I have created a MariaDB database user user. Looks something like:
MariaDB [(none)]> select host,user,password from mysql.user;
+-----------+-------+-------------------------------------------+
| host | user | password |
+-----------+-------+-------------------------------------------+
| % | user | ***************************************** |
+-----------+-------+-------------------------------------------+
I can connect to the database from a remote computer using command like
mysql -uuser -hdevops.ok -p mydatabase
This works as expected. I can login using my password.
When I am on the database server and try to connect with
[vagrant#devops ~]$ mysql -h127.0.0.1 -uuser -p mydatabase
Enter password:
ERROR 1045 (28000): Access denied for user 'user'#'localhost' (using password: YES)
I expected the % to allow access from all nodes in the network including localhost but it seems this is not how it works.
Is it possible to grant this user local access?
I can create another account of course
create user 'myser'#'localhost' identified by '****';
This would allow me access to the database but that feels more like a workaround.
Update
I now think this is only possible by creating two accounts 'myuser'#'localhost' and 'myuser'#'%'
% does not include localhost. Btw 127.0.0.1 and 127.0.0.2 resolve to localhost and as a consequence these are also not matches by %.
Doesn't make sense but it looks like this is the way it is supposed to work.
The % in the host field means any targeted host is possible.
There is one special case, when the database makes a difference between 127.0.0.1 (TCP based connection) and localhost which connects to the local unix socket.
Consider the db settings skip-networking and bind-address. See
https://mariadb.com/kb/en/mariadb/configuring-mariadb-for-remote-client-access/
TCP connections are usually disabled by default - this might be different depending on distribution, package used, ...
So when you type the following it should work:
mysql -hlocalhost -uuser -p mydatabase
References:
https://dev.mysql.com/doc/refman/5.5/en/connecting.html
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file.
You could also use the --socket option.
Related
I have MySQL setup in a PC on my local network, how do I connect to it?
I also have MySQL installed on this computer (which I want to use to connect to the database).
I tried the following but it's not working:
mysql -u user -h 192.168.1.28:3306 -p password
ERROR 2005 (HY000): Unknown MySQL server host '192.168.1.28:3306' (0)
EDIT
Thanks for your help. Anyway, I connect without 3306 and I have another problem. MACBOOK is the name of my client computer.
mysql -u user -ppassword -h 192.168.1.28
ERROR 1045 (28000): Access denied for user 'user'#'MACBOOK' (using password: YES)
Thanks.
That was a very useful question! Since we need to run the application with a centralized database, we should give the privileges to that computer in LAN to access the particular database hosted in LAN PC. Here is the solution for that!
Go to MySQL server
Type the following code to grant access for other pc:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root_password';
then type:
FLUSH PRIVILEGES;
Replace % with the IP you want to grant access for!
Users who can Install MySQL Workbench on MySQL Server Machine
If you use or have MySQL Workbench on the MySQL Server PC you can do this with just a few clicks. Recommend only for development environment.
Connect to MySQL Server
Find this option Users and Privileges from Navigator and click on it.
Select root user and change value for Limit to Hosts Matching to %.
The click Apply at the bottom.
This should enable root user to access MySQL Server from remote machine.
Since you have MySQL on your local computer, you do not need to bother with the IP address of the machine. Just use localhost:
mysql -u user -p
or
mysql -hlocalhost -u user -p
If you cannot login with this, you must find out what usernames (user#host) exist in the MySQL Server locally. Here is what you do:
Step 01) Startup MySQL so that no passwords are require no passwords and denies TCP/IP connections
service mysql restart --skip-grant-tables --skip-networking
Keep in mind that standard SQL for adding users, granting and
revoking privileges are disabled.
Step 02) Show users and hosts
select concat(''',user,'''#''',host,'''') userhost,password from mysql.user;
Step 03) Check your password to make sure it works
select user,host from mysql.user where password=password('YourMySQLPassword');
If your password produces no output for this query, you have a bad
password.
If your password produces output for this query, look at the users
and hosts. If your host value is '%', your should be able to connect
from anywhere. If your host is 'localhost', you should be able to
connect locally.
Make user you have 'root'#'localhost' defined.
Once you have done what is needed, just restart mysql normally
service mysql restart
If you are able to connect successfully on the macbook, run this
query:
SELECT USER(),CURRENT_USER();
USER() reports how you attempted to authenticate in MySQL
CURRENT_USER() reports how you were allowed to authenticate in
MySQL
Let us know what happens !!!
UPDATE 2012-02-13 20:47 EDT
Login to the remote server and repeat Step 1-3
See if any user allows remote access (i.e, host in mysql.user is '%'). If you do not, then add 'user'#'%' to mysql.user.
