Im trying to allow remote accecss to MySQL on my Ubuntu server (VPS).
Im trying to access the database through an Java application Im building in Netbeans. Netbeans kick the following error message, when trying to connect:
Cannot establish a connection to
jdbc:mysql://xx.xxx.xxx.xxx:3306/xxxxxx?zeroDateTimeBehavior=convertToNull
using com.mysql.jdbc.Driver (null, message from server: "Host
'xx.xxx.xxx.xxx' is not allowed to connect to this MySQL server")
I have followed this guide when trying to connect to my MySQL server through Netbeans: https://www.youtube.com/watch?v=Fk2EkBs-Oq4
MySQL
MySQL running on standard port 3306.
In /etc/mysql/my.cnf I have comment out the following row:
bind-address = 127.0.0.1
So no bind-address exist in my my.cnf -file.
UFW
I have UFW installed on my server. ufw status numbered looks like this:
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] Anywhere ALLOW IN MY-IP-ADDRESS*
[ 4] 3306/tcp ALLOW IN Anywhere
[ 5] 3306/tcp ALLOW IN MY-IP-ADDRESS*
[ 6] 22 (v6) ALLOW IN Anywhere (v6)
[ 7] 80/tcp (v6) ALLOW IN Anywhere (v6)
[ 8] 3306/tcp (v6) ALLOW IN Anywhere (v6)
*MY-IP-ADDRESS = The ip address I have "out" to the internet, which I recive from: http://whatismyipaddress.com/
What am I doing wrong and why cant I connect?
EDIT:
The thing is that if i bind in my.cnf I can only bind one IP. I need localhost access for my live websites running on the vps and also access from my dev-computer (which this thread is aiming). My thoughts was to remove bind in my.cnf to allow all and then grant access through my firewall UFW to localhost and my dev-computer.
if you want to use Connect via PuTTY and tunnel
look at the bottom of this answer
I assume you have a mysql administration tool.
The following will look depending on the tool used linux or something else, but work the same.
Login there and go into the user administration.
If you have installation a normal Mysql, then there should be only root without a host.
From the moment when you have created a localhost, then Mysql assume that you want to manage multiple hosts.
Create a existing host. A computer name exists in your network. Here root#dxxxxx-p. This should be created under the root user.
That's not all now you still have all your tables grant permissions.
Here pricelist has no assigned permissions
But sample has all permissions
With multiple host administration is for example.
A computer with two accessible names
myComp1 : IP 192.168.0.101
localhost : IP 127.0.0.1
If you now connect on the same computer with "mysql -h localhost -u root ...." you get the permissions you have assigned to localhost.
You might think because localhost and myComp1 is the same computer.
Now automatically myComp1 has the same permission as localhost .
But this is not so. So be careful.
Connect via `PuTTY` and tunnel
when you connect you with PuTTY, everything described above is not necessary.
With tunnel you connect as root#localhost on the ubuntu server.
Localhost is here somewhat misleading because it does not relate to your windows computer but on the localhost on the ubuntu server.
Access Your MySQL Server Remotely Over SSH
So you’ve got MySQL on your web server, but it’s only opened to local ports by default for security reasons.
If you want to access your database from a client tool like the MySQL Query Browser or Netbeans , normally you’d have to open up access from your local IP address… but that’s not nearly as secure.
So instead, we’ll just use port-forwarding through an SSH tunnel, so your MySQL client thinks it’s connecting to your localhost machine, but it’s really connecting to the other server through the tunnel.
Go to SSH->Tunnels
After clicked Save
Make sure that the MySQL server are off on the Windows computer.
I'm using MySQL System Tray Monitor.
