From 4f91c173b5b6406a5addae7387a34449ec5fc8b6 Mon Sep 17 00:00:00 2001 From: Dave Page Date: Tue, 9 Jun 2026 11:59:02 +0100 Subject: [PATCH] Disable SSH agent when tunnel identity file/password is given. #9814 SSHTunnelForwarder was called without allow_agent, which defaults to True in sshtunnel/paramiko, so the SSH agent was always probed even when the user supplied an identity file or password - causing repeated agent authentication attempts/denials. Pass allow_agent=False on both the identity-file and password code paths. Co-Authored-By: Claude Opus 4.8 (1M context) --- docs/en_US/release_notes_9_16.rst | 2 ++ web/pgadmin/utils/driver/psycopg3/server_manager.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/en_US/release_notes_9_16.rst b/docs/en_US/release_notes_9_16.rst index a7ec92e1bee..41c9020989a 100644 --- a/docs/en_US/release_notes_9_16.rst +++ b/docs/en_US/release_notes_9_16.rst @@ -25,3 +25,5 @@ Housekeeping Bug fixes ********* + + | `Issue #9814 `_ - Disable SSH agent probing for SSH tunnels when an identity file or password is provided, preventing repeated authentication prompts/denials from the agent. diff --git a/web/pgadmin/utils/driver/psycopg3/server_manager.py b/web/pgadmin/utils/driver/psycopg3/server_manager.py index 76cee8b8446..acf14592fd8 100644 --- a/web/pgadmin/utils/driver/psycopg3/server_manager.py +++ b/web/pgadmin/utils/driver/psycopg3/server_manager.py @@ -593,6 +593,7 @@ def create_ssh_tunnel(self, tunnel_password): ssh_username=self.tunnel_username, ssh_pkey=get_complete_file_path(self.tunnel_identity_file), ssh_private_key_password=tunnel_password, + allow_agent=False, remote_bind_address=(self.host, self.port), logger=ssh_logger, set_keepalive=int(self.tunnel_keep_alive) @@ -602,6 +603,7 @@ def create_ssh_tunnel(self, tunnel_password): (self.tunnel_host, int(self.tunnel_port)), ssh_username=self.tunnel_username, ssh_password=tunnel_password, + allow_agent=False, remote_bind_address=(self.host, self.port), logger=ssh_logger, set_keepalive=int(self.tunnel_keep_alive)