Follow a simple checklist:
Try pinging the machine ping 192.168.1.2
Ensure MySQL is running on the specified port 3306 i.e. it has not been modified.
Ensure that the other PC is not blocking inbound connections on that port. If it is, add a firewall exception to allow connections on port 3306 and allow inbound connections in general.
It would be nice if you could post the exact error as it is displayed when you attempt to make that connection.
mysql -u user -h 192.168.1.2 -p
This should be enough for connection to MySQL server.
Please, check the firewall of 192.168.1.2 if remote connection to MySQL server is enabled.
Regards
In Ubuntu Follow these steps:
Set bind-address at /etc/mysql/mysql.conf.d
Change bind-address = 127.0.0.1 to bind-address = 192.24.805.50 # your IP
Grant permission for the remote machine
mysql>GRANT ALL PRIVILEGES ON *.* TO 'root'#'[remoteip]' IDENTIFIED
BY 'anypassword' WITH GRANT OPTION;
Then try connect from remote machine
mysql -u root -h 192.24.805.50 -p
Connecting to any mysql database should be like this:
$mysql -h hostname -Pportnumber -u username -p (then enter)
Then it will ask for password. Note: Port number should be closer to -P or it will show error. Make sure you know what is your mysql port. Default is 3306 and is optional to specify the port in this case. If its anything else you need to mention port number with -P or else it will show error.
For example:
$mysql -h 10.20.40.5 -P3306 -u root -p (then enter)
Password:My_Db_Password
Gubrish about product you using.
mysql>_
Note: If you are trying to connect a db at different location make sure you can ping to that server/computer.
$ping 10.20.40.5
It should return TTL with time you got back PONG.
If it says destination unreachable then you cannot connect to remote mysql no matter what.
In such case contact your Network Administrator or Check your cable connection to your computer till the end of your target computer. Or check if you got LAN/WAN/MAN or internet/intranet/extranet working.
actually you shouldn't specify port in the host name. Mysql has special option for port (if port differs from default)
kind of
mysql --host=192.168.1.2 --port=3306
You don't have to specify ':3306' after the IP, it's the default port for MySQL.
And if your MySQL server runs with another port than 3306, then you have to add '-P [port]' instead of adding it to the IP address.
The MySQL client won't recognize the syntax "host:port", you HAVE to use -P [port] instead.
And btw, if you use '-p password', it won't work and will ask you the password again. You have to stick the password to the -p : -ppassword. (still, it's a very bad habit, because anyone that could do a PS on your server could see the plain password...)
You should use this:
>mysql -u user -h 192.168.1.2 -P 3306 -ppassword
or this:
>mysql -u user -h 192.168.1.2 -ppassword
...because 3306 is a default port number.
mysql Options
MySQL 5.1.31 running on Windows XP.
From the local MySQL server (192.168.233.142) I can connect as root as follows:
>mysql --host=192.168.233.142 --user=root --password=redacted
From a remote machine (192.168.233.163), I can see that the mysql port is open:
# telnet 192.168.233.142 3306
Trying 192.168.233.142...
Connected to 192.168.233.142 (192.168.233.142).
But when trying to connect to mysql from the remote machine, I receive:
# mysql --host=192.168.233.142 --user=root --password=redacted
ERROR 1045 (28000): Access denied for user 'root'#'192.168.233.163' (using password: YES)
I have only 2 entries in mysql.user:
Host User Password
--------------------------------------
localhost root *blahblahblah
% root [same as above]
What more do I need to do to enable remote access?
EDIT
As suggested by Paulo below, I tried replacing the mysql.user entry for % with an IP specific entry, so my user table now looks like this:
Host User Password
------------------------------------------
localhost root *blahblahblah
192.168.233.163 root [same as above]
I then restarted the machine, but the problem persists.
You have to put this as root:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY 'PASSWORD' with grant option;
;
where IP is the IP you want to allow access, USERNAME is the user you use to connect, and PASSWORD is the relevant password.
If you want to allow access from any IP just put % instead of your IP
and then you only have to put
FLUSH PRIVILEGES;
Or restart mysql server and that's it.
I was getting the same error after granting remote access until I made this:
From /etc/mysql/my.cnf
In newer versions of mysql the location of the file is
/etc/mysql/mysql.conf.d/mysqld.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
(comment this line: bind-address = 127.0.0.1)
Then run service mysql restart.
By default in MySQL server remote access is disabled. The process to provide a remote access to user is.