With a right click, I see all the options.
click Open
If you have done all the settings for SSH on ubuntu right, that should appear here. (If NOT Search for Ubuntu SSH and Putty on the web)
Do not forget: Now that you've logged on ubuntu server you have all the right as root#localhost on the server itself, since root#localhost has all rights, you need not create a host and create permissions to schemas
Now on your windows computer open MySql Query Browser
Now connect to localhost (remember this localhost means localhost on ubuntu)
You can use in Netbeans the same settings to connect to Mysql on Ubuntu
Mysql Query Browser opens you can work on your Databases on UBUNTU
Netbeans
After closing New Connection Wizard
A new connection is created with all Databases On Mysql Ubuntu.
Change
bind-address = 127.0.0.1
To
bind-address = YOUR-IP-ADDRESS*
You need to grant access to that database :
GRANT ALL ON foo.* TO bar#xxx.xxx.xxx.xxx IDENTIFIED BY 'PASSWORD';
And also updated the firewall rules something like :
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
Related
I've installed MySQL on a Google Cloud Virtual Machine (debian buster). What I want to do is to make this accessible publicly (using username / password obviously).
As far as I can tell the server is visible from the outside world, as I can ping the IP and I get results, and I think I've set up a user correctly and given the appropriate permissions so I can log in.
For info, my firewall settings on GCP look like this (this is just the egress, there is one exactly the same for ingress):
Which I'm assuming is correct and leaves the correct port open?
The issue I have when I use MySQL Workbench is that when I try to create a new connection, it gives me the following error:
Your connection attempt failed for user 'username' to the MySQL server at [my ip address]:3306:
Unable to connect to localhost
Please:
1 Check that MySQL is running on address [my ip address]
2 Check that MySQL is reachable on port 3306 (note: 3306 is the default, but this can be changed)
3 Check the user username has rights to connect to [my ip address] from your address (MySQL rights define what clients can connect to the server and from which machines)
4 Make sure you are both providing a password if needed and using the correct password for [my ip address] connecting from the host address you're connecting from**
Any pointers would be gratefully received.
Update: What is really confusing me is the 'Unable to connect to localhost' error. I'm not trying to connect to localhost...?
Update 2: As per comments, results of the following commands:
Note I am trying to connect using the matprichardson username. The svc2toria user is pointing to my own IP address.
Mat, If you want to use your Google Cloud Instance Database using your MySQL workbench. I suggest you connect to it through an SSH tunnel. So, this problem won't happen. I also ran into this problem several times. Connecting through SSH made the job done.
But if your need is something else, this would not help you at all. If your only purpose is managing your database from your local machine using the MySQL workbench. This will work nicely. Create a USER in your Debian VM. and open port 22 to the public. Also, make sure to have strong credentials or a better key file when connecting through SSH. This method is working for every cloud VM database. I'm using this method for G-Cloud, Azure, and AWS. After all of your work is done. Close port 22 (SSH).
My best guess will be because of number 2. "Check that MySQL is reachable on port 3306 (note: 3306 is the default, but this can be changed)".
Your Virtual Machine will have network security controls / firewall which will be blocking port 3306 by default.
I don't use Google cloud but I believe you are looking for "network details" -> "Firewall rules".
did you change your mysqld.cnf already?
bind-address = 0.0.0.0
As none of the suggestions posted worked I went for the rather more nuclear option of deleting and rebuilding my VM and setting MySQL up again from scratch. I must have done something wrong in my initial setup, as things worked without any issues at all once I’d done this.
The location of the MySQL configuration file differs depending on the distribution.
In Ubuntu and Debian the file is located at /etc/mysql/mysql.conf.d/mysqld.cnf
while in Red Hat based distributions such as CentOS, the file is located at /etc/my.cnf
Open the file with your text editor :
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Search for a line that begins with bind-address and set its value to the IP address on which a MySQL server should listen.
By default, the value is set to 127.0.0.1 (listens only in localhost).
In this example, we’ll set the MySQL server to listen on all IPv4 interfaces by changing the value to 0.0.0.0
bind-address = 0.0.0.0
# skip-networking
If there is a line containing skip-networking, delete it or comment it out by adding # at the beginning of the line.
