RDS connection access denied from Laravel application - mysql

I have tried many solutions found in stack overflow but still struggling with this problem.
The problem is that:
First I have whitelisted my IP to the security group, and public accessibility is Yes. Even I made all traffic access true in the security group.
Then I tried to connect RDS Mysql from my PC's terminal by following command mysql -h ************.rds.amazonaws.com --port=3306 -u username -p
Then I successfully connected to the mysql.
But when I try to connect the RDS MySQL database from laravel application from my same PC, it says "SQLSTATE[HY000] [1045] Access denied for user 'username'#'my-pc-ip' (using password: YES) (SQL: select count(*) as aggregate from students)"
I wondered why it is saying username#my-pc-ip instead of username#rds-mysql-host?
.env file
DB_HOST=*******.rds.amazonaws.com
DB_PORT=3306
DB_CONNECTION=mysql
DB_DATABASE=mydb
DB_USERNAME=username
DB_PASSWORD=mypassword
I have also configured the database.php in the config folder.
Any help, please??
I have also same problem from my hosting vps. I also whitelisted my vps's ip in security group and when i tries to connect the mysql from my vps server(not in aws) then it says same problem access denied username#vps-ip.
Any help would be highly appreciated.

This is not a network connection issue, as long as you get an access denied message then your application was able to reach the server
and since you were able to connect using MySQL CLI, try checking passwords for the user as it can be different by connecting client IP
MySQL has two different passwords?
MySQL uses $user/$host/$password comparison by default, so your current setup has two different user accounts in MySQL - root and whatever username you supply on the command line. Each of those has its own password.

Check your password
Enclose your password within quotes, single or double. For example:
DB_PASSWORD="your_strong_password"
If you password contains any of the quotes used to enclose your password, escape it with a backslash (\). For example:
DB_PASSWORD='your_password\'s_strength'
The answer by #AWS PS is correct, almost. However it does not answer the question #4 raised by asker.
I think the client ec2 IP address shown in the message acts like a client or proxy in order to not disclose the actual RDS server name. Any comment on this would be helpful.

Related

RDS Mysql ERROR 1045 (28000): Access denied for user #IP (using password: YES)

[This is not a duplicate question]
I have created a RDS MySQL instance with same Security Policy and under same VPC as my EC2 instance.
However when i am trying to access the Instance from EC2 machine i am getting error:
ERROR 1045 (28000): Access denied for user 'User'#'IP' (using password: YES)
Not sure if i am missing Anything.
In MYSQL setup we can resolve this error with added Privileges for User on the IP.Not sure how can we resolve this since i am unable to access the Instance itself.
Anyone faced this issue before?.
I have followed the Document: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.NonRDSRepl.html#MySQL.Procedural.Importing.Create.RDS.Database
mysql -h dandy-dbamazonaws.com[...] -u root -p
-h - put your endpoint
-u - username you set for your local mysql (root in my case). Don't confuse it with instance name
-p - after you hit 'enter' enter the password for your instance (the one you set up during instance creation)
hope it will work! that's how I resolved this issue
Maybe late but I had the same problem today.
Confirm the MasterUsername, with the AWS CLI running aws rds describe-db-instances or in the web console, showing the cluster details on the configuration tab.
Confirm the password, if you are using linux consoles (bash) some some characters may be problematic like # or !.
If you are using ssl connection you can't use --ssl-mode=DISABLED. You have to use --ssl-mode=VERIFY_CA (if you are connecting to endpoint) or --ssl-mode=VERIFY_IDENTITY (OR VERIFY_CA) if are connecting to server endpoint.
The goofy ones always get you: I experienced the same problem after changing the master password but let slip the important fact that by default changes don't take effect until the next maintenance window.
In my scenario I was connecting to an Aurora MYSQL serverless v2
Check you are connecting to the cluster writer instance endpoint
Modify the master password and apply changes immediately

MySql Remote server connection access denied

I have created a free application using openshift, and created MySQL and phpmyadmin cartridges and inside my phpmyadmin I have gave access to all users from anywhere with all privileges now the problem is when I try to connect from my local MySQL workbench i get connected but I don't see my tables I have created in remote server using phpmyadmin and I can't do any action at all like creating schemas or tables where i get
ERROR 1044: Access denied for user ''#'localhost'
Remember that I allowed all privileges for any user, but I still get access denied for any action except only for the database connection.
Make sure the user you've given full permissions to is the same user MySQL Workbench is connecting as -- there's a difference between the hosts % and localhost for instance. From MySQL Workbench, issue the "Status" command and compare the username and host against what you've configured.
You're apparently connecting through 'localhost' so you have to give full permissions to the anonymous user with host localhost (or change your connection type to tcp so that your connection is via 127.0.0.1 instead of localhost).
Edit for further clarification: The MySQL permission structure treats different types of connections differently; a client connecting via TCP connection always appears to come from an IP address, even if it's from the "local host" (in the sense of being on the same machine), in which case that IP address of the incoming connection may be 127.0.0.1. Socket type connections are registered in MySQL as coming from the host "localhost" (literally, in this case). This is why we're verifying which host MySQL Workbench is connecting as.
Different connection types appear differently to MYSQL even if they're coming from the same "local machine." Furthermore, the wildcard host does not include 'localhost' socket connections, those are a separate entry in the permissions field with the 'localhost' host name; the wildcard does not apply, as I explained above. This is the reason why we're checking which permissions you set against what MySQL Workbench is connecting as; it's the most common cause of difficulties such as these.