Go to my sql bin folder or add it to PATH
Login to root by mysql -uroot -proot (or whatever the root password is.)
On success you will get mysql>
Provide grant access all for that user.
GRANT ALL PRIVILEGES ON *.* TO 'username'#'IP' IDENTIFIED BY 'password';
Here IP is IP address for which you want to allow remote access, if we put % any IP address can access remotely.
Example:
C:\Users\UserName> cd C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin>mysql -uroot -proot
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root';
Query OK, 0 rows affected (0.27 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.25 sec)
This for a other user.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'testUser'#'%' IDENTIFIED BY 'testUser';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Hope this will help
Paulo's help lead me to the solution. It was a combination of the following:
the password contained a dollar sign
I was trying to connect from a Linux shell
The bash shell treats the dollar sign as a special character for expansion to an environment variable, so we need to escape it with a backslash. Incidentally, we don't have to do this in the case where the dollar sign is the final character of the password.
As an example, if your password is "pas$word", from Linux bash we must connect as follows:
# mysql --host=192.168.233.142 --user=root --password=pas\$word
Do you have a firewall ? make sure that port 3306 is open.
On windows , by default mysql root account is created that is permitted to have access from localhost only unless you have selected the option to enable access from remote machines during installation .
creating or update the desired user with '%' as hostname .
example :
CREATE USER 'krish'#'%' IDENTIFIED BY 'password';
Try to flush privileges again.
Try to restart server to reload grants.
Try create a user with host "192.168.233.163". "%" appears to not allow all (it's weird)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
if you are using dynamic ip just grant access to 192.168.2.% so now you dont have to worry about granting access to your ip address every time.
I was struggling with remote login to MYSQL for my Amazon EC2 Linux instance. Found the solution was to make sure my security group included an inbound rule for MySQL port 3306 to include my IP address (or 0.0.0.0/0 for anywhere). Immediately could connect remotely as soon as I added this rule.
MySQL ODBC 3.51 Driver is that special characters in the password aren't handled.
"Warning – You might have a serious headache with MySQL ODBC 3.51 if the password in your GRANT command contains special characters, such as ! # # $ % ^ ?. MySQL ODBC 3.51 ODBC Driver does not support these special characters in the password box. The only error message you would receive is “Access denied” (using password: YES)" - from http://www.plaintutorials.com/install-and-create-mysql-odbc-connector-on-windows-7/
The user/host combination may have been created without password.
I was assuming that when adding a new host for an existing user (using a GUI app), the existing password would also be used for the new user/host combination.
I could log in with
mysql -u username -p PASSWORD
locally, but not from IPADDRESS with
mysql -u --host=HOST -p PASSWORD
(I could actually log in from IPADDRESS without using a password)
mysql -u --host=HOST
Setting the password allowed access:
set password for '<USER>'#'<IPADDRESS>' = '<PASSWORD>';
New location for mysql config file is
/etc/mysql/mysql.conf.d/mysqld.cnf
My case is absolutely simple.
You may have this problem in case if you type in WRONG password. No create user is needed (user already existed), no other permissions. Basically make sure that the password is correct. So make double-sure the password is correct
I've MySQL Server 5.1.73 running on the CentOS 6.x server.
I've set the password for root user.
When I specify the following command it logs me to the mysql shell.
[root#sandbox ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 60384
I am checking the hostname
mysql> SELECT ##hostname;
+-------------------------+
| ##hostname |
+-------------------------+
| sandbox.hortonworks.com |
+-------------------------+
Now I loggoff and try to login with specifying host name explicitly and it asks me to provide the password it throws access denied error.
[root#sandbox ~]# hostname -f
sandbox.hortonworks.com
[root#sandbox ~]# mysql -u root -p -h sandbox.hortonworks.com
Enter password:
ERROR 1045 (28000): Access denied for user 'root'#'sandbox.hortonworks.com' (using password: YES)
Even stranger part :
I use the same command but remove -p parameter (i.e. using password = false), it logs in successfully without asking password.
[root#sandbox ~]# mysql -u root -h sandbox.hortonworks.com
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 61736
Could any one tell if I am missing any configuration?
Regards,
-JE
Two things:
I expect the first login attempt works but the second doesn't because your root user is only defined as root#localhost - when you try to connect via an external interface (instead of localhost or 127.0.0.1) you can't authenticate as that user. If that's the issue, you'll need to create a root#sandbox.hortonworks.com user account or alter the existing root user.