In MySQL 8.0 and higher, the bind-address directive may not be present. In this case, add it under the [mysqld] section.
Once done, restart the MySQL service for changes to take effect. Only root or users with sudo privileges can restart services.
To restart the MySQL service on Debian or Ubuntu, type:
sudo systemctl restart mysql
On RedHat based distributions like CentOS to restart the service run:
sudo systemctl restart mysqld
For more Detail Read Here
I have tried suggestions in what seems like every post about this topic and none of them have worked for me, so I'm posting my own in case anyone spots anything that I missed.
I'm migrating a wordpress site into a LEMP (ubuntu, apache) stack instance on Digital Ocean, and I need temporary access to the database via MySQL Workbench or something similar on my local machine. I'm planning to turn it off once the migration is done. However I am having a very weird issue I can't figure out the cause for.
If I attempt to sign into the sql instance using
mysql -u user -h my.ip.address -p
I can get access from my local machine just fine.
I can also SSH into the server itself via terminal just fine, I have it set up in my ssh config file using the same ip address and the same user and ssh key i'm attempting to use for my workbench connection.
However doing the same via an SSH connection on workbench I constantly get the error:
Authentication failed, access denied.
Failed to connect to MySql at my.ip.address:3306 through ssh tunnel at user#127.0.0.1 with user mysqluser
Things I've done to attempt to rectify this:
set bind-address in mysql config to 0.0.0.0 on the server and restarted server's mysql
set bind-address in mysql config to my.ip.address on the server and restarted
allowed tcp connection
allowed connection via ufw firewall to 3306 and 33060 ports
created a mysql user with all privileges granted for 'localhost', '%', and '0.0.0.0' hosts
tried sshing in as root user
tried using the root user for the mysql user
I am probably missing some things on that list as I feel like I've tried a million things already!
I even have a different server on a LAMP stack (not LEMP) that I set up a few days ago and was able to gain access to the mysql db on workbench by following the same steps, and even attempted backtracing and copying what I did on the LAMP server, but no go.
I checked to see the netstats of the mysql instance and match the port and the ip and that didn't work, I made sure the port of the SSH was correct, nothing is working.
Does anyone have any tips? I've been using all of the "allow remote mysql connection on digital ocean" articles and questions i can find but nothing is working.
Here is my Workbench connection config at the moment but i have tried what feels like every iteration of it i could think of (re users, passwords, IP addresses, and ports)
SSH Hostname: my.ip.address
SSH Username: user
SSH Password: user-password (also tried empty, since i have a key)
SSH Key File: same key file i use to ssh on terminal
Mysql Hostname: 127.0.0.1 (also tried my.ip.address)
MySql Server Port: 3306 (also tried 33060)
Username: MySqlUser
Password: MySqlUser-Password (works when connecting to mysql via terminal)
I am experiencing some difficulties to configure MySQL Server and allow remote connections. I am currently using Ubuntu Server 16.04 and the latest MySQL version. This is a Virtual Private Server (VPS) from VpsDime (I apologize if this is not relevant). Everything i have done has been accomplished by SSH protocol using the root user.
This is the error Workbench throws me when I try to connect to MySQL:
Your connection attempt failed for user 'globalAdmin' from your host server at <IP>:3306:
Can't connect to MySQL server on '<ServerIP>' (10060).
I have been following and reading tutorials to configure it at this point. So, the relevant things i have done for this are:
Install the latest version of MySQL
Create a user granting full privileges for local and outsiders by this way:
CREATE USER 'myuser'#'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'myuser'#'%' IDENTIFIED BY 'mypass';
GRANT ALL ON *.* TO 'myuser'#'localhost';
GRANT ALL ON *.* TO 'myuser'#'%';
I modified the MySQL configuration file /etc/mysql/mysql.conf.d/mysqld.cnf using nano. The change i made was replacing this:
bind-address = 127.0.0.1
For this:
bind-address = 0.0.0.0
This is to allow remote connections, this was suppose to be done in my.cnf file, but i modified another file based on the first answer here: https://askubuntu.com/questions/699903/why-is-etc-mysql-my-cnf-empty
Also i added the following two lines in my file.