Error No. 1045 : While trying to connect to MySql

I installed SQLYog Community edition for windows, a GUI tool for MySql. I had earlier installed MySql with XAMPP. Now when I am trying to connect , I see an error (as pointed):
What could be the reason, I am getting this ? How do I connect to MySql and start using this GUI tool ?
The message says access denied for suhail #localhost . These could be the issues :
The user suhail does not exist at locahost.
The password specified is wrong.
MySql Server is not started. If it is started the port number is not 3306.
These are some of the troubleshoot techniques.
Also follow the comments on your question.
I had exactly same error message, however, it is resolved by means of using admin password on my machine. The message I get is as follows:
Connection info
Connection successful!
MySQL version: 5.1.54-community
Then I clicked ok to continue. See if this works for you!
error 1045 is a common authentication error
The user should be allowed to connect from remote hosts.
It should be defined as 'suhail'#'%' and not 'suhail'#'localhost')
http://webyog.com/faq/content/23/18/en/error-no-1045-connection-denied.html
* User is not allowed to connect from the actual host. Note that MySQL by default only allows connection from 'localhost'. To specify from where a user may connect SQL wildcards (% and _) can be used. Simply 'someuser#%' means that user 'someuser' may connect from everywhere.
I too was having the same problem, but it was solved by giving.. username as- root.
So. try by giving
username: root.
Go to mysql Workbench >> Users and privileges >>
Select user in user accounts tab, then on right side open schema privileges tab >> there you have to give required permissions.
If not work,
open a 3306 port in windows firewall.
Check whether the port is already in use or not. 3306 port is for Mysql server. So check whether it is being used or not. if it is used then we can kill that process and can try again to connect to the same port.
Please try to put the 127.0.0.1 instead of localhost in mysqlhost address
mine is working

How to determine who is trying to access MySql

When I check the mysql query logs on our BSD server, I see, repeated again and again:
111123 8:23:11 4478 Connect Access denied for user 'Neohoo'#'localhost' (using password: YES)
4479 Connect Access denied for user 'root'#'localhost' (using password: NO)
I shut off outside access by adding the skip-networking option and restarting mysql:
cat /etc/my.cnf
[mysqld]
// The MySQL server
skip-innodb
max_connections=30
skip-networking
set-variable=local-infile=0
And verified by:
telnet bsdServer.com 3306
telnet: Unable to connect to remote host
The MySql is used with a legacy PHP application. I considered it could be an SQL injection attack but I am at a loss to find which section of the program. The mysql query logs do not show an IP address or any more useful data.
Any suggestions appreciated.
I shut off outside access by adding the skip-networking option
But these users are connecting from localhost - i.e. not across the network.
The mysql query logs do not show an IP address
Yes they do:
111123 8:23:11 4478 Connect Access denied for user 'Neohoo'#'localhost' (using password: YES)
Some client running on the machine is trying to connect.
If this machine is running a PHP webserver, particularly one facing the internet, most likely have a PHP code injection issue. Try cross referencing the timestamps on the log entries with your webserver access_log. If you've got the mysql client available on the machine, ensure that your webserver uid can't run it.

Question related to mysql gem new method authentication

I normally code on windows and using MYSQL4.1. And mysql gem version is 2.8.1. In my setup when I use mysql gem to access the MYSQL server, I give the root username and password of the sql server. And in rails db config file, I give user name as 'root' and its password and host as 'localhost'. My rails server and Mysql server are running on the same machine.
But recently I had to do a project in which I had to access the MYSQL server installed at a client site. It is a linux machine. I am not sure of the sql server's version number. To access it I was given a username and password for SSH and the root username and root password of the SQL server also. But for accessing that machine, in the mysql new method I have to specify the ssh login and user-password instead of sql user and password.
I cant access the DB if I give the MySql root user and password.
So, mysql.new(machine's public IP, ssh login id, ssh login password, db_name) works whereaes mysql.new(machine's public IP, 'root, root password, db_name) does not work. I am not sure, I understand what is happening. So, my question is can anyone explain this login behavior? Why cant I access the mysql server with the sql server's root login and root password.
To expand a little bit on what adamaig said:
When you're logged into the MySQL console as root, do this:
use mysql;
select User, Host from user;
MySQL should give you a table with the accounts and their respective hosts. You'll probably see that root can only log in from '127.0.0.1' or 'localhost'. You'll also probably see another account with credentials identical to those of the ssh account that was given to you.
Also, I would advise against giving root permission to log in from everywhere, it is a security risk.
But, if you ssh directly into the machine (using something like PuTTY if you're on Windows), you'll be able to log in as root from there.
Sounds like you need to create a user in the remote db that allows remote login. The root account is typically not given permissions to login from '%' . Try looking at the mysql.user table to see what the permissions are. Then you might want to look at the mysql.com developer documents on setting up accounts and security. The answers there will be fuller than can be given here.