MySQL Workbench 与 Debian Jessie - SSH 上的 TCP/IP 不起作用

Question

我曾经使用“TCP/IP over SSH”将 Windows 7 Pro x64 连接到托管在 Debian Wheezy 上的 MySQL 服务器和 MySQL Workbench 客户端，但它在 Debian Jessie 上的新服务器上不起作用，为什么？

---

MySQL 工作台配置：

Connection Name: TEST
Connection Method: Standard TCP/IP over SSH

SSH Hostname: x.x.x.x:22
SSH Username: root
SSH Password: myRootPa$$word
SSH Key File: <NOT-USING-KEYFILE>

MySQL Hostname: 127.0.0.1
MySQL Server Port: 3306
Username: root
Password: myMySQLPa$$word

我已经仔细检查了 IP 地址/主机名、用户名和密码...

---

Debian Wheezy 服务器配置：

root@debian:~# cat /etc/debian_version

7.8

mysql> 选择版本();

+------------------+
| version()        |
+------------------+
| 5.5.40-0+wheezy1 |
+------------------+
1 row in set (0.00 sec)

root@debian:~# cat /etc/ssh/sshd_config

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

Debian Jessie 服务器配置：

root@debian:~# cat /etc/debian_version

8.0

mysql> 选择版本();

+-----------------+
| version()       |
+-----------------+
| 5.5.43-0+deb8u1 |
+-----------------+
1 row in set (0.00 sec)

root@debian:~# cat /etc/ssh/sshd_config

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

所以男人的区别是ServerKeyBits两个 sshd_config 文件之间的...

---

当我尝试连接到Debian Jessie服务器时，MySQL Workbench 6.3.3 给我的错误：

Could not connect the SSH Tunnel
Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details

日志文件：

10:00:04 [INF][     SSH tunnel]: Starting tunnel
10:00:04 [INF][     SSH tunnel]: Existing SSH tunnel not found, opening new one
10:00:07 [INF][     SSH tunnel]: Opening SSH tunnel to 10.232.50.15:22
10:00:07 [WRN][sshtunnel.py:_connect_ssh:287]: IOError, probably caused by file C:\Users\myUser\AppData\Roaming\MySQL\Workbench\ssh\known_hosts not found, the message was: [Errno 2] No such file or directory: u'C:\\Users\\myUser\\AppData\\Roaming\\MySQL\\Workbench\\ssh\\known_hosts'
10:00:07 [ERR][sshtunnel.py:notify_exception_error:233]: Traceback (most recent call last):
  File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE\sshtunnel.py", line 297, in _connect_ssh
    look_for_keys=has_key, allow_agent=has_key)
  File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE/python/site-packages\paramiko\client.py", line 301, in connect
    t.start_client()
  File "C:\Program Files\MySQL\MySQL Workbench 6.3 CE/python/site-packages\paramiko\transport.py", line 461, in start_client
    raise e
SSHException: Incompatible ssh peer (no acceptable kex algorithm)

10:00:07 [INF][     SSH tunnel]: TunnelManager.wait_connection authentication error: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details
10:00:07 [ERR][     SSH tunnel]: Authentication error opening SSH tunnel: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details

---

更多信息：

文件夹“ssh”不存在于：

C:\Users\myUser\AppData\Roaming\MySQL\Workbench

两台服务器上的防火墙规则：

root@debian:~# iptables -vnL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

我可以在两台服务器上使用 SSH (KiTTY) 连接...

---

我尝试了两种不同版本的 MySQL Workbench：

Version 6.3.3.0 build 592 (64 bits)
Version 6.0.9.11421 build 1170 (32 bits)

这两个版本适用于 Debian Wheezy，但不适用于 Debian Jessie。 我错过了什么？

Answer 1

根据https://bugs.mysql.com/bug.php?id=74658，当使用 Openssh 6.7 时，问题会出现在 MySql 工作台附带的 python 库中。在将“KexAlgorithms”添加到 sshd 配置工作时，您可以更新 MySql Workbench 附带的 python 库。如果您无法控制 sshd 配置，这可能会很方便...

如果您在错误报告中向下滚动，则会有下载和复制 paramiko 和 ecdsa 库的说明。

Answer 2

我找到了解决办法。

我将此行添加到我的/etc/ssh/sshd_config文件中：

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

并重新启动 ssh： systemctl restart ssh

正如这篇文章所建议的：https : //stackoverflow.com/questions/26577494/aptana-sftp-key-exchange