I'm trying to allow remote access to a single mysql database on a different port.
I have added the user and granted all privileges from % to the specific database.
I've added the external bind address and commented out skip-networking from /etc/my.cnf
I've flushed privileges on mysql (technicall mariadb)
And I've setup the port forwarding in firewalld using
firewall-cmd --permanent --zone=external --add-masquerade
firewall-cmd --permanent --zone=external --add-forward-port=port=53306:proto=tcp:toport=3306
I've reloaded firewalld.
I'm testing using dbforge studio but I'm still not able to connect remotely.
What am I missing?
Assuming that SELinux is enabled:
you certainly need to configure port labelling on port 53306 (see http://www.certdepot.net/rhel7-use-selinux-port-labelling/).
you also need to check if a particular SELinux boolean has to be set (see http://www.certdepot.net/selinux-diagnose-policy-violations/).
Regards.
Related
I've installed MySQL on a Google Cloud Virtual Machine (debian buster). What I want to do is to make this accessible publicly (using username / password obviously).
As far as I can tell the server is visible from the outside world, as I can ping the IP and I get results, and I think I've set up a user correctly and given the appropriate permissions so I can log in.
For info, my firewall settings on GCP look like this (this is just the egress, there is one exactly the same for ingress):
Which I'm assuming is correct and leaves the correct port open?
The issue I have when I use MySQL Workbench is that when I try to create a new connection, it gives me the following error:
Your connection attempt failed for user 'username' to the MySQL server at [my ip address]:3306:
Unable to connect to localhost
Please:
1 Check that MySQL is running on address [my ip address]
2 Check that MySQL is reachable on port 3306 (note: 3306 is the default, but this can be changed)
3 Check the user username has rights to connect to [my ip address] from your address (MySQL rights define what clients can connect to the server and from which machines)
4 Make sure you are both providing a password if needed and using the correct password for [my ip address] connecting from the host address you're connecting from**
Any pointers would be gratefully received.
Update: What is really confusing me is the 'Unable to connect to localhost' error. I'm not trying to connect to localhost...?
Update 2: As per comments, results of the following commands:
Note I am trying to connect using the matprichardson username. The svc2toria user is pointing to my own IP address.
Mat, If you want to use your Google Cloud Instance Database using your MySQL workbench. I suggest you connect to it through an SSH tunnel. So, this problem won't happen. I also ran into this problem several times. Connecting through SSH made the job done.
But if your need is something else, this would not help you at all. If your only purpose is managing your database from your local machine using the MySQL workbench. This will work nicely. Create a USER in your Debian VM. and open port 22 to the public. Also, make sure to have strong credentials or a better key file when connecting through SSH. This method is working for every cloud VM database. I'm using this method for G-Cloud, Azure, and AWS. After all of your work is done. Close port 22 (SSH).
My best guess will be because of number 2. "Check that MySQL is reachable on port 3306 (note: 3306 is the default, but this can be changed)".
Your Virtual Machine will have network security controls / firewall which will be blocking port 3306 by default.
I don't use Google cloud but I believe you are looking for "network details" -> "Firewall rules".
did you change your mysqld.cnf already?
bind-address = 0.0.0.0
As none of the suggestions posted worked I went for the rather more nuclear option of deleting and rebuilding my VM and setting MySQL up again from scratch. I must have done something wrong in my initial setup, as things worked without any issues at all once I’d done this.
The location of the MySQL configuration file differs depending on the distribution.
In Ubuntu and Debian the file is located at /etc/mysql/mysql.conf.d/mysqld.cnf
while in Red Hat based distributions such as CentOS, the file is located at /etc/my.cnf
Open the file with your text editor :
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Search for a line that begins with bind-address and set its value to the IP address on which a MySQL server should listen.
By default, the value is set to 127.0.0.1 (listens only in localhost).
In this example, we’ll set the MySQL server to listen on all IPv4 interfaces by changing the value to 0.0.0.0
bind-address = 0.0.0.0
# skip-networking
If there is a line containing skip-networking, delete it or comment it out by adding # at the beginning of the line.
