dbeaver: Auth fail with SSH Key and SSH Tunnel

When trying to use an SSH Tunnel, I get the following error: Auth fail

  • DBeaver version: 21.3.0
  • MacOS 12.0.1
  • DBeaver SSHJ 1.0.91

My SSH key looks like this:

-----BEGIN OPENSSH PRIVATE KEY-----

[...]

-----END OPENSSH PRIVATE KEY-----

I can ssh into the server using the same SSH Key.

Error log:

!ENTRY org.jkiss.dbeaver.model 4 0 2021-12-01 16:39:31.264
!MESSAGE Cannot establish tunnel to 54.253.44.80:22
!SUBENTRY 1 org.jkiss.dbeaver.model 4 0 2021-12-01 16:39:31.264
!MESSAGE Cannot establish tunnel to 54.253.44.80:22
!SUBENTRY 2 org.jkiss.dbeaver.model 4 0 2021-12-01 16:39:31.264
!MESSAGE Auth fail
!STACK 0
com.jcraft.jsch.JSchException: Auth fail
	at com.jcraft.jsch.Session.connect(Session.java:519)
	at com.jcraft.jsch.Session.connect(Session.java:183)
	at org.jkiss.dbeaver.model.net.ssh.SSHImplementationJsch.setupTunnel(SSHImplementationJsch.java:111)
	at org.jkiss.dbeaver.model.net.ssh.SSHImplementationAbstract.initTunnel(SSHImplementationAbstract.java:134)
	at org.jkiss.dbeaver.model.net.ssh.SSHTunnelImpl.initializeHandler(SSHTunnelImpl.java:75)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:886)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)

Thanks in advance.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 54 (16 by maintainers)

Most upvoted comments

@lpossamai What implementation are you using? From the error log it looks like you didn’t change it from Jsch

dbeaver_OtkV4XETwa

+10
Matvey16 on Dec 7, 2021

If you’re using Ubuntu and installed DBeaver via snap, then snap doesn’t have access to ~/.ssh/ where private key is stored. So one workaround would be to copy .ssh for specific app, so to ~/snap/dbeaver-ce/current

At least this solved my issue which was not obvious. I’d suggest DBeaver team to add first a private key file access check and have a better error message

+5
tot-ra on Jan 18, 2023

Recently two client machines (Ubuntu 22.04 and Mac OS) are able to SSH but unable to use dbeaver Jsch to connect to an Ubuntu 22.04 server.

The Ubuntu 22.04 client is able to use SSHJ in dbeaver and connect. The Mac OS client fails for both SSHJ and Jsch.

I found a bit more which seems to back up what @devvick reported:

It’s indeed quite likely that the server requires rsa-sha2. JSch does not support it. And as JSch seems not to be updated anymore, it quite likely never will.

There’s a fork of JSch that does though: https://github.com/mwiede/jsch https://stackoverflow.com/questions/73135640/jschexception-auth-fail-on-ubuntu-22-04

I would love to help resolve the issue, but am unsure what might constitute help here.

+3
ddxv on Aug 10, 2022

If anyone comes here trying to use ec2 instances as tunnels, please make sure that you are using the Amazon Linux 2 AMI and not the newer Amazon 2023 AMI (which is now selected by default). The latter does not work, haven’t had the change to figure out why tho.

I am on version 22.2.4 of dbeaver on M1. Latest versions may change this. Also, mongodb compass also stops working with AMI 2023 (Version 1.36.1)

+2
MDanialSaleem on Mar 24, 2023

Colleague of mine had the same issue. Even with the same credentials and Pem keys, it failed with exhausted all authentication methods for client dbeaver Only difference was that I am on a intel Mac and he’s on a M1 Mac.

The issue was resolved when he downloaded the M1/Silicon version of Dbeaver and used JSch method. Screen Shot 2022-09-22 at 9 30 26 AM

+2
jagannathsrs on Sep 22, 2022

Thank you for the update, @lpossamai !

+1
E1izabeth on May 22, 2023

Update:

I’m no longer using MacOS therefore, cannot test this anymore. I’m currently using Fedora 38 and it works both with the OPENSSH and RSA private keys.

Dbeaver version: Version 23.0.4.202305071722

Since I am not facing this issue anymore and can no longer replicate it, I’m closing this. Cheers!

+1
lpossamai on May 22, 2023

Workaround which helped me: create ECDSA key and add it to authorised_keys on Ubuntu 22.04 server.

ssh-keygen -t ecdsa

Found here: https://www.nme.one/blog/ubuntu-22-04-mariadb-dbeaver-and-auth-fail-error/

+1
xplicit on Jan 13, 2023

Hi @devvick, thanks for the insight! We will dig in that direction

+1
n5a5 on Jul 5, 2022

Hi, I’ve just hit this problem and I managed to capture an error from the server that I wanted to connect to:

sshd[25203]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
sshd[25203]: error: Received disconnect from ***.***.***.*** port 55402:3: com.jcraft.jsch.JSchException: Auth fail [preauth]

Looks like both DBeaver ssh implementations (JSch and SSHJ) present a deprecated signature algorithm to the server when connecting. More info about that can be found here: https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation-notice-22feb1b52acd https://security.stackexchange.com/questions/226131/openssh-declares-ssh-rsa-deprecated-what-do-i-do-next

+1
devvick on Jul 3, 2022

I think this is because some encryption protocol needed in your particular SSH setup is disabled in Java 17. We need to repack our macOS AArch64 package.

+1
n5a5 on Dec 9, 2021

Do you have the correct username in your connection settings by any chance? This threw me off.

Also double check your authentication method is “Public Key” and the private key field points to the correct location.

+1
tgross35 on Dec 2, 2021
Read more comments on GitHub
← dbeaver: Access Denied: Cannot Read /usr/bin When Installed as Snap
dbeaver: Bug: dbeaver connect hbase using phoenix,click the table Data button,throw the error. →