Rails can't connect to external mysql server despite Privileges - mysql

I run rails on my local dev environment but the mysql instance is on a separate server.
When trying to open a page in the app I get this error:
Access denied for user 'username'#'myhostname.lan' (using password: YES)
When I ssh into the server running mysql and run this command SELECT Host from mysql.user WHERE User='username'; I get the following:
+---------------------+
| Host |
+---------------------+
| % |
| myhostname.lan |
| localhost |
+---------------------+
All of these entries were created with GRANT ALL PRIVIELEGES ON dbname.* TO ...
So why can I not connect given that both the any-host wildcard % is in the list as well as the hostname I try to connect from specifically?

Despite having same usernames these users are different for mysql.
Check that the password is set on all user entries and is what you expect it to be.
You can compare authentication_strings in mysql.user.

Related

MySQL Workbench - 'Access Denied' without port forwarding

I'm running mysql workbench on my 2011 macbook pro. I use it to connect to a mysql database on a remote ubuntu server. I was able to connect no problem from my macbook pro to the mysql database on the remote server until I had to do a hard reboot on my mac. After that I would get the error below.
However once I port forwarded with the command below on my mac for the specified user it connects to the database on the remote server with mysql workbench no problem. What does this tell us about the issue connecting from my mac to the database on the remote server? I would rather not portforward for every user I want to login with from my mac. Does anyone have a suggestion how to fix this?
command:
ssh -N -f -L localhost:3306:localhost:3306 username#192.168.50.122
previous error:
Failed to connect to MySQL at xxx.xxx.xx.xxx:3306 with user username Access denied for user 'username'#'xxx.xxx.xx.xxx' (using password: YES)
Update:
When I try looking up the grants for the username with the ip address I'm not finding them and getting the error message below. When I try to look up the sql_show_grants table I get another error message. When I try looking up the same username with '%' I'm finding all the grants below. So does it make sense that the user still can't connect from any ip? Is there something else I need to do?
show grants for 'username'#'xxx.xxx.xx.xxx';
ERROR 1141 (42000): There is no such grant defined for user 'username' on host 'xxx.xxx.xx.xxx'
SELECT sql_grants FROM common_schema.sql_show_grants;
ERROR 1049 (42000): Unknown database 'common_schema'
show grants for 'username'#'%';
+--------------------------------------------------------------+
| Grants for username#% |
+--------------------------------------------------------------+
| GRANT USAGE ON *.* TO `username`#`%` |
| GRANT ALL PRIVILEGES ON `finances`.* TO `username`#`%` |
| GRANT ALL PRIVILEGES ON `geographical`.* TO `username`#`%` |
| GRANT ALL PRIVILEGES ON `realestate`.* TO `username`#`%` |
| GRANT ALL PRIVILEGES ON `sandbox`.* TO `username`#`%` |
| GRANT ALL PRIVILEGES ON `stocks`.* TO `username`#`%` |
+--------------------------------------------------------------+
The account you are trying to connect with does not have permission to access the server from your clients IP address. If you use SSH port forwarding, you are being connected from localhost (from the server to the server), and hence get a different permission scheme applied.
On the MySQL server, start a mysql shell as an administrator, and run
SHOW GRANTS FOR 'username'#'xxx.xxx.xx.xxx'
(replacing 'username'#'xxx.xxx.xx.xxx' with what it showed you in the error message).
If it does not show any results, your user does not have any permissions from the respective IP address, and you would need to alter or create it.
If it does show permissions, make sure SELECT is underneath them.
If you cannot locate your user, attempt to view all grants:
SELECT sql_grants FROM common_schema.sql_show_grants;
If you say it worked before, it is possible that the original user was added with a dynamic IP address, which changed after the reboot of your client.
If this is the case, and the last statement shows your user with a wrong IP address, use the following to update it:
RENAME USER 'username'#'ipaddress1' TO 'username'#'ipaddress2';
You might want to consider using '%' instead of 'ipaddress2', if you are using dynamic IP addresses and want to grant the user access from all source addresses. Whether this is a security issue, depends on your environment.