In MySQL 8.0 and higher, the bind-address directive may not be present. In this case, add it under the [mysqld] section.
Once done, restart the MySQL service for changes to take effect. Only root or users with sudo privileges can restart services.
To restart the MySQL service on Debian or Ubuntu, type:
sudo systemctl restart mysql
On RedHat based distributions like CentOS to restart the service run:
sudo systemctl restart mysqld
For more Detail Read Here
I keep trying to connect to my MySQL Database use POPSQL, and I keep getting the error code ECONNREFUSED (Error Connection Refused) M.Y.I.P:3306, and I can't figure out why. The set up is a follows:
I'm running Plesk, on Cent OS, which uses a MySQL DB (Maria), which I normally connect to using PHPMyAdmin using the Plesk interface.
Now I'm trying to connect to it using this POPSQL, but I've not been able to connect remotely using any applications.
My troubleshooting:
1: Restart Server: Many times, and after each change.
2: Check firewall: It's enabled, running, and port 3306 is open (I also tried connecting over SSH, which I can do in a terminal, but not POPSQL or any other SQL Connection software)
3: Check Plesk Config: Credentials are right, remote connections are allowed through any host Plesk DB config
4: Check Maria config, bind address is 0.0.0.0 instead of 127.0.0.1
[mysqld]
bind-address = 0.0.0.0
local-infile=0
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
My knowledge of DB troubleshooting ends there, so if you have any ideas or recommendations as to whats going on and how to fix it please let me know. Again, I'm pretty new to all of this so I'm sure it's just a simple mistake, but an extra set of eyes would be extremely helpful.
I'm not good with firewalls and that shows.
I was editing the default firewall zone "public" instead of "plesk," the one controlling traffic for this server.
For future reference:
1: Check what zones are active.
firewall-cmd --get-active-zones
2: Edit the active zone
firewall-cmd --zone=plesk **OR whatever your zone is called** --add-port=3306/tcp --permanent
2.5: Make sure it says success
firewall-cmd --zone=plesk --add-port=3306/tcp --permanent
success
3: Reload firewall
firewall-cmd --reload
Credit to Bernd Buffen for pointing me in the right direction.
Don't forget the basics!
We have a MySQL server in one of the remote Virtual Machine (Windows Server 2008). Till yesterday we were able to connect to the MySQL server, with the help of workbench installed in our local machine.
Yesterday there was a restart to the machine which has the Virtual Machine installed. After that we are unable to connect to MYSQL. Though I can ping and remote connect this particular VM. I can even execute the queries inside the workbench installed in the VM.
I am not too good at networking or security related stuffs. Please help me to solve this issue.
Error :
Your connection attempt failed for user 'root' from your host to server at ABC:3306: Can't connect to MySQL server on 'ABC' (10060)
Really this could be a magnitude of possible reasons, hopefully this is a start:
Check basic network
From the MySQL virtual machine open up a command prompt and type IPCONFIG /ALL. This will show you all the IP addresses bound to different network adapters.
Check that the IP address you're connected to is listed there, the virtual machine might have got a new IP from DHCP rather than having a static IP after its restart.
Hostname vs IP
You should check the hostname resolution, from your quoted error it would suggest you are you are connecting to a hostname rather than a server IP. Check your machine can resolve to the hostname using the correct IP address - it could also be worth changing the hostname for the actual IP of the server in the connection string.
MySQL config file
You've said you're running MySQL on Windows, it was customary to rename the my.cnf to my.ini. The configuration file for older versions of MySQL previous to 4.1.5 was usually stored in either c:\my.ini or c:\windows\my.ini. For versions after this the default location is the installation directory usually %PROGRAMDATA%\MySQL\MySQL Server xxx.
When you have located the configuration file please open it on Notepad (or similar text editor), locate the [mysqld] section and make sure that port= the port you're trying to connect to and bind-address= the IP address you're trying to connect to.
Server ports
From the MySQL virtual server open a command prompt and type netstat –ano, this will show you a list of processes and what IP's / ports they are listening on. The MySQL server should be listed here and should be listening on the same port and IP as the config file defines.