[mysqld]
bind-address = 0.0.0.0
Finally, using UFW I am allowing the port 3306 and 3306/tcp. Using the command sudo ufw status I am getting this (i am showing only the relevant):
3306 (v6) ALLOW Anywhere (v6)
3306/tcp (v6) ALLOW Anywhere (v6)
Which as far I know is all I need to connect remotely.
The way I am connecting to MysQL server is by MySQLWorkbench for Windows, Connection Method: Standard(TCP/IP) using my server ip address, default port (3306), the "globaAdmin" user I created as mentioned before without Schema.
---The following MAY NOT be relevant---
Im having the same issue for MongoDB, it is funny because I also installed MS SQL Server 2017 and the only thing i did to connect remotely was open ports for it with the UFW tool.
I have been using ubuntu 14.04 LTS OS and now i want to give permission of my local mysql server for my colleague system in my network. I need the answes for the following question,
How to bind my system IP address to mysql server. If i execute the command line "mysql -uroot -proot -h192.168.1.198", then received the error message below
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.1.198' (111)
Then how to give permission to other system user to access my local mysql server.
Your MySQL service is bound to serve localhost only (interface binding). This is the default for security reasons. If you really need to access it directly from other hosts, there is a nice How to enable remote access to MySQL on Ubuntu which you could follow:
as root, open your /etc/mysql/my.cnf with your favorite editor
look for the [mysqld] section, and in there for the bind-address keyword. This usually is set to 127.0.0.1 -- change that to match your "normal" IP-address
save the file, and reload the service (e.g. using service mysql restart)
Remember you must enable your remote users to access their database(s) from remote, by setting the appropriate GRANTs -- e.g.
GRANT ALL ON mydb.* TO remoteuser#'%' IDENTIFIED BY 'SomePASSWORD';
Note the #'%', which means "from any host".
Try to telnet MySql server from that PC
telnet 192.168.1.198 3306
If that fails there are two cases:
You have not properly opened MySql Server required ports (default: 3306)
Go to my.ini (or my.cnf) and comment out bind-address and change it to 0.0.0.0 (to listen to all available interfaces) or perhaps the server's LAN IP (192.168.1.XYZ).
We have a MySQL server in one of the remote Virtual Machine (Windows Server 2008). Till yesterday we were able to connect to the MySQL server, with the help of workbench installed in our local machine.
Yesterday there was a restart to the machine which has the Virtual Machine installed. After that we are unable to connect to MYSQL. Though I can ping and remote connect this particular VM. I can even execute the queries inside the workbench installed in the VM.
I am not too good at networking or security related stuffs. Please help me to solve this issue.
Error :
Your connection attempt failed for user 'root' from your host to server at ABC:3306: Can't connect to MySQL server on 'ABC' (10060)
Really this could be a magnitude of possible reasons, hopefully this is a start:
Check basic network
From the MySQL virtual machine open up a command prompt and type IPCONFIG /ALL. This will show you all the IP addresses bound to different network adapters.
Check that the IP address you're connected to is listed there, the virtual machine might have got a new IP from DHCP rather than having a static IP after its restart.
Hostname vs IP
You should check the hostname resolution, from your quoted error it would suggest you are you are connecting to a hostname rather than a server IP. Check your machine can resolve to the hostname using the correct IP address - it could also be worth changing the hostname for the actual IP of the server in the connection string.
MySQL config file
You've said you're running MySQL on Windows, it was customary to rename the my.cnf to my.ini. The configuration file for older versions of MySQL previous to 4.1.5 was usually stored in either c:\my.ini or c:\windows\my.ini. For versions after this the default location is the installation directory usually %PROGRAMDATA%\MySQL\MySQL Server xxx.
