Обсуждение: using ssh-agent

Hello.

Is it possible to use pgadmin in combination with ssh-agent?
I have configured ssh-agent and my Xorg session and it works well in 
command-line ( a ssh-add on a terminal allows any ssh connection on any 
other terminal ) but it seems pgadmin does not look at ssh-agent keys, 
which makes mandatory to type the passphrase to the system, and the 
password of the postgresql user I'm trying to connect. Since I use that 
ssh connection to connect to 2 DB servers, I have to type 4 passwords 
each time I'm trying to (re)connect, when I could only have two to type 
if I could configure pgadmin to support ssh-agent.

I am trying to make pgadmin using a ssh tunnel. I do not want to
install a xorg server on production servers just for pgadmin :) ( plus
the fact that I would have to run a pgadmin on every server with a db...
definitely a no-go. )

In more verbose:
I have pgadmin installed on my localhost Debian, i3 ( my window manager
) is started with "ssh-agent startx" in ~/.bash_profile, so that I am
able to use ssh-add to add my keys, and then to use ssh without it
asking me my passphrases constantly. This works fine.

I have added servers in pgadmin with uses the tab "SSH Tunnel", enabled
"Use SSH tunneling", filled "Tunnel host", "Username", selected
"identity file", and of course I have given Identity file. When I try to
connect, pgadmin asks me the postgresql password ( this is normal ), and
then my passphrase ( this is not normal, since I have added my
passphrase to ssh-agent through ssh-add ).

When I have given the identifiers pgadmin wants, things works ( only
had few crashes, but not easy to reproduce, and I do not have any
information about the reason, I do not always start pgadmin from
terminal... ). The only problem is, is it possible to make pgadmin using
ssh-agent stuff, like in commandline ssh usual commands?
Because I connect to exactly 2 distant servers, and I do not like to
enter my passphrases everytime there is a connection problem, a crash,
or whatever. It would be really nicer if I could only type the 2
postgresql passwords ( which is still annoying, but I do not know if it
can be helped. )

PS: no need to make me in CC, I have subscribed to the list.

Le 18.04.2014 13:07, Rick Dicaire a écrit :
> Berenger, are you wanting to tunnel the pgadmin connection to the db
> servers, or ssh X11 forward a remote pgadmin app to local desktop, or
> ...?
>
>  On Fri, Apr 18, 2014 at 4:33 AM,  wrote:
>
>> Hello.
>>
>> Is it possible to use pgadmin in combination with ssh-agent?
>> I have configured ssh-agent and my Xorg session and it works well
>> in command-line ( a ssh-add on a terminal allows any ssh connection
>> on any other terminal ) but it seems pgadmin does not look at
>> ssh-agent keys, which makes mandatory to type the passphrase to the
>> system, and the password of the postgresql user I'm trying to
>> connect. Since I use that ssh connection to connect to 2 DB
> servers,
>> I have to type 4 passwords each time I'm trying to (re)connect,
> when
>> I could only have two to type if I could configure pgadmin to
>> support ssh-agent.
>>
>> --
>> Sent via pgadmin-support mailing list
>> (pgadmin-support@postgresql.org [1])
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgadmin-support [2]

Sorry for long time before replying, I have lot of things to do those
days...

Your solutions sounds like an interesting one, I'll give it a try when
I will have some time. I'm still not an expert about ssh, so I did not
thought/known about port redirection.

Le 18.04.2014 16:38, Rick Dicaire a écrit :
> I haven't looked at pgadmin in quite some time, didn't know they
> added
> ssh functionality, but the following would work in any case:
>
> ssh -args -L5432:remote_host1:5432 user@remote_host1
>  ssh -args -L5433:remote_host2:5432 user@remote_host2
>
> configure pgadmin sessions to connect to localhost:5432, and
> localhost:5433, voila.
>
> Sorry if this doesn't give you what you want
>
> On Fri, Apr 18, 2014 at 9:53 AM,  wrote:
>
>> I am trying to make pgadmin using a ssh tunnel. I do not want to
>> install a xorg server on production servers just for pgadmin :) (
>> plus the fact that I would have to run a pgadmin on every server
>> with a db... definitely a no-go. )
>>
>> In more verbose:
>> I have pgadmin installed on my localhost Debian, i3 ( my window
>> manager ) is started with "ssh-agent startx" in ~/.bash_profile, so
>> that I am able to use ssh-add to add my keys, and then to use ssh
>> without it asking me my passphrases constantly. This works fine.
>>
>> I have added servers in pgadmin with uses the tab "SSH Tunnel",
>> enabled "Use SSH tunneling", filled "Tunnel host", "Username",
>> selected "identity file", and of course I have given Identity file.
>> When I try to connect, pgadmin asks me the postgresql password (
>> this is normal ), and then my passphrase ( this is not normal,
> since
>> I have added my passphrase to ssh-agent through ssh-add ).
>>
>> When I have given the identifiers pgadmin wants, things works (
>> only had few crashes, but not easy to reproduce, and I do not have
>> any information about the reason, I do not always start pgadmin
> from
>> terminal... ). The only problem is, is it possible to make pgadmin
>> using ssh-agent stuff, like in commandline ssh usual commands?
>> Because I connect to exactly 2 distant servers, and I do not like
>> to enter my passphrases everytime there is a connection problem, a
>> crash, or whatever. It would be really nicer if I could only type
>> the 2 postgresql passwords ( which is still annoying, but I do not
>> know if it can be helped. )
>>
>> PS: no need to make me in CC, I have subscribed to the list.
>>
>> Le 18.04.2014 13:07, Rick Dicaire a écrit :
>>
>>> Berenger, are you wanting to tunnel the pgadmin connection to the
>>> db
>>> servers, or ssh X11 forward a remote pgadmin app to local
>>> desktop, or
>>> ...?
>>>
>>>  On Fri, Apr 18, 2014 at 4:33 AM,  wrote:
>>>
>>>> Hello.
>>>>
>>>> Is it possible to use pgadmin in combination with ssh-agent?
>>>> I have configured ssh-agent and my Xorg session and it works
>>>> well
>>>> in command-line ( a ssh-add on a terminal allows any ssh
>>>> connection
>>>> on any other terminal ) but it seems pgadmin does not look at
>>>> ssh-agent keys, which makes mandatory to type the passphrase
>>>> to the
>>>> system, and the password of the postgresql user I'm trying to
>>>> connect. Since I use that ssh connection to connect to 2 DB
>>> servers,
>>>
>>>> I have to type 4 passwords each time I'm trying to (re)connect,
>>> when
>>
>> --
>> Sent via pgadmin-support mailing list
>> (pgadmin-support@postgresql.org [3])
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgadmin-support [4]