Windows firewall
You should have a firewall rule to allow MySQL, the following will add one on the default port of 3306
netsh advfirewall firewall add rule name="MySQL Server" action=allow protocol=TCP dir=in localport=3306
Identify if this is machine specific
You could setup the MySQL Workbench application on another workstation and try to connect to identify if this is a global problem or just one related to your specific workstation.
mysql administrator of your database should allow remote connection to the mysql server.
change this in my.cnf:
bind-address = 127.0.0.1 # this shoul be your mysql server ip
and comment this:
# skip-networking
Chances are that your configuration was set up for an IP that has changed. By default, mysql won't let you connect from remote hosts unless you explicitly give permissions for a specific user on a specific schema or a group of schemas, for example if you did something like this:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Maybe what you actually did was to set the grant onto your own IP address, that is the address of your local machine, and if your local machine (not the remote server) has changed it's IP address, then mysql will not let you connect unless you have the "1.2.3.4" IP address which obviously you don't have anymore if you have a dynamic IP address (common with DSL/Cable connections)
So connect through SSH or Telnet or whatever you use to your windows server and go to mysql as root and do this:
SELECT * from information_schema.user_privileges;
That will show you the grants on all users and how they are allowed to connect. If you don't see your local IP Address listed there or a wildcard (which would allow you to connect from any remote machine to the server) then you have to set it up like this:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Where USERNAME of course is your user. See that after the on there is a wildcard / dot /wildcard that means you want that user to be able to connect to any schema (database, for mysql) from any user from any network. But I'd recommend that you only do the grant for the user for the specific schema you need to connect to.
Then after that, if you actually had the right information and still can't connect than use a portscanner like nmap or something like that to do a port scan and see if mysql is:
Open and listening to external network
Running on the port that you actually want to connect through
If 1 is true, then check 2 because maybe there is a misconfiguration of the port. But if any of these 2 points do work then it sounds definitely not like a network configuration but a user setting or something else.
GRANT ALL ON *.* to user#'%' IDENTIFIED BY 'password';
this command should do the trick for all users #Gustavo Rubio has already given the proper explanation.
To ensure what ports are open run cmd in the virtual machine and type.
netstat -a
TCP 127.0.0.1:3360 Hostname:3360 LISTENING
The my.cnf is located Mysql-install-path\MySQL\MySQL Server xxx make sure you backup original before changing
Can't connect to [local] MySQL server
Testing The MySQL Server Installation on Microsoft Windows
MySQL Workbench: Manage MySQL on Windows Servers the Windows way
For the first time you need to test and make sure your connection to mysql is not blocked by the firewall.
To disable the firewall on each host in your cluster, perform the following steps on each host.
1. Save the existing iptables rule set.
iptables-save > /root/firewall.rules
2. Disable iptables.
For RHEL, CentOS, Oracle, and Debian:
chkconfig iptables off
and
/etc/init.d/iptables stop
For SLES:
chkconfig SuSEfirewall2_setup off
and
rcSuSEfirewall2 stop
For Ubuntu:
service ufw stop
https://www.cloudera.com/documentation/enterprise/5-7-x/topics/install_cdh_disable_iptables.html
Depends on your setup, but if you're using cPanel just go to RemoteMYSQL and enter your host. You can also use a wildcard. Below worked for me when I was getting the error
"Could not connect to DB server '' as user ''. port : Host '' is not
allowed to connect to this MySQL server"
On MySQL v5.6 this may be the case.
When another server communicate by advertising its hostname instead of IP address, the resolution might fails (because your user is using IP address instead of hostname for example).
So, you need to disable the following,
skip-host-cache
skip-name-resolve
Or maybe create the user with appropriate hostname (instead of IP address). You may find the hostname when establishing the connection to the remote MySQL.
As the screenshots show, I have the accounts setup to allow remote connections but as shown in the second screenshot I still cannot connect remotely.
I use for testing in the virtual machine (Ubuntu 16.04), for me, I fixed the error changing the file 50-server.cnf.
My server is Ubuntu, so changing the file below:
50-server.cnf
The path of this file:
/etc/mysql/mariadb.conf.d
PS: Create a backup of the file before the change.
