connect to Amazon RDS via MySQL Workbench

Question

I have created a mysql instance on Amazon RDS and it gave it me the following settings:

I am trying to connect to this mysql server thru the MySQL Workbench and it always says that SSH tunnel is not authenticated.

I have tried to connected to server via the command prompt AND it WORKS fine. Here is command that I use:

mysql -h ['Endpoint' from setting] --ssl_ca=C:\Users\Jason\Downloads\mysql-ssl-ca-cert.pem -P 3306 - u ['Username' from setting] -p

This prompts me for a password and it works fine!

NOW when I try it with MySQL Workbench, I get error and it says this in the log:

error: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
19:17:39 [ERR][     SSH tunnel]: Authentication error opening SSH tunnel: Authentication error, unhandled exception caught in tunnel manager, please refer to logs for details

Here is are Settings:

SSH HostName: ['Endpoint' from settings]
SSH Username: ['Username' from settings]
SSH Password: password
SSH Key File: C:\Users\Jason\Downloads\mysql-ssl-ca-cert.pem
MySQL HostName: ['Endpoint' from settings]
MySQL Server Port: 3306
Username: ['Username' from settings]
Password: password same as SSH password
Default Schema: ['DB Name' from settings]

One thing to note is that I have ran the following command on the Server when I was able to successfully connect to server via Workbench.

GRANT USAGE ON *.* TO 'username'@'%' REQUIRE SSL;

ALSO I have given my local IP address (CIDR/IP) access under the 'DB Security Group' on RDS.

Answer 1

Why do you try the SSH option in MySQL Workbench if the connection from the commandline clearly does not use SSH? Remove that from the connection settings.

Instead set up a normal TCP/IP connection, set the MySQL host to your endpoint. Switch to the SSL settings page and activate SSL + set your cert file location as you did on the commandline.

Additional informations:

SSH is for the communication of MySQL Workbench with the remote system (file access, server control etc., see also http://en.wikipedia.org/wiki/Secure_Shell). An SSH connection is not needed if you only want to do MySQL work (running queries). It requires on the end point a running SSH server to create the tunnel. You need to create an SSH connection if you want to manage the server (edit the config file, control the server process and such) or if the server is not directly reachable (e.g. is behind a firewall which doesn't allow communication to the MySQL port, for security reasons). For Windows there's an additional solution for local networks by using WMI.

SSL is an encryption for the communication between the MySQL client and server (http://en.wikipedia.org/wiki/Transport_Layer_Security). It's part of the protocol that MySQL uses for communication and works completely independant of MySQL Workbench or any SSH tunnel.