I have a MySQL database server on a remote AWS Linux Machine. I can access this server by SSH.
However, I need to access this from my Windows computer and it's not working (using mysql -u root -p -h remoteAddress where remoteAddress in the IP address of my remote server). I also have a local MySQL server installed so mysql -u root -p -h localhost on Windows works normally.
I have read a lot on this but no solutions are working for me. The error I'm getting is:
Error 2003 (HY000): Can't connect to MySQL server on 'remoteAddress' (10060)
Now I have bind-address commented out in my my.cnf file and in addition using phpmyadmin, I can confirm that root can be accessed from anywhere (i.e. it says from %).
Even if I turn off the iptables service, I still get the same error.
Furthemore, if I type in netstat -tln | grep 3306, I get:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
I don't care about the safety implications presently, I just want to get this working.
After reading the comments on my question I had an idea which led me to the solution. Everything on the server was set up properly except that AWS places a level of security on top of things which needs to be changed.
I simply added MySQL to the list of inbound traffic allowed in the security group settings and that solved it. I should have done this when creating the instance but didn't know that I would be using MySQL on the server at the time.
So I modified the security group to add MySQL traffic.
I know this was a really niche problem but I hope it helps someone if they find themselves in the same situation.
Related
I have tried suggestions in what seems like every post about this topic and none of them have worked for me, so I'm posting my own in case anyone spots anything that I missed.
I'm migrating a wordpress site into a LEMP (ubuntu, apache) stack instance on Digital Ocean, and I need temporary access to the database via MySQL Workbench or something similar on my local machine. I'm planning to turn it off once the migration is done. However I am having a very weird issue I can't figure out the cause for.
If I attempt to sign into the sql instance using
mysql -u user -h my.ip.address -p
I can get access from my local machine just fine.
I can also SSH into the server itself via terminal just fine, I have it set up in my ssh config file using the same ip address and the same user and ssh key i'm attempting to use for my workbench connection.
However doing the same via an SSH connection on workbench I constantly get the error:
Authentication failed, access denied.
Failed to connect to MySql at my.ip.address:3306 through ssh tunnel at user#127.0.0.1 with user mysqluser
Things I've done to attempt to rectify this:
set bind-address in mysql config to 0.0.0.0 on the server and restarted server's mysql
set bind-address in mysql config to my.ip.address on the server and restarted
allowed tcp connection
allowed connection via ufw firewall to 3306 and 33060 ports
created a mysql user with all privileges granted for 'localhost', '%', and '0.0.0.0' hosts
tried sshing in as root user
tried using the root user for the mysql user
I am probably missing some things on that list as I feel like I've tried a million things already!
I even have a different server on a LAMP stack (not LEMP) that I set up a few days ago and was able to gain access to the mysql db on workbench by following the same steps, and even attempted backtracing and copying what I did on the LAMP server, but no go.
I checked to see the netstats of the mysql instance and match the port and the ip and that didn't work, I made sure the port of the SSH was correct, nothing is working.
Does anyone have any tips? I've been using all of the "allow remote mysql connection on digital ocean" articles and questions i can find but nothing is working.
Here is my Workbench connection config at the moment but i have tried what feels like every iteration of it i could think of (re users, passwords, IP addresses, and ports)
SSH Hostname: my.ip.address
SSH Username: user
SSH Password: user-password (also tried empty, since i have a key)
SSH Key File: same key file i use to ssh on terminal
Mysql Hostname: 127.0.0.1 (also tried my.ip.address)
MySql Server Port: 3306 (also tried 33060)
Username: MySqlUser
Password: MySqlUser-Password (works when connecting to mysql via terminal)
I am currently trying to work through a guide to build an automated phone system using twilio and integrate it into MySQL database (https://www.twilio.com/blog/connect-local-database-twilio-functions). The issue I am having is that I am unable to connect to the MySQL server after tunneling with ngrok.