Only change in file the bind-address 127.0.0.0 to bind-address 0.0.0.0
After this restart service and try again.
Regarding that user, need to allow for external connections.
I hope that this info helps you.
Mysql by default binds to 0.0.0.0 which is all interfaces on your system. Which means you can already connect from another computer. The issue is perhaps permissions. You can enable remote connections by running the following command:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'192.168.%' IDENTIFIED BY '' WITH GRANT OPTION;
MariaDB packages bind MariaDB to 127.0.0.1 (the loopback IP address) by default as a security measure using the bind-address configuration directive. Old MySQL packages sometimes disabled TCP/IP networking altogether using the skip-networking directive.
Steps to allow remote connections are provided in the MariaDB Knowledge Base at https://mariadb.com/kb/en/mariadb/configuring-mariadb-for-remote-client-access/
I've just downloaded MySQL Workbench.
But I don't quite understand how to syn this with the databases on my remote server.
Work bench asks for "hostname" so I provided the hostname of my remote server. I designate port 3306.
I then provide a username. This is the username I use when I log into PhpAdmin -- should I be using a different one?
Then I provide a password, again the same one I use for PhpAdmin.
But this doesn't work.
Oddly, the error always tells me my user name is: username#current_network_im_using_to_access_the_internet
But this doesn't seem right -- on phpAdmin my user name says username#localhost.
I'm not quite sure what to do.
Can you help me?
MySQL treats logins as specific to the host they originate from. You can have a different password from your home machine than the one you use on the server itself, and you can have entirely different sets of permissions granted to the same username from different origin hosts.
On PHPMyadmin, the database is running on the same server as the web server, and therefore refers to itself as localhost, with IP 127.0.0.1. Your machine on which Workbench is installed must access MySQL with different credentials than your username#localhost. The server requires you to grant access to your username from any host you intend to connect from.
In PhpMyAdmin, you will need to grant access to your database from the remote host: (See also Pekka's answer for how to allow connections from any host)
GRANT ALL PRIVILEGES on dbname.* TO yourusername#your_remote_hostname IDENTIFIED BY 'yourpassword';
To see all the grants you currently have on localhost so that you can duplicate them for the remote host:
SHOW GRANTS FOR yourusername#localhost;
Additionally, the MySQL server needs to be setup to accept remote connections in the first place. This isn't always the case, especially on web hosting platforms. In the my.cnf file, the skip-networking line has to be removed or commented out. If there is no skip-networking line, you must comment out the line:
bind-address = 127.0.0.1
...then restart MySQL.
Your phpMyAdmin seems to run on the same server as the database itself.
Therefore, it can use username#localhost to connect to the server.
You would need to make mySQL accept connections from outside localhost by adding another user username#% (% meaning "any host").
Note however that this is not good practice - if you have a static IP, consider limiting access to that one address.
If you are planning to use MySQL workbench for managing MySQL databases and tables in a remote server, I am recommending connect over SSH. by following many articles and forums I tried many other ways by adding bind-address, adding a new user to MySql with uname#host with all privileges, etc. but in my case, all those steps were wasting of time, those steps will be useful if your server is so strict.
Follow the steps below.
Click on the + button beside the MySql connections Title to add a new connection.
Enter Connection Name(Whatever you need).
Select connection method Standard TCP/IP over SSH.
Enter the SSH details like Host(IP/Domain), Username, and Password. (SSH using Password Authorisation should be enabled in server)
MySQL host details like Hostname(By Default localhost or 127.0.0.1), port(3306), MySQL username and password.
Then click on test connection.
To get connected to MySQL Workbench installed on Windows 10, I found the above post written by Shihab and edited by Dharman useful to get connected instantly. But, here are the things that I did to connect via TCP/IP which was also useful for me to connect to MySQL via my code:
Step 1:Changing the bind address in MyMySQL
On the Ubuntu machine (where my MySQL Community Server is installed) using Putty, I changed the mysqld.cnf file with the command "sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf". Using arrow keys, I scrolled down to the row with "bind-address" and I changed it from "127.0.0.1" to "0.0.0.0". I used ctrl+x to close and entered "Y" to save the file.
