I'm trying to establish a connection to a MySQL server on a remote host. Both machines are running RH 7.5 and MySQL 5.7.
I can connect to the server as a root user. I did that, and used it to set up a secondary user like this:
CREATE USER 'foo'#'client-ip-address' identified by 'my-password';
and then
GRANT ALL PRIVILEGES ON my-db.* to 'foo'#'client-ip-addres';
That all went fine. But to my surprise, when I tried to connect using this new user, I got an error I wasn't used to:
$ mysql -u foo -h server-ip-address -pmy-password my-db
Access denied for user 'foo'#'some-hostname-not-an-ip.com' (using password: YES)
I know the IP address of the client (where I'm connecting from), which is why I set up the user with that value in the "host" column on the server. But the client is obviously trying to establish a connection using a value for "host" that is not the IP address. Instead it's some hostname, and not an IP address at all.
Where is this value coming from? How does mysql determine its own host when it tries to connect to a remote server? In the past I've only ever seen it use the machine's own IP address.
Related
As I know we can create Users like:
'Test01'#'localhost' (which means Test01 can access to MYSQL DB only from localhost)
'Test01'#'192.168.0.150' (which means Test01 can access to MYSQL DB only from internal network with the client having 192.168.0.150 IP address)
'Test01'#'%' (which means all IP can access)
What I want to achieve is to allow Test01 to access MySQL DB from ANOTHER network (example public IP: 1.2.3.4) and this network has a client with static local IP 192.168.0.150, where I want to restrict only this local IP can access mySQL DB.
If I create user like 'Test01'#'1.2.3.4', this will allow all the local IP under '1.2.3.4' to connect to mySQL DB, where I only want a single client with static IP 192.168.0.150 to connect to mySQL DB.
MySQL server is already exposed to the internet via port forwarding.
Can we possibly achieve this?
Follow these steps:
Log in to your MySQL server by using the following command:
mysql -u root -p
Enter your root password after it prompts for it
Use GRANT command to enable access for the remote user. Here db implies as database name, dbuser as database user and ip-address as the remote IP from where it is going to be accessed.
mysql> GRANT ALL ON db.* TO dbuser#'ip-address' IDENTIFIED BY 'your_password';
Above GRANT command grants ALL permissions to the dbuser to connect from the specified IP address by using the specified password.
Finally test the connection remotely:
mysql -u dbuser -p -h ip-address
Enter password:
I have two system where one system has the MySQL database (IP address is 192.168.0.149-running in centos) and the other has the web application (IP address 192.168.0.55-running in windows). I am calling the database from the web application remotely. I wanted to use ssh to connect with the database, so I use putty to do this.
First I run the putty and initiate the port forwarding from port 3535 to 192.168.0.149:3306.
I call from my application like this
orm.RegisterDataBase("default", "mysql", "john:john1#tcp(127.0.0.1:3535)/employee?
charset=utf8&parseTime=True")
I create a user in host MySQL database like this
mysql>create user john
mysql>GRANT CREATE,DELETE,SELECT,UPDATE ON employee.* TO 'rahul'#'192.168.0.55' IDENTIFIED
BY 'john1'
Now I run my web application. When I run it I'm getting the following error
[ORM]2017/03/01 16:18:57 register db Ping `default`, Error 1045: Access denied for user
'john'#'192.168.0.149' (using password: YES)
WORKING SCENARIOS
If I don't use the SSH and calling directly the database from the application then there is no problem for this user to access the employee database.
orm.RegisterDataBase("default", "mysql", "john:john1#tcp(192.168.0.149:3306)/employee?
charset=utf8&parseTime=True")
If I change the privilege condition like this then its working for ssh based remote database connection
sql>GRANT CREATE,DELETE,UPDATE,SELECT ON employee.* TO 'john'#'%' IDENTIFIED BY 'john1'
But I don't want to do this since it will accept the connection from all the system from the local network.I wanted to give the access to only 192.168.0.55.
Your credentials don't match.
You've granted access to 'rahul'#'192.168.0.55', but you're connecting as 'john'#'192.168.0.149'.
Try granting access to the user that's actually connecting:
GRANT CREATE,DELETE,SELECT,UPDATE ON employee.* TO 'john'#'192.168.0.149' IDENTIFIED BY 'john1'
I'm runnning MySQL 5.6 on DB server and trying to conect from application server. (app1.example.org)
On DB server, user#app1.example.org is registered as user.
I logged in app1.example.org (CentOS 6), and tried to connect DB server.
[mylocalmachine]$ ssh phanect#app1.example.org
...
[app1.example.org]$ mysql -u user -p -h 123.456.789.012
Enter password:
ERROR 1045 (28000): Access denied for user 'user'#'111.222.333.444' (using password: YES)
111.222.333.444 is associated to app1.example.org in DNS.
When I add a user user#111.222.333.444 to MySQL and try above again, I can successfully connect to MySQL. But I don't want to do this.
IP address is a little bit hard to remember, and it sometimes changes because I'm using Google Compute Engine for app server.
I want to add only user(s) with host specified in FQDN. Is it possible?
I'm using Google Cloud SQL as DB server, BTW.
You can make it open ,and use it through username and password of your db,else you just make your compute engine IP static ,so that it won't change .
I have created a free application using openshift, and created MySQL and phpmyadmin cartridges and inside my phpmyadmin I have gave access to all users from anywhere with all privileges now the problem is when I try to connect from my local MySQL workbench i get connected but I don't see my tables I have created in remote server using phpmyadmin and I can't do any action at all like creating schemas or tables where i get
ERROR 1044: Access denied for user ''#'localhost'
Remember that I allowed all privileges for any user, but I still get access denied for any action except only for the database connection.
Make sure the user you've given full permissions to is the same user MySQL Workbench is connecting as -- there's a difference between the hosts % and localhost for instance. From MySQL Workbench, issue the "Status" command and compare the username and host against what you've configured.
You're apparently connecting through 'localhost' so you have to give full permissions to the anonymous user with host localhost (or change your connection type to tcp so that your connection is via 127.0.0.1 instead of localhost).
Edit for further clarification: The MySQL permission structure treats different types of connections differently; a client connecting via TCP connection always appears to come from an IP address, even if it's from the "local host" (in the sense of being on the same machine), in which case that IP address of the incoming connection may be 127.0.0.1. Socket type connections are registered in MySQL as coming from the host "localhost" (literally, in this case). This is why we're verifying which host MySQL Workbench is connecting as.
Different connection types appear differently to MYSQL even if they're coming from the same "local machine." Furthermore, the wildcard host does not include 'localhost' socket connections, those are a separate entry in the permissions field with the 'localhost' host name; the wildcard does not apply, as I explained above. This is the reason why we're checking which permissions you set against what MySQL Workbench is connecting as; it's the most common cause of difficulties such as these.
Everything worked fine, When I configure the TMySqlConnection Driver to connect on the Local computer using WAMP local server, but when trying to configure the driver to connect to a remote MySQL server, I got an error.
aceess denied for user myuserna_me#41.175.10.32 ( Using password: yes)
How to fix the problem and force the host address to be the server's IP in which my SQL database is hosted.
credentials:
HostName : mydomain-cdn.net
PassWord : Hk*HjBc+SwXS
Username : myusername
Database : mydbname_main
Where 41.175.10.32 is my IP address (not the host address).
I think that the problem is that you haven't set up the myuserna_me user so that it has the right to connect to the DB from the 41.175.10.32 IP. mySQL user accounts do contain information from which IP given user may connect, it is also possible to use wildcard % for "without IP restrictions" access.
See "Adding User Accounts" topic in mySQL manual, it has some examples too.