I have a mysql database (v5.5.41) setup on a remote server and an application connects to the DB from another server to run some queries. It's been working fine but recently my DB server got a new IP address. My application can't connect to the DB anymore, the connection times out.
The application is using the DNS name of the server, not a hard-coded IP, so there shouldn't be a problem. In any case, if I run this from the application server:
mysql -u app_user -h mydb.myhost.com -p
then I get
ERROR 1045 (28000): Access denied for user 'app_user'#'xxx.xxx.xxx.xxx' (using password: YES)
If it was having trouble finding the new IP, then that command would probably just hang and timeout, so it seems to be an authentication issue. My password is definitely correct, but the application is using the same password as when the app was connecting successfully so it's not an issue of mistyping it.
I've tried deleting the user app_user from the database and re-creating, exactly as I did in the beginning:
CREATE USER 'app_user'#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'mypassword';
GRANT SELECT ON mydb.* TO 'app_user'#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'mypassword' REQUIRE SSL;
FLUSH PRIVILEGES;
I'm not sure if the DB server IP change is just a coincidence, and maybe there's some other issue.
The entry for app_user in select user, host from mysql.user shows the same IP address as in the Access Denied message above. For what it's worth, I tried changing the DB user host to * and got Host 'xxx.xxx.xxx.xxx' is not allowed to connect to this MySQL server.
Could this have something to do with SSL being required by connection attempts from this user?
The problem was related to the REQUIRE SSL in the privileges for my user. Without it, I could connect just fine. I got things working again by putting my client-cert.pem and client-key.pem files on the application server, updated my.cnf by adding:
ssl-cert = /path/to/client-cert.pem
ssl-key = /path/to/client-key.pem
...under the [client] section and restarted the mysql server.
However, I still don't understand why I was able to connect successfully before when I had done none of these things.
Related
I have a mysql database running on a VPS. I can ssh into the host and connect to mysql with no problems. I cannot connect to mysql remotely from my desktop. I have performed the following:
opened port 3306 on the firewall
added my local IP to the remote IPs accepted by mysql. This was done via CPanel
executed
GRANT ALL ON dbname.* TO username#'x.x.x.x' IDENTIFIED BY 'PASSWORD'
to tell mysql to let me connect from the specified address.
I execute the following from the command line on my desktop:
mysql -h x.x.x.x -u username -p
I get a password prompt which indicates I am past the firewall and mysql is responding. When I supply the password, it denies access:
ERROR 1045 (28000): Access denied for user 'username'#'x.x.x.x' (using password: YES)
Have I missed something?
The answer was given in the comments, so I will repeat it here to properly close the thread. alvits suspected that the remote user had not been created. It had been created but his comment prompted me to clean up the user table.
I deleted all remote users including loads that had been created by CPanel or migrated from another host. I then started from scratch doing create user and grant all and it works now.
Thanks!
I have installed MYSQL 5.6 stand-alone on a local windows server. Recently, I changed the local IP of my server and reconfigured it in my network, but now I am not able to access my databases. It is giving me this error:
1045 - Access denied for user 'user'#'localhost' (using Password: Yes)
The above error is coming while using localhost as the server name. Also, I am able to connect to localhost through root username, but it is not showing me the original DB's which I had before.
Also before the server IP change I was able to access the MySQL server through the old IP of the server. like host name: xx:xx:xx:xx , user: user, pass: pass .... But it is also giving me an error:
2003 - cannot connect to my sql server on 'xx:xx:xx:xx' (10038)
I have tried the solution define on following link and run following query:
https://dev.mysql.com/doc/mysql-windows-excerpt/5.6/en/resetting-permissions-windows.html
SET PASSWORD FOR 'root'#'%' = PASSWORD('test');
and this is starting giving error of access denied for the root username and password 'test'
Can any body help me to resolve this.
Connect to 127.0.0.1 as root.
Update IP address for mysql user row with old IP address.
use mysql;
update user set host='NEWIP' where host='OLDIP' and user='root';
flush privileges;
Try again to connect.
If you don't have root access, reset permissions and try again.
http://dev.mysql.com/doc/refman/5.7/en/resetting-permissions.html
This is a problem experienced by people who downloaded the recent version (i.e MySQL 5.7.10)
The problem is there is a temporary password for this version
after you typed in bin>mysql -u root -p ...
you have to type in the password which is different for every person who downloaded it. Go to your mysql directory in C (or wherever you extracted it to) , go to the file 'data'. There would be an ERR file with your computer's name on it.
