I've setup a google compute VM, and can access phpmyadmin and the default index page. SSH works when I click the button on the website.
I am having issues remotly connecting to my server instance for any sort of management(ftp or sql)
I followed the firewall section here: https://cloud.google.com/solutions/mysql-remote-access
But I still can't connect.
My firewall is configured:
And I have no idea how to get HTTPS working, But it can be a problem to take care of in the future when I fully switch my site over the compute engine. Since I can't switch my domain or current SSL certificates over yet.
EDIT:
More information:
When I try to connect to SQL using client "Sequel Pro" it returns:
With telnet:
When I try connect to SFTP I get:
Could this be caused by me mistyping the password?
Your firewall settings show that you allowed external traffic to both ports 21 and 3306 for TCP protocol. This is good but not enough.
In order to allow remote connections to MySQL, you will need to grant remote access to your username and your external IP address. Take a look at this case for an example. This is also mentioned in step 6 and step 7 of Configure MySQL server on my-server section of the article you specified:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'TESTUSER'#'<external-ip-my-client>' IDENTIFIED BY '<some-password>';
About the ftp server, the VM instance comes with no ftp service installed, but instead you can use SFTP protocol to connect to it which is more secure than FTP protocol and is highly recommended. Use gcloud compute config-ssh to generate SFTP/SSH key pair. For more information visit Setting up secure FTP on Google Compute Engine artcile.
Related
I have installed mysql on a VM in gcp using this: https://cloud.google.com/architecture/setup-mysql
(I manually installed it on a VM)
But I am not able to connect to it using DBeaver. I am using the external IP provided in the dashboard and I have allowed 3306 but even then I am not able to connect to it. I keep getting connection refused: 4003 error
connection refused: 4003 error
This means the instance isn't listening on the port you're trying to connect to or the firewall is closed. In order to fix this error, we need to ensure that the listening process on the VM runs and listens on the correct port. Then, we verify if the Google Cloud firewall is configured correctly and open
You should look for default-allow-ssh to see if your firewall's rules allow SSH connections. If the firewall and IAP do not resolve your issue.
Check whether you have access. When you add a user and grant privileges to them (or with existing users) you need to specify the host or network range from which that user is allowed to connect. Follow the steps in this stack question and check whether you can connect now.
for more information follow How To Allow Remote Connections To MySQL. Attaching SSH troubleshooting doc.
I have a set of data rolling out of Node-Red that I want to send to a remote MYSQL database. The Node-Red system is running on a Raspberry Pi. How do I make this work? I know how to it using Node.JS but im not sure how to do this in Node-Red. The IP-adress of the Pi is dynamic so simply authorizing its Ip address does not work sadly.
Thanks in advance!
EDIT for clarification:
I want to connect to a remote MYSQL database that is hosted by my webhosting. I have connected a Raspberry Pi to a battery, and I want to save this information in the aforementioned database. Since there will be several battery setups in different locations, I cannot save the data locally. So, one way or another I need to access the remote database through Node-Red. Authorizing one IP-address does't work, since the IP of the Raspberry Pi network is dynamic and thus changes. I think a SSH-Tunnel might be the solution, but I have no idea how to this in Node-Red, and google isnt very helpful.
OK, so as I said in the comments you can make a Username/Password pair for MySQL can be granted permission to any IP address (which is less secure if the username/password is compromised. Set the host to '%' to allow all hosts when setting up the grant options).
To reduce the risk you can restrict the Username/Password to a specific subnet. This could be a wifi network or the subnet associated to the piblic IP (it needs to be the public range as nearly all cellular ISPs use CGNAT) range of the cellular provider you may be using. (See this question for details How to grant remote access to MySQL for a whole subnet?).
If you want to use a SSH tunnel then this will normally be done outside Node-RED with the ssh command line e.g.
ssh -L localhost:3306:localhost:3306 remote.host.com
Then configure the Node-RED MySQL node to point to localhost.
Since the connection will look like it's coming from localhost on the MySQL machine you need make sure the Username/Password is locked down to a that host.
You will probably also want to set up public/private key authentication for the ssh connection.
You may be able to run the ssh command in the node-red-daemon node, which should restart the connection if it gets dropped.
i have followed all instructions give across google but somehow i am unable to get access from my desktop to a remote mysql database installed on Google Compute Engine.
I have done the following
a) create user and grant him permissions to get access remotely
b) allow the port in firewall
c) comment out bind-address
but still i get the error
when i try to connect from my remote windows client.
where i am i missing a required step??? Please help...
Ensure that you have allowed TCP traffic from your location to VM in question to port 3306 on a project level in Cloud Console or using CLI:
gcloud compute firewall-rules list
More about setting up firewalls in official documentation:
https://cloud.google.com/compute/docs/vpc/firewalls
As far as I can tell, google doesn't allow remote connections to a mysql DB on cloud engine. Only between VMs, but now with an external client.
It is only allowed if you are using a dedicated Cloud SQL instance
See the first paragraph on this article (I'd be happy to be proven wrong though):
https://cloud.google.com/solutions/mysql-remote-access
Near the bottom they indicate non-compute engine access is out of scope for the article, but tells you to basically do the same stuff and set the google firewall for external access and the db user to access from outside.
I'm trying to connect my local MySQL to a test 2nd generation MySQL instance on Google SQL platform using the following command on my windows laptop.
mysql --host=130.211.xx.xx --port=3306 --user=root --password
I double checked my IP address with whatismyIPaddress.
I can connect via Google Cloud Shell on the Google Platform itself and also ping the IP address from the local cmd prompt.
As a troubleshooting step I have disabled the local firewalls on my laptop and granted full access to 0.0.0.0/0 to allow all connections on the google platform console.
still no joy from either a cmd line connection on windows or using a putty client, can anyone give me any further pointers on the missing step?
Cheers..
If you are behind a NAT your IP might change which prevents you from accessing the Cloud SQL instance. I would recommend setting up access using SSL certificate. More information about the setup can be found in this Help Center article.
You may need to allow remote connections to your remote database in the server and database configuration. These kinds of connections are typically disabled by default.
Hi Thanks for reading my question. I currently use Mac Terminal to use MySQL. I connect to either localhost or a remote server. Should I be using SSH?
You won't need SSH to access a DB on your local machine.
You can use SSH to access a remote DB using MySQL. You can also use an app with a GUI like Sequel Pro to access the remote DB via an SSH tunnel.
What specifically are you trying to achieve?
There is not enough information to answer your question.
Normally SSH tunnels are used more for adhoc work, while preserving high level of security (can be used in production, too).
MySQL normally uses unencrypted traffic, but it can be setup to use SSL, so that's another path you can take.
Other alternatives are VPNs, for example OpenVPN among other solutions, but this is more of an infrastructure decision.
EDIT: For completeness
On local machine clients can communicate with mysqld over socket or local IP. Normally it is not necessary to encrypt such connections.
For remote connections (which are over IP), as stated mysql uses unencrypted connection and FTP by default also uses unencrypted connection. This might or might not be a security risk (if that particular network segment is on its own VLAN or inside already encrypted tunnel or on physically secured network).
If unsure - encrypt it.