Here is the command I am running:
mysql --protocol=tcp --host=0.tcp.ngrok.io --port 18477 --user=root -p
When I press run, the terminal sits in idle for several minutes and then outputs:
ERROR 2003 (HY000): Can't connect to MySQL server on '0.tcp.ngrok.io' (110)
Here is a screenshot of ngrok:
I have followed the steps in https://linuxize.com/post/mysql-remote-access/ to further my knowledge on setting up remote access to mysql. At the bottom of the article, it says that this error typically means 'the port 3306 is not open, or the MySQL server is not listening on the IP address." I then followed the links provided and checked both of those. The second image looked at the listening aspect.
Upon encountering this error, I tried to do some research to see if I can track down the issue. I have zero networking experience, so I do not understand anything beyond client and server basics and such. I came across the mysql documentation (https://dev.mysql.com/doc/refman/8.0/en/can-not-connect-to-server.html).
It says, "if the server was started with skip_networking system variable, it will not accept TCP/IP connections at all." Furthermore, it goes on to say, "If the server was started with bind_address system variable set to 127.0.0.1, it will listen for TCP/IP connections only locally on loopback interface and will not accept remote connections."
I have already made the modifications that I have seen across various documentation and articles. Here are some images to show what I have set-up:
The image below is a screenshot from MySQL Workbench. My bind address is open to all and is not restricted to local connections (bind_address in etc/mysql/mysql.conf.d is commented out). Furthermore, port is set to 3306. Lastly, skip-networking is not checked so TCP/IP can occur.
To confirm that MySQL is listening on port 3306, I ran this lsof command with iTCP:3306. I believe this tells me that mysql is listening on 3306. I am not sure if USER refers to the user mysqld is running on, but if it is, I am not sure what this means in the context of root and other users.
I wish this seemed trivial, but with little networking knowledge, I can easily overlook something simple. Any additional information can be provided.
When you connect to MySql via the hostname set up by ngrok, don't use port 3306. Instead, use the port allocated for you by ngrok. In your example it's 18447.
I'm currently trying to run an application on a server but my customer is very 'picky' about their data and wish to store the database on their own internal office server. I've installed MySQL and can get the application to run locally but for a few specific reasons the application needs to run else where.
I basically can't get access to MySQL from a different location. I think my main stumbling block is port forwarding to the correct location. MySQL is installed on a mac mini with local IP address 192.168.1.242 and the router/modem is an Apple Time Capsule. I've tried looking at tutorials but they all have options that I don't have access to. I've attached a screenshot of the options I have access to and the settings I've tried so far.
Other information possibly needed is:
I need to connect from PHP
I've set a user up within MySQL with a wildcard (%)
I'm testing it using the following: command on my local machine in CMD: mysql -u username -h remote_ip_address -p
I get the following error: ERROR 2003 (HY000): Can't connect to MySQL server on 'REMOTE_IP_ADDRESS' (10061)
Firewall is turned off completely on the Mac Mini
There is nothing in the my.cnf file
OS is Sierra
That's all I can think of at the moment but any advice would be greatly appreciated and any more information required can be provided.
PS. evidently I'm not very good with MAC machines/networks
For anyone that reads this I had a very specific issue. I installed MySQL using homebrew. Homebrew binds MySQL to 127.0.0.1 therefore will only allow connections to MySQL from the same machine no matter what you try to do. To fix it I've had to edit /usr/local/Cellar/mysql//homebrew.mxcl.mysql.plist and replace --bind-address=127.0.0.1 with bind-address=*.
MySQL has an internal firewall of users/IPs. Even if you can connect locally, you might not have permission remotely:
Try this as root user on the MySQL server (locally first!)
GRANT ALL ON <db>.* TO '<user>'#'<remoteIP>' IDENTIFIED BY '<password>';
Where
<db> is the name of the DB
<user> is name under which you connect
<remoteIP> is your external office IP FROM which you are trying to connect
<password> should be self-explanatory!
This will explain the options better
I have a ubuntu 16.04 on which I run 3 servers from virtualbox (a webserver, a home file server and a mysql server).
In this mysql server I naturally have an internal ip (192.168....) and an external one.
However when I try to connect remotely to this mysql server from mysql shell, workbench or .NET connector (eg. mysql -u root -p -h 172.241.442.12) using the external IP of this virtual machine I always get ERROR: Not connected.
