Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SSH tunnel not connect from DBeaver to latest linux distros.

See original GitHub issue

System information:

  • Linux, macOS
  • DBeaver *

Connection specification:

  • SSH tunnel

Describe the problem you’re observing:

SSH tunnel not connect from DBeaver to latest linux distros.

Steps to reproduce, if exist:

Install latest version of any linux distro (ubuntu22,fedora36,redhat8) and update it Try to setup ssh tunnel from dbeaver connection with rsa key

Include any warning/errors/backtraces from the logs

2022-08-31 21:36:47.642 - pageant connect exception
com.jcraft.jsch.agentproxy.AgentProxyException: java.lang.NoClassDefFoundError: Could not initialize class com.jcraft.jsch.agentproxy.connector.PageantConnector$User32
        at com.jcraft.jsch.agentproxy.connector.PageantConnector.<init>(PageantConnector.java:68)
        at org.jkiss.dbeaver.model.net.ssh.SSHImplementationAbstract.initTunnel(SSHImplementationAbstract.java:110)
        at org.jkiss.dbeaver.model.net.ssh.SSHTunnelImpl.initializeHandler(SSHTunnelImpl.java:75)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$7.execute(SSHTunnelConfiguratorUI.java:257)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$TunnelConnectionTestJob.run(SSHTunnelConfiguratorUI.java:603)
        at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
2022-08-31 21:36:47.643 - SSH: Connected with ssh-agent
2022-08-31 21:36:47.643 - Creating identity repository
2022-08-31 21:36:47.643 - Configure tunnel
2022-08-31 21:36:47.706 - Connect to tunnel host
2022-08-31 21:36:47.707 - SSH INFO: Connecting to -.-.-.- port 22
2022-08-31 21:36:47.740 - SSH INFO: Connection established
2022-08-31 21:36:47.782 - SSH INFO: Remote version string: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
2022-08-31 21:36:47.782 - SSH INFO: Local version string: SSH-2.0-JSCH-0.1.54
2022-08-31 21:36:47.782 - SSH INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
2022-08-31 21:36:47.783 - SSH INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
2022-08-31 21:36:47.792 - SSH INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
2022-08-31 21:36:47.792 - SSH INFO: SSH_MSG_KEXINIT sent
2022-08-31 21:36:47.811 - SSH INFO: SSH_MSG_KEXINIT received
2022-08-31 21:36:47.811 - SSH INFO: kex: server: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
2022-08-31 21:36:47.811 - SSH INFO: kex: server: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
2022-08-31 21:36:47.811 - SSH INFO: kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
2022-08-31 21:36:47.811 - SSH INFO: kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
2022-08-31 21:36:47.811 - SSH INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
2022-08-31 21:36:47.811 - SSH INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
2022-08-31 21:36:47.811 - SSH INFO: kex: server: none,zlib@openssh.com
2022-08-31 21:36:47.812 - SSH INFO: kex: server: none,zlib@openssh.com
2022-08-31 21:36:47.812 - SSH INFO: kex: server: 
2022-08-31 21:36:47.812 - SSH INFO: kex: server: 
2022-08-31 21:36:47.812 - SSH INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
2022-08-31 21:36:47.812 - SSH INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
2022-08-31 21:36:47.812 - SSH INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
2022-08-31 21:36:47.812 - SSH INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
2022-08-31 21:36:47.812 - SSH INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-08-31 21:36:47.812 - SSH INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-08-31 21:36:47.812 - SSH INFO: kex: client: none
2022-08-31 21:36:47.812 - SSH INFO: kex: client: none
2022-08-31 21:36:47.812 - SSH INFO: kex: client: 
2022-08-31 21:36:47.812 - SSH INFO: kex: client: 
2022-08-31 21:36:47.812 - SSH INFO: kex: server->client aes128-ctr hmac-sha1 none
2022-08-31 21:36:47.812 - SSH INFO: kex: client->server aes128-ctr hmac-sha1 none
2022-08-31 21:36:47.813 - SSH INFO: SSH_MSG_KEX_ECDH_INIT sent
2022-08-31 21:36:47.813 - SSH INFO: expecting SSH_MSG_KEX_ECDH_REPLY
2022-08-31 21:36:47.847 - SSH INFO: Host '-.-.-.-' is known and matches the ECDSA host key
2022-08-31 21:36:47.847 - SSH INFO: SSH_MSG_NEWKEYS sent
2022-08-31 21:36:47.847 - SSH INFO: SSH_MSG_NEWKEYS received
2022-08-31 21:36:47.847 - SSH INFO: SSH_MSG_SERVICE_REQUEST sent
2022-08-31 21:36:47.879 - SSH INFO: SSH_MSG_SERVICE_ACCEPT received
2022-08-31 21:36:47.916 - SSH INFO: Authentications that can continue: publickey,keyboard-interactive,password
2022-08-31 21:36:47.916 - SSH INFO: Next authentication method: publickey
2022-08-31 21:36:47.953 - SSH INFO: Disconnecting from -.-.-.- port 22
2022-08-31 21:36:48.055 - Auth fail
com.jcraft.jsch.JSchException: Auth fail
        at com.jcraft.jsch.Session.connect(Session.java:519)
        at com.jcraft.jsch.Session.connect(Session.java:183)
        at org.jkiss.dbeaver.model.net.ssh.SSHImplementationJsch.setupTunnel(SSHImplementationJsch.java:116)
        at org.jkiss.dbeaver.model.net.ssh.SSHImplementationAbstract.initTunnel(SSHImplementationAbstract.java:133)
        at org.jkiss.dbeaver.model.net.ssh.SSHTunnelImpl.initializeHandler(SSHTunnelImpl.java:75)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$7.execute(SSHTunnelConfiguratorUI.java:257)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$TunnelConnectionTestJob.run(SSHTunnelConfiguratorUI.java:603)
        at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)