Step 2: Restart the MySQL Server
You have to restart the MySQL server. To do that, you can restart using the command "sudo service mysql restart". If you are unable to restart, kill MySQL Process. First find the Process ID of MySQL using "ps ax | grep mysql" then kill the process using "sudo kill [process_id]"
Step 3:Changing the Firewall Settings of Ubuntu
To allow outside connections, you should change the settings of the firewall. I used UFW (Uncomplicated FireWall) to change the settings. Start the UFW if it is not yet enabled using the command "sudo ufw enable". Check the status using "sudo ufw status". Now, enable connections to the MySql port 3306 (default) from a particular IP address using the command "sudo ufw allow from [ip_address] to any port 3306" or you can allow all connections to the port from any IP address is your IP address keeps changing using the command "sudo ufw allow mysql"
Step 4: Creating a user in MySQL
I created a user in MySQL to avoid logging in using the root using the command "CREATE USER 'user_name'#'your_IP_Address' IDENTIFIED BY 'password';
Step 5: Connect via the MySQL workbench
Click Database
Click Connect to Database
In the Connection Method field, select "Standard TCP/IP"
In the Hostname, enter your server IP address
In the Server Port, leave as it is "3306" unless you have changed the port of MySql in your server
In the Username, enter your server user name
In the Password, enter your server password
Click Ok
Step 6: If you are still not able to connect
On your server, disable the firewall and check if you are able to connect
If you are able to connect, reset the firewall with the command "sudo ufw reset" (Make sure you take a copy or screenshot of all the connections in the firewall. You can get all the ports with the command "sudo ufw status"). If you are unable to connect go to step 9.
Now allow each and every port that was earlier present with the command "sudo ufw allow 80", "sudo ufw allow mysql", etc.
Disable and enable the firewall using the commands "sudo ufw disable" and "sudo ufw enable" respectively.
Check if you are able to connect via the workbench
If you are still not able to connect, just restart the server using the command "sudo reboot"
Once the reboot is complete, you should be able to connect to the MySQL server.
If you are still not able to connect, use something like nmap software to check for all the open ports and see if you can see 3306. If you can't see the port, you have to debug what is stopping the firewall from blocking your MySQL connections.
Check your MySQL privileges with the command "show grants for 'user_name'#'localhost';". If you are able to see the grants, that means your IP address is not allowed. Try to update the grants with your IP address with the following command "GRANT ALL PRIVILEGES ON database.* TO 'user'#'yourremotehost' IDENTIFIED BY 'newpassword';" or GRANT ALL PRIVILEGES ON database.* TO 'user'#'yourremotehost' IDENTIFIED BY 'newpassword'; (To allow connections from everywhere)
If the above steps don't work and still you want to connect via a quick hack
Premium Hack Step: Logging in using MySQL Workbench via SSH
Click Database
Click Connect to Database
In the Connection Method field, select "Standard TCP/IP over SSH"
In the SSH Hostname, enter your server IP address
In the SSH Username, enter your server user name
In the SSH Password, enter your server password
In the SSH Key file, don't do anything
In the MySQL Hostname, leave it as it is "127.0.0.1"
In the Server Port, leave as it is "3306" unless you have changed the port of MySQL in your server
In the Username, enter your MySQL username that you created in the previous step
In the Password, enter your MySQL password that you created in the previous step
Click Ok
Now, you should be able to enter your MySQL Workbench
Other useful commands:
To check if MySQL is running: systemctl status mysql
Entering MySQL: sudo mysql -u [username] -p (Default username is root and password is nothing (just press enter key))
To check the status of ufw: sudo ufw status
To check the ufw status numbered for deleting a port access: sudo ufw status numbered
To delete a ufw port access: sudo ufw delete [number_of_the_port_to_be_deleted_from_previous_command]
To start MySQL service: sudo service mysql start
To update all packages: sudo apt update
To uninstall MySQL: sudo apt-get remove mysql*
To install MySQL
Step 1: sudo apt update
Step 2: sudo apt install mysql-server
Step 3: sudo systemctl start mysql.service
Step 4 (if something is broken during installation): sudo apt --fix-broken install