I have installed mysql on a VM in gcp using this: https://cloud.google.com/architecture/setup-mysql
(I manually installed it on a VM)
But I am not able to connect to it using DBeaver. I am using the external IP provided in the dashboard and I have allowed 3306 but even then I am not able to connect to it. I keep getting connection refused: 4003 error
connection refused: 4003 error
This means the instance isn't listening on the port you're trying to connect to or the firewall is closed. In order to fix this error, we need to ensure that the listening process on the VM runs and listens on the correct port. Then, we verify if the Google Cloud firewall is configured correctly and open
You should look for default-allow-ssh to see if your firewall's rules allow SSH connections. If the firewall and IAP do not resolve your issue.
Check whether you have access. When you add a user and grant privileges to them (or with existing users) you need to specify the host or network range from which that user is allowed to connect. Follow the steps in this stack question and check whether you can connect now.
for more information follow How To Allow Remote Connections To MySQL. Attaching SSH troubleshooting doc.
Related
So I followed this tutorial to install and configure a MySQL server on an AWS instance that was originally running on EC2.
When I tried to login back to the server via ssh, I would get a port 22: Connection timed out error.
So I tried to do the same on Lightsail and ended up getting the same error when I try to login back.
Is this a known issue? Am I doing anything wrong? Is there a way to fix this?
Thanks.
mentioned tutorial says: enable firewall to allow mysql remote access.
sudo ufw enable
sudo ufw allow mysql
which is allowing only mysql and stopping every incoming request it can be either ssh or http or anything else which you have defied in security group of ec2 instance.
In my case i have allowed following inbound rule but nothing was working even ssh also says connection refused
To get this working either disable firewall or allow required port in firewall. Off course, still you need to login into ec2 instance to get this done.
There are 3 ways to connect with ec2 instance
SSH is not working so I choose Session Manager (Browser based ssh). I follow this video and was able to connect with instance through session manager.
After login i just disable the firewall and every thing works fine.
sudo ufw disable
All the inbound rules working properly. Hope it will work for you.
I’ve a question regarding Compute VM and its associated privileges. I have ‘Owner’ privileges at Project level. I created a VM but was not able to assign an external IP address to it. Upon referring to google cloud docs, it appears that I’ll still be able to connect to this VM using VPN or IAP. Upon clicking the SSH link next to the VM, I see that it uses a Cloud-IAP tunnel but the connection fails.
Here is the error message
External IP address was not found; defaulting to using IAP tunneling.
ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4003: u'failed to connect to backend'].
ssh_exchange_identification: Connection closed by remote host
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
How do I go about connecting to this VM?
Appreciate your help with this
https://hodari.be/posts/2019_09_30_access_private_gke_nodes_with_ssh/
https://cloud.google.com/iap/docs/using-tcp-forwarding
Firewall rules that are configured to allow access from Cloud IAP's TCP forwarding netblock, 35.235.240.0/20, on all ports of your machine. This ensures that connections are allowed from Cloud IAP's TCP forwarding IP addresses to the TCP port of the admin service on your resource. Note that you might not need to adjust your firewall rules if the default-allow-ssh and default-allow-rdp default rules are applied to ports used for SSH and RDP.
As probably you already have default-allow-ssh instead of trying:
gcloud compute start-iap-tunnel stage-es-kibana 5601 --local-host-port=localhost:5601
jump to port via extra ssh layer:
gcloud compute ssh stage-es-kibana -- -N -L 5601:localhost:5601
or open Google Firewall between host/port stage-es-kibana:5601 and subnet 35.235.240.0/20.
This is a permissions issue.
You are trying to ssh into your vm thru google's IAP proxy.
You don't have permissions to create the tunnel from your computer to the proxy server.
You need have the role "roles/iap.tunnelResourceAccessor" to ssh to your vm:
It seems that the GCP CE requires to initialize SSH and other services after its RUNNING status.
I used a workaround by adding a sleep (60 sec) command, after starting the VM and before SSH using the IAP tunnel.
In my case I solved or worked around it by omitting the --tunnel-through-iap parameter that is passed to gcloud compute ssh.
try open Google Firewall subnet 35.235.240.0/20
I need to connect to remote mysql on different server and my nodejs code is deployed on google cloud. I have tried with host ip, username password of remote mysql, but giving following error:-
{"errorno":"ETIMEDOUT","code":"ETIMEDOUT","syscall":"connect","fatal":true}
ETIMEDOUT is a Node.js networking error. You will need to tinker with you firewall rules to allow the connection.
Probably opening port 3306 will solve the issue. Here's the documentation for setting up a remote access to MySQL [1] and the networking side [2]
I'm trying to connect my local MySQL to a test 2nd generation MySQL instance on Google SQL platform using the following command on my windows laptop.
mysql --host=130.211.xx.xx --port=3306 --user=root --password
I double checked my IP address with whatismyIPaddress.
I can connect via Google Cloud Shell on the Google Platform itself and also ping the IP address from the local cmd prompt.
As a troubleshooting step I have disabled the local firewalls on my laptop and granted full access to 0.0.0.0/0 to allow all connections on the google platform console.
still no joy from either a cmd line connection on windows or using a putty client, can anyone give me any further pointers on the missing step?
Cheers..
If you are behind a NAT your IP might change which prevents you from accessing the Cloud SQL instance. I would recommend setting up access using SSL certificate. More information about the setup can be found in this Help Center article.
You may need to allow remote connections to your remote database in the server and database configuration. These kinds of connections are typically disabled by default.
I've setup a google compute VM, and can access phpmyadmin and the default index page. SSH works when I click the button on the website.
I am having issues remotly connecting to my server instance for any sort of management(ftp or sql)
I followed the firewall section here: https://cloud.google.com/solutions/mysql-remote-access
But I still can't connect.
My firewall is configured:
And I have no idea how to get HTTPS working, But it can be a problem to take care of in the future when I fully switch my site over the compute engine. Since I can't switch my domain or current SSL certificates over yet.
EDIT:
More information:
When I try to connect to SQL using client "Sequel Pro" it returns:
With telnet:
When I try connect to SFTP I get:
Could this be caused by me mistyping the password?
Your firewall settings show that you allowed external traffic to both ports 21 and 3306 for TCP protocol. This is good but not enough.
In order to allow remote connections to MySQL, you will need to grant remote access to your username and your external IP address. Take a look at this case for an example. This is also mentioned in step 6 and step 7 of Configure MySQL server on my-server section of the article you specified:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'TESTUSER'#'<external-ip-my-client>' IDENTIFIED BY '<some-password>';
About the ftp server, the VM instance comes with no ftp service installed, but instead you can use SFTP protocol to connect to it which is more secure than FTP protocol and is highly recommended. Use gcloud compute config-ssh to generate SFTP/SSH key pair. For more information visit Setting up secure FTP on Google Compute Engine artcile.