Secondly, the successful login without password was probably not as successful as you thought. MySQL will "helpfully" log you in as a different user than the one you specified in some situations, see this question: https://superuser.com/questions/266758/how-do-i-see-which-user-i-am-logged-in-as-in-mysql
The way mysql handles users can definitely be confusing (I'm no longer an expert, I've moved on to using PostgreSQL primarily, so I may be missing something in my explanation) but that's my best guess for the behavior that you're seeing.
I'm having trouble opening a up my MYSQL server to ALL remote connections. I have followed many online guides and appear to have something wrong. Perhaps SO could provide guidance? My server details are as follows:
Ubuntu 12.04 Server,
MYSQL Ver 14.14 Distrib 5.5.34, for debian-linux-gnu (x86_64) using readline 6.2
/etc/mysql/my.cnf: Other stuff too, but importantly the bind-address...
bind-address = 0.0.0.0
my.conf has the following permissions:
-rw-r--r-- 1 root root 3516 Jan 31 17:12 my.cnf
The server isn't blocked because:
telnet myDomain.com 3306
prompts for my native mysql password.
MYSQL Queries
CREATE USER 'myUser'#'%' IDENTIFIED BY 'myPASSWORD';
GRANT INSERT
ON db.table_v
TO 'myUser'#'%'
IDENTIFIED BY 'myPASSWORD';
FLUSH PRIVILEGES;
Permissions from show grants for 'myUser'#'%';
GRANT USAGE ON . TO 'myUser'#'%' IDENTIFIED BY PASSWORD '****************'
GRANT INSERT ON db.table_v TO 'myUser'#'%'
I also restarted my server
PROBLEM:
mysql -h myDomain.com -u myUser -p
Enter password:
ERROR 1045 (28000): Access denied for user 'myDomain'#'***MYIPADDRESS***' (using password: YES)
I am also not able to login locally with any user where the host is not specifically local, such as '%' or my home IP.
this is interesting if not typo:
Access denied for user 'myDomain'
are you trying to use your domain name as username? there should be myUser instead of myDomain cause you give remote permissions to myUser only.
also in:
mysql -h myDomain.com -u myUser -p
-h means the host where mysql server resides, not your user's current host. so trying anything other then "localhost" when you're locally trying to connect the database surely gives error cause you are trying to connect a database you are not intend to. suppose you are connected to mysql server locally and typed the above line; this command will try to connect the server at myDomain.com with the user myUser and password you provide. if the permissions you defined are where you run this command, you'll get that access denied error cause you are connecting to a different server.
I think the problem is the location of the .cnf file where you specify the bind-address attribute.
Most guides and tutorials say the file is /etc/mysql/my.cnf but after many tries I realized that the correct place was in mysqld.cnf file under mysqld profile.
Try to include the bind-address attribute there.
To check if this worked for you type "netstat -lt" and find if the local address of mysql process is 0.0.0.0:3306.
Then check again yor connection
You need also create local user account
CREATE USER 'myUser'#'localhost' IDENTIFIED BY 'myPASSWORD';
MySQL Manual | Adding users
I don't advise usage such unsecure statements as
GRANT ALL ON *.* TO 'myuser'#'%';
It creates superuser e.g. grants privileges to all databases for all operations.
May I ask why you need direct access to MySQL? MySQL should really only listen to localhost, but you can access easily using SSH.
If using Windows, Putty allows you to establish an SSH connection to the host, and then forward 3306 localhost traffic to your own computer.
Better still, programs like SQLyog allow SSH tunnel connections to MySQL which is how I usually connect (unless the servers are on a VPN).
Are you using this server for development or does it have a public IP address?
please post the result of
nmap ***MYIPADDRESS***
and
nmap localhost
and
nmap MyDomain
if you do not have nmap install it from apt, then I can help you more.
I have MySQL setup in a PC on my local network, how do I connect to it?
I also have MySQL installed on this computer (which I want to use to connect to the database).
I tried the following but it's not working:
mysql -u user -h 192.168.1.28:3306 -p password
ERROR 2005 (HY000): Unknown MySQL server host '192.168.1.28:3306' (0)
EDIT
Thanks for your help. Anyway, I connect without 3306 and I have another problem. MACBOOK is the name of my client computer.
mysql -u user -ppassword -h 192.168.1.28
ERROR 1045 (28000): Access denied for user 'user'#'MACBOOK' (using password: YES)
Thanks.
Users who can Install MySQL Workbench on MySQL Server Machine
If you use or have MySQL Workbench on the MySQL Server PC you can do this with just a few clicks. Recommend only for development environment.
Connect to MySQL Server
Find this option Users and Privileges from Navigator and click on it.
Select root user and change value for Limit to Hosts Matching to %.
The click Apply at the bottom.
This should enable root user to access MySQL Server from remote machine.