My question is whether to connect I have to enable port forwarding in my router (3306), just as I would do enabling 80/8080 in a webserver to make it accessible from the internet.
I never did it before and haven't find any clear tutorial either. My main purpose is to connect to this db in a vb.net application.
Thanks!
Yes, if you intend to access it in this manner you will need to forward a port. You will also need to grant access to MySQL for a user that is allowed remote access.
GRANT ALL ON somedb.* TO `user`#`123.123.123.123` IDENTIFIED BY 'somePassword'
The IP address can be a hostname, or % to match everything.
That said, unless you really need a permanant external connection to MySQL you should not expose it like this, the better option would be to tunnel the port through SSH.
ssh -N user#dbserver -L12345:localhost:3306 &
mysql -u root -h localhost -P 12345
I get an error on my website (MySQL with TCP/IP connection)
Can't connect to local MySQL server
It sounds easy, perhaps, but not so easy to solve as would seem. At first i verified that mysqld process is running. Then connected to SSH server and started /etc/init.d/mysqld restart, but nothing has changed. Also i checked is the server running, using telnet your-host-name tcp-ip-port-number, just in case, but MySQL does not work on this port and shows another error: telnet: Unable to connect to remote host: Connection refused
The last i have tried is to run mysql with the skip-networking option, and it did not help as well as other attempts above. Any suggestions would be very appreciated.
This error normally means that MySQL is not running on the system or that you are using a wrong TCP/IP port number while trying to connect to the mysqld server.
Try to connect to the mysqld daemon on the local machine and check by mysqladmin variables, which TCP/IP port is configured to use mysqld (variable port).
Perhaps you are running MySQL-server with no corresponding privileges for the directory holding the socket file. In this case, either change the privilege for the directory or restart mysqld
Also this discussion might be interesting for you: http://community.office365.com/en-us/f/172/p/266451/815406.aspx
Unfortunately, i am not a pro and my advices can help not much, but that all what i found about your issue
This sounds like you are being blocked by the firewall on the server. You can disable the firewall for a quick test:
service iptables stop
service iptables start
This article will show you how to apply rules to the firewall to allow mysql access.
http://www.cyberciti.biz/tips/linux-iptables-18-allow-mysql-server-incoming-request.html
If you have SELinux, you have another set of problems which I can't help you with.
Sounds to me permission issue.
Does it run on the local machine?
If yes, then it might me possible it isn't allowed to listen any port(security purposes: mostly on a linux based server). Otherwise, Network user might not have permission granted to access mysql over internet.
As you say, if it's a website, I would never allow user access mysql directly but only the server shall: possible security breach otherwise.(you don't want your database to be dropped, do you?)
Well still, proper answer to you question resides here: http://dev.mysql.com/doc/refman/5.1/en/grant.html
and this might help:
Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server
Firstly, you should verify that MySQL is actually running by checking your processlist. On linux you could do that like this, note that you should see both mysqld_safe and then mysqld as two separate processes.
sudo ps auxwww|grep -i mysqld
If it is not running, I would check the MySQL error log for clues as to why it is not starting.
If you then verify that it is running, we can check to see what ports or unix sockets it is listening on like so. If this doesn't work, get the process ID of mysqld (not mysqld_safe) and try search for that with grep instead of 'mysql'
sudo netstat -anp|grep -i mysql
You'll obviously want to restart without skip-networking to see a TCP socket appear.
Based on the output of that, you should see both a unix socket and a tcp socket. Also check the address in the fourth column for the TCP socket, it will likely say either 127.0.0.1:3306 or 0.0.0.0:3306. The former means that you can only connect via localhost (127.0.0.1) and the latter means the connection will work on any IP address.
If you've gone through all of that and are still not sure why it is working, you could post the processlist and netstat outputs for further review, along with the exact settings you are using to try and connect to MySQL and indicate whether you are connecting from the same server (i.e. locally) or from another server over the network.
See also:
http://dev.mysql.com/doc/refman/5.6/en/can-not-connect-to-server.html