Open that file using notepad
in the 6th line of commands, there would be a line as follows
[Note] A temporary password is generated for root#localhost: '(your password)'
copy that password and paste it in the command prompt ... From there on you can continue as shown in the video
I have the current setup:
SVR01:
Ubuntu Trusty, with Xen
VM01:
IP: 192.168.0.10
Ubuntu Trusty, with Apache2 + php modules
VM02:
IP: 192.168.0.11
Ubuntu Trusty, with mysql server
When I try connecting from VM01 (The apache server) to mysql on VM02, I get the "Access Denied for 'NewUser'#'192.168.0.10' (Using password: YES)" error.
I created the user using:
CREATE USER 'NewUser'#'192.168.0.10' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'192.168.0.10';
But, it will work if I create the user using the host wildcard:
CREATE USER 'NewUser'#'%' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'%';
Does anyone know why it won't work when I specify the host ip?
PS. I get the error when trying to connect either through the Mysql client, or through the PHP PDO.
Follow up questions:
Does the grant seem to work if you create a user with a 192.168.0.% wildcard host mask?
Run select user, host, password from mysql.user where user='NewUser' to ensure there's not another user#host you weren't aware of that might be getting picked up?
Does the Access denied messages in your error logs confirm the failed connection attempts are in fact coming from the IP you think it is? Some weirdness like this might pop up if you have multiple routes setup in a system that has multiple network interfaces or perhaps some VPN routes in the mix.
When attempting connections to VM02 are you using a literal IP address or a hostname? If the later are you sure this is resolving to the IP you think it is from VM01 (you can verify using ping or just the host command from the command line)
Run "show variables like 'init_connect';" on the root account you were creating the users with. If that value is not blank you will want to ensure the accounts of permissions required to execute whatever that value does hold.
I have a remote Server which is running mysql. I have enabled remote access by changing the bind address to the public ip, and commenting the "skip-networking" line. I then used ufw (ubuntu firewall) to open the mysql port 3306
However my client times out when trying to connect to the server. So I test the connection with telnet, and I get the expect response, the same as I get on the local server.
I'm getting no errors, and no response when using a mysql client, but access would appear to be there in telnet.
Can anybody suggest what I've missed?
Thanks
If its not a firewall issue then maybe its a permission problem , try this for the user you use to connect from that host:
CREATE USER 'user'#'host' IDENTIFIED BY 'pass';
GRANT ALL on *.* to 'user'#'host';
FLUSH PRIVILEGES;
UPDATE:
Also check the bind-address from my.cnf file
For example, if you bind to 0.0.0.0, you can connect to the server
using all existing accounts. But if you bind to 127.0.0.1, the server
accepts connections only on that address. In this case, first make
sure that the 'root'#'127.0.0.1' account is present in the mysql.user
table so that you can still connect to the server to shut it down.
When I check the mysql query logs on our BSD server, I see, repeated again and again:
111123 8:23:11 4478 Connect Access denied for user 'Neohoo'#'localhost' (using password: YES)
4479 Connect Access denied for user 'root'#'localhost' (using password: NO)
I shut off outside access by adding the skip-networking option and restarting mysql:
cat /etc/my.cnf
[mysqld]
// The MySQL server
skip-innodb
max_connections=30
skip-networking
set-variable=local-infile=0
And verified by:
telnet bsdServer.com 3306
telnet: Unable to connect to remote host
The MySql is used with a legacy PHP application. I considered it could be an SQL injection attack but I am at a loss to find which section of the program. The mysql query logs do not show an IP address or any more useful data.
Any suggestions appreciated.
I shut off outside access by adding the skip-networking option
But these users are connecting from localhost - i.e. not across the network.
The mysql query logs do not show an IP address
Yes they do:
111123 8:23:11 4478 Connect Access denied for user 'Neohoo'#'localhost' (using password: YES)
Some client running on the machine is trying to connect.
If this machine is running a PHP webserver, particularly one facing the internet, most likely have a PHP code injection issue. Try cross referencing the timestamps on the log entries with your webserver access_log. If you've got the mysql client available on the machine, ensure that your webserver uid can't run it.