MariaDB either not allowing host to connect or access denied for user

I have a Laravel project working fine on my local machine, but unable to connect to database on another Linux server.
The error I get is:
SQLSTATE[HY000] [1045] Access denied for user 'cpanel1_thewatcher'#'localhost' (using password: YES)
These are the settings I am using:
DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=dbnamehere
DB_USERNAME=cpanel1_thewatcher
DB_PASSWORD=passwordhere
I have checked to make sure cpanel1_thewatcher has ALL PRIVILEGES on this database and that the password is correct.
This is on a VPS, where I have root access, and it has two IPs dedicated to it. The main IP we will call xxx.xxx.xx.165 and the second one xxx.xxx.xx.166. If I change the settings above to set DB_HOST to xxx.xxx.xx.166 I get a different error:
SQLSTATE[HY000] [1130] Host 'xxx.xxx.xx.166' is not allowed to connect to this MariaDB server
If I set DB_HOST to xxx.xxx.xx.165 then I get yet another error:
SQLSTATE[HY000] [1045] Access denied for user 'cpanel1_thewatcher'#'server1.domain.com'
If I set DB_HOST to domain.com (the main domain on the server) I get the same error I get with DB_HOST=xxx.xxx.xx.166.
I have examined the mysql.user table on the server and found the following:
+-------------------+----------------------+
| User | Host |
+-------------------+----------------------+
| root | 127.0.0.1 |
| cpanel1 | xxx.xxx.xx.165 |
| cpanel1_thewatcher | xxx.xxx.xx.165 |
| root | ::1 |
| cpanel1 | localhost |
| cpanel1_thewatcher | localhost |
| nagios | localhost |
| root | localhost |
| cpanel1 | server1.domain.com |
| cpanel1_thewatcher | server1.domain.com |
| root | server1.domain.com |
+-------------------+----------------------+
where cpanel1 is the username of the only cPanel account on the server.
I have tried creating an entry in the table above where user is cpanel1_thewatcher and host is % but no effect. I have also tried setting DB_USERNAME to just thewatcher but nothing changes in the error messages.
I have seen some questions on SO referring to the second error message I listed, but I have been unable to find a MariaDB configuration file anywhere on my server as suggested by some answers there.
Doing GRANT ALL PRIVILEGES ON dbnamehere.* TO 'cpanel1_thewatcher'#'localhost'; gives
Query OK, 0 rows affected (0.00 sec)
Can anyone tell me what to do, I am confused with the 2 IPs and 3 different error messages here, and not sure what else to try. I'd like to eliminate any issues on my end before I resort to contacting the hosting company and waiting for a week for them to resolve it.
You need to follow this steps in order to connect to your remote database:
In your database server, run the following command in your mariadb console:
CREATE USER 'cpanel1_thewatcher'#'xxx.xxx.xx.166';
Followed by:
GRANT ALL PRIVILEGES ON dbnamehere.* TO 'cpanel1_thewatcher'#'xxx.xxx.xx.166';
FLUSH PRIVILEGES;
Where xxx.xxx.xx.166 is the ip of the machine you are trying to connect (where your laravel project lives)

MySQL2 Gem Acces Denied but Login via Terminal Works

I'm running a rake task and attempting to create a database connection to mysql via the mysql2 gem but for some reason I am getting this error:
*** Mysql2::Error Exception: Access denied for user 'user'#'localhost' (using password: YES)
This is the connection code:
Mysql2::Client.new(host: server, database: db, username: user, password: pwd)
There are two reasons this is strange:
I am able to use the same credentials to login via the terminal
I created a VM (centos 7) and added a mysql database and uploaded the dump.sql file and was able to login just fine via the terminal and by using the MySQL2 gem. So I know that code works, I'm just not sure why it doesn't work for the mysql instance it is running on.
I've checked the user privileges and my user has all the necessary privileges, the database is running on localhost, I've tried setting the host parameter to 127.0.0.1 and got the same error.
Calling this: mysql> select USER(), CURRENT_USER(); returns the following:
+--------------------+----------------+
| USER() | CURRENT_USER() |
+--------------------+----------------+
| user#localhost | user#% |
+--------------------+----------------+
1 row in set (0.00 sec)
Calling this:
mysql> Select SUBSTRING_INDEX(host,':',1) as 'ip' From information_schema.processlist WHERE ID=connection_id();
returns:
+-----------+
| ip |
+-----------+
| localhost |
+-----------+
My MySQL version is 5.7.17 for linux, running on CentOS 7.
Any ideas why this wouldn't work for one Centos/MySql version and it would for another and why I can login though the terminal and can't in my code?
Login via the terminal reset a new password, and it must can connect by new password via the mysql2 gem

is there any way to change the users host in my sql

I am building a mysql server to allow a user to only access the database if he is on an internal ip address.
SET PASSWORD FOR 'testuser'#'MyIPwillgohere' = PASSWORD('password');
but i get the following error while using the above statement
Can't find any matching row in the user table
I think it has something to do with the host being % instead of local host or my ip address.
+------------------+-------------+
| user | host |
+------------------+-------------+
| testuser | % |
| root | 127.0.0.1 |
| root | ::1 |
| debian-sys-maint | localhost |
| root | localhost |
| root | raspberrypi |
+------------------+-------------+
How can i change the host or what should i do to fix this issue. I am using putty SSH connection to connect to the server and running mysql as the root user.
The question is how to change the test users host maybe?
I want to change the host from % to either local host or maybe my own ip address. I have used workbench to log in as editor but the host is still the same?
You might try something like this (but note that DROP essentially means "DELETE" so be careful):
DROP USER 'testuser';
GRANT USAGE ON dbnamegoeshere.* to 'testuser#MyIPwillgohere' IDENTIFIED BY 'password';
I have found the soloution to my own problem. It didnt let me change the where the host was connecting to by changing the password EG
You might try something like this (but note that DROP essentially
means "DELETE" so be careful):
DROP USER 'testuser'; GRANT USAGE ON dbnamegoeshere.* to
'testuser#MyIPwillgohere' IDENTIFIED BY 'password';
Doing that it said there was no match found. I hand to grant the privileges to the user first and state where he is connecting from and then changing the password was allowed.