2022-08-31 21:23:04.152 - pageant connect exception
com.jcraft.jsch.agentproxy.AgentProxyException: java.lang.NoClassDefFoundError: Could not initialize class com.jcraft.jsch.agentproxy.connector.PageantConnector$User32
        at com.jcraft.jsch.agentproxy.connector.PageantConnector.<init>(PageantConnector.java:68)
        at org.jkiss.dbeaver.model.net.ssh.SSHImplementationAbstract.initTunnel(SSHImplementationAbstract.java:110)
        at org.jkiss.dbeaver.model.net.ssh.SSHTunnelImpl.initializeHandler(SSHTunnelImpl.java:75)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$7.execute(SSHTunnelConfiguratorUI.java:257)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$TunnelConnectionTestJob.run(SSHTunnelConfiguratorUI.java:603)
        at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
2022-08-31 21:23:04.152 - SSH: Connected with ssh-agent
2022-08-31 21:23:04.152 - Creating new SecureRandom.
2022-08-31 21:23:04.153 - No such algorithm: IDEA/CBC/NoPadding
2022-08-31 21:23:04.154 - No such algorithm: IDEA/CTR/NoPadding
2022-08-31 21:23:04.156 - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
2022-08-31 21:23:04.242 - Client identity string: SSH-2.0-SSHJ_0.33.0
2022-08-31 21:23:04.293 - Server identity string: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
2022-08-31 21:23:04.569 - Exhausted available authentication methods
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
        at net.schmizz.sshj.SSHClient.auth(SSHClient.java:230)
        at org.jkiss.dbeaver.model.net.ssh.SSHImplementationSshj.setupTunnel(SSHImplementationSshj.java:110)
        at org.jkiss.dbeaver.model.net.ssh.SSHImplementationAbstract.initTunnel(SSHImplementationAbstract.java:133)
        at org.jkiss.dbeaver.model.net.ssh.SSHTunnelImpl.initializeHandler(SSHTunnelImpl.java:75)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$7.execute(SSHTunnelConfiguratorUI.java:257)
        at org.jkiss.dbeaver.ui.net.ssh.SSHTunnelConfiguratorUI$TunnelConnectionTestJob.run(SSHTunnelConfiguratorUI.java:603)
        at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
2022-08-31 21:25:04.331 - Dying because - Broken transport; encountered EOF
2022-08-31 21:25:04.331 - Disconnected - UNKNOWN

Issue Analytics

  • State:open
  • Created a year ago
  • Comments:8 (5 by maintainers)

github_iconTop GitHub Comments

2reactions
mayerrocommented, Sep 2, 2022

Possible workaround is decreasing ssh security on remote host: add 2 lines to sshd config and restart it

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
1reaction
ged-yukocommented, Oct 3, 2022

Seems it has nothing to do with DBeaver itself but with ssh configuration. Though ssh-related libraries may require upgrade, as i remember issues about missing support of the recent key types walkarounded by switching the ssh-related library explicitly.

See OpenSSH 8.2 release notes:

Security
========
 * ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
   (RSA/SHA1) algorithm from those accepted for certificate signatures
   (i.e. the client and server CASignatureAlgorithms option) and will
   use the rsa-sha2-512 signature algorithm by default when the
   ssh-keygen(1) CA signs new certificates.

...
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing configurations:
  * ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted CASignatureAlgorithms list.
...

One doesn’t even always need to change keys of the affected authorities, just upgrade client and server software for both sides to use another signing alorithm. See also OpenSSH 8.7 release notes:

...

Imminent deprecation notice
===========================

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.

Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs that is still
enabled by default.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.
...
Read more comments on GitHub >

github_iconTop Results From Across the Web

problem with SSH tunneling - DBeaver Forum • View topic
Hi! If you work thru SSH tunnel then set server host (on main connection configuration page) to "localhost". Real database host should be...
Read more >
How to Connect to Remote Database in pgAdmin4 and DBeaver
Enable SSH by checking the Use SSH Tunnel option. Enter the Tunnel host, Tunnel port, SSH connection username, and select the Authentication ...
Read more >
Why SSH login works in shell but fails in all third parties via ...
I selected my private key from /home/myuser/.ssh/id_dsa. Example in Redis Desktop Manager: rdm. Example in Dbeaver: enter image description here.
Read more >
CloudBeaver user guide
You can set base connection parameters, driver settings, SSH tunnel, and access in the connection form. A connection template will be created if...
Read more >
Connect to remote db with ssh tunneling in DBeaver
Open dbeaver · Click on "New Database Connection", in the following "main" window enter the MySQL server host relative to the SSH server,...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Snowflake procedure creation fails in DBeaver, not in Snowflake

Next page

Can't run IBM iSeries (AS400) Stored Procedure calls in DBeaver 22.1.0 but can run them in 6.2.0