。
我将这一行添加到我的/etc/ssh/sshd_config文件中:
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
并重新启动 ssh:
systemctl restart ssh
正如这篇文章所建议的: https://stackoverflow.com/questions/26577494/aptana-sftp-key-exchange
答案3
由于 bigmandan 的回答中有很多内容需要浏览,所以我认为将其发布在这里可能更有意义,以便于查找。
对于 Windows,这是修复方法。 [2015 年 6 月 3 日 15:27] Mike Hadrup 还在 Windows 10 64 位上对 MySQL Workbench 6.3.3.0 (592) msi 和 noinstall 进行了测试,并在 Debian 8 Jessie 上使用 OpenSSH 6.7 进行了测试
- 下载 zip 文件https://github.com/paramiko/paramiko并解压缩
- 将 paramiko 从 paramiko-master 复制到 python/site-packages/ (替换现有的 paramiko)
- 从以下网址下载 ecdsa-0.13.tar.gzhttps://pypi.python.org/pypi/ecdsa#downloads并解压缩
- 将 ecdsa 从 ecdsa-0.13 复制到 python/site-packages/
您可以使用 7ziphttp://www.7-zip.org/用于 ecdsa-0.13.tar.gz gizpped tar 档案。
注意:Windows 10 上需要 Visual Studio 2013 的 Visual C++ 可再发行组件包,其来源如下:https://www.microsoft.com/en-us/download/details.aspx?id=40784
在 OS X 上,将 paramiko 和 ecdsa 库复制到:/Applications/MySQLWorkbench.app/Contents/Resources/libraries
答案4
在 Linux 中(完全避开了这个问题),我发现手动创建自己的 mysql-workbench ssh 隧道更简单/更干净:
ssh root@主机-L 3307:本地主机:3306
这将创建一个从本地端口 3307 到远程本地端口 3306 的 ssh 隧道。因此,您只需配置 mysql-workbench 即可连接到 localhost:3307。