Bizarre MySQL Workbench error on Linux desktop

I have an account with a Java PaaS (CloudBees) that hosts their platform off of Amazon EC2 instances. My account comes with access to a MySQL server instance and I am getting a bizarre error that only occurs when I try to log into the MySQL server from a client on my linux (Ubuntu 12.04 desktop) machine, but not my Windows 7 machine.
Here is a screenshot of the error when I try to log in with MySQL Workbench on my Ubuntu machine:
It's important to note that I have another MySQL client (Squirrel SQL) installed on this machine, that throw the same exact error when I try to log in to my dl_web account. Squirrel SQL is a pure Java application, and I have tried to check that MySQL Workbench and Squirrel SQL do not share any common dependencies and couldn't find any (but I could be wrong).
However, when I try to log in with a MySQL Workbench instance living on my Windows 7 machine, I can log in just fine.
Given the list of 4 things to check from that error message:
Yes, of course MySQL server is running on the EC2 instance; otherwise CloudBees would be out of business and I wouldn't be able to log in from my Windows 7 machine.
3306 is the correct port - I verified this with CloudBees support staff.
Not sure about this one - perhaps the MySQL server instance is somehow configured to refuse connections from linux clients?!?!
The password I'm using is correct - I have checked and re-checked and re-re-checked.
So the only 2 theories I have so far are:
The MySQL server instance is somehow configured to refuse connections from Linux clients (is this even possible?); or
The MySQL Workbench and Squirrel SQL instances on my Ubuntu machine are sharing some common dependency that is buggy or misconfigured; this is the more likely of the two scenarios, but I have been unsuccessful pegging down what this dependency is...
Also - note the exact error message that I get from both MySQL Workbench and Squirrel SQL:
Access denied for user 'dl_web'#'%' to database...
My user is dl_web...not 'dl_web'#'%'!!! Bizarre, right?!
Any ideas? Thanks in advance!
You appear to be in a hosted environment within AWS where you do not have access to root or to view grants on tables, but this may help someone else and show a few steps.
first, if I go into sqlyog (or toad or mysql workbench) and try to connect to AWS mysql, i get the following error:
http://img836.imageshack.us/img836/4594/out1.GIF
so the issue is root#pool-72-93-207-216.bstnma.fios.verizon.net
so i get into mysql at root (yes I know you might not be able to do this !)..
and I perform the following
mysql> use test;
mysql> grant all privileges on test.* to 'root'#'pool-72-93-207-216.bstnma.fios.verizon.net' identified by 'mypassword123z';
mysql> select user,host from mysql.user;
+------------------+--------------------------------------------+
| user | host |
+------------------+--------------------------------------------+
| foo_user | % |
| root | 127.0.0.1 |
| foo_user | 72.93.207.216 |
| foo_user2 | 72.93.207.216 |
| root | ::1 |
| | domU-12-31-38-04-B2-89 |
| root | domU-12-31-38-04-B2-89 |
| | localhost |
| debian-sys-maint | localhost |
| phpmyadmin | localhost |
| root | localhost |
| root | pool-72-93-207-216.bstnma.fios.verizon.net |
+------------------+--------------------------------------------+
mysql> SHOW GRANTS FOR 'root'#'localhost';
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*4F4504C8CA8D22648E58B5092F653457698A9EBE' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
mysql> show grants for 'root'#'pool-72-93-207-216.bstnma.fios.verizon.net';
+----------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#pool-72-93-207-216.bstnma.fios.verizon.net |
+----------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'#'pool-72-93-207-216.bstnma.fios.verizon.net' IDENTIFIED BY PASSWORD '*CACE4BB4D0A5D265BA7FCBEED600DC8976884A43' |
| GRANT ALL PRIVILEGES ON `test`.* TO 'root'#'pool-72-93-207-216.bstnma.fios.verizon.net' |
+----------------------------------------------------------------------------------------------------------------------------------------------+
then I go back to sqlyog (or toad or mysql workbench) and log in with root and password mypassword123z and I am in.
in addition you can create an secure SSH proxy tunnel thru port 22 and your AWS pem file, using like Putty.