That was a very useful question! Since we need to run the application with a centralized database, we should give the privileges to that computer in LAN to access the particular database hosted in LAN PC. Here is the solution for that!
Go to MySQL server
Type the following code to grant access for other pc:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root_password';
then type:
FLUSH PRIVILEGES;
Replace % with the IP you want to grant access for!
Since you have MySQL on your local computer, you do not need to bother with the IP address of the machine. Just use localhost:
mysql -u user -p
or
mysql -hlocalhost -u user -p
If you cannot login with this, you must find out what usernames (user#host) exist in the MySQL Server locally. Here is what you do:
Step 01) Startup MySQL so that no passwords are require no passwords and denies TCP/IP connections
service mysql restart --skip-grant-tables --skip-networking
Keep in mind that standard SQL for adding users, granting and
revoking privileges are disabled.
Step 02) Show users and hosts
select concat(''',user,'''#''',host,'''') userhost,password from mysql.user;
Step 03) Check your password to make sure it works
select user,host from mysql.user where password=password('YourMySQLPassword');
If your password produces no output for this query, you have a bad
password.
If your password produces output for this query, look at the users
and hosts. If your host value is '%', your should be able to connect
from anywhere. If your host is 'localhost', you should be able to
connect locally.
Make user you have 'root'#'localhost' defined.
Once you have done what is needed, just restart mysql normally
service mysql restart
If you are able to connect successfully on the macbook, run this
query:
SELECT USER(),CURRENT_USER();
USER() reports how you attempted to authenticate in MySQL
CURRENT_USER() reports how you were allowed to authenticate in
MySQL
Let us know what happens !!!
UPDATE 2012-02-13 20:47 EDT
Login to the remote server and repeat Step 1-3
See if any user allows remote access (i.e, host in mysql.user is '%'). If you do not, then add 'user'#'%' to mysql.user.
Follow a simple checklist:
Try pinging the machine ping 192.168.1.2
Ensure MySQL is running on the specified port 3306 i.e. it has not been modified.
Ensure that the other PC is not blocking inbound connections on that port. If it is, add a firewall exception to allow connections on port 3306 and allow inbound connections in general.
It would be nice if you could post the exact error as it is displayed when you attempt to make that connection.
mysql -u user -h 192.168.1.2 -p
This should be enough for connection to MySQL server.
Please, check the firewall of 192.168.1.2 if remote connection to MySQL server is enabled.
Regards
In Ubuntu Follow these steps:
Set bind-address at /etc/mysql/mysql.conf.d
Change bind-address = 127.0.0.1 to bind-address = 192.24.805.50 # your IP
Grant permission for the remote machine
mysql>GRANT ALL PRIVILEGES ON *.* TO 'root'#'[remoteip]' IDENTIFIED
BY 'anypassword' WITH GRANT OPTION;
Then try connect from remote machine
mysql -u root -h 192.24.805.50 -p
Connecting to any mysql database should be like this:
$mysql -h hostname -Pportnumber -u username -p (then enter)
Then it will ask for password. Note: Port number should be closer to -P or it will show error. Make sure you know what is your mysql port. Default is 3306 and is optional to specify the port in this case. If its anything else you need to mention port number with -P or else it will show error.
For example:
$mysql -h 10.20.40.5 -P3306 -u root -p (then enter)
Password:My_Db_Password
Gubrish about product you using.
mysql>_
Note: If you are trying to connect a db at different location make sure you can ping to that server/computer.
$ping 10.20.40.5
It should return TTL with time you got back PONG.
If it says destination unreachable then you cannot connect to remote mysql no matter what.
In such case contact your Network Administrator or Check your cable connection to your computer till the end of your target computer. Or check if you got LAN/WAN/MAN or internet/intranet/extranet working.
actually you shouldn't specify port in the host name. Mysql has special option for port (if port differs from default)
kind of
mysql --host=192.168.1.2 --port=3306
You don't have to specify ':3306' after the IP, it's the default port for MySQL.
And if your MySQL server runs with another port than 3306, then you have to add '-P [port]' instead of adding it to the IP address.
The MySQL client won't recognize the syntax "host:port", you HAVE to use -P [port] instead.
And btw, if you use '-p password', it won't work and will ask you the password again. You have to stick the password to the -p : -ppassword. (still, it's a very bad habit, because anyone that could do a PS on your server could see the plain password...)
You should use this:
>mysql -u user -h 192.168.1.2 -P 3306 -ppassword
or this:
>mysql -u user -h 192.168.1.2 -ppassword
...because 3306 is a default port number.
mysql Options