When you have located the configuration file please open it on Notepad (or similar text editor), locate the [mysqld] section and make sure that port= the port you're trying to connect to and bind-address= the IP address you're trying to connect to.
Server ports
From the MySQL virtual server open a command prompt and type netstat –ano, this will show you a list of processes and what IP's / ports they are listening on. The MySQL server should be listed here and should be listening on the same port and IP as the config file defines.
Windows firewall
You should have a firewall rule to allow MySQL, the following will add one on the default port of 3306
netsh advfirewall firewall add rule name="MySQL Server" action=allow protocol=TCP dir=in localport=3306
Identify if this is machine specific
You could setup the MySQL Workbench application on another workstation and try to connect to identify if this is a global problem or just one related to your specific workstation.
mysql administrator of your database should allow remote connection to the mysql server.
change this in my.cnf:
bind-address = 127.0.0.1 # this shoul be your mysql server ip
and comment this:
# skip-networking
Chances are that your configuration was set up for an IP that has changed. By default, mysql won't let you connect from remote hosts unless you explicitly give permissions for a specific user on a specific schema or a group of schemas, for example if you did something like this:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Maybe what you actually did was to set the grant onto your own IP address, that is the address of your local machine, and if your local machine (not the remote server) has changed it's IP address, then mysql will not let you connect unless you have the "1.2.3.4" IP address which obviously you don't have anymore if you have a dynamic IP address (common with DSL/Cable connections)
So connect through SSH or Telnet or whatever you use to your windows server and go to mysql as root and do this:
SELECT * from information_schema.user_privileges;
That will show you the grants on all users and how they are allowed to connect. If you don't see your local IP Address listed there or a wildcard (which would allow you to connect from any remote machine to the server) then you have to set it up like this:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Where USERNAME of course is your user. See that after the on there is a wildcard / dot /wildcard that means you want that user to be able to connect to any schema (database, for mysql) from any user from any network. But I'd recommend that you only do the grant for the user for the specific schema you need to connect to.
Then after that, if you actually had the right information and still can't connect than use a portscanner like nmap or something like that to do a port scan and see if mysql is:
Open and listening to external network
Running on the port that you actually want to connect through
If 1 is true, then check 2 because maybe there is a misconfiguration of the port. But if any of these 2 points do work then it sounds definitely not like a network configuration but a user setting or something else.
GRANT ALL ON *.* to user#'%' IDENTIFIED BY 'password';
this command should do the trick for all users #Gustavo Rubio has already given the proper explanation.
To ensure what ports are open run cmd in the virtual machine and type.
netstat -a
TCP 127.0.0.1:3360 Hostname:3360 LISTENING
The my.cnf is located Mysql-install-path\MySQL\MySQL Server xxx make sure you backup original before changing
Can't connect to [local] MySQL server
Testing The MySQL Server Installation on Microsoft Windows
MySQL Workbench: Manage MySQL on Windows Servers the Windows way
For the first time you need to test and make sure your connection to mysql is not blocked by the firewall.
To disable the firewall on each host in your cluster, perform the following steps on each host.
1. Save the existing iptables rule set.
iptables-save > /root/firewall.rules
2. Disable iptables.
For RHEL, CentOS, Oracle, and Debian:
chkconfig iptables off
and
/etc/init.d/iptables stop
For SLES:
chkconfig SuSEfirewall2_setup off
and
rcSuSEfirewall2 stop
For Ubuntu:
service ufw stop
https://www.cloudera.com/documentation/enterprise/5-7-x/topics/install_cdh_disable_iptables.html
Depends on your setup, but if you're using cPanel just go to RemoteMYSQL and enter your host. You can also use a wildcard. Below worked for me when I was getting the error
"Could not connect to DB server '' as user ''. port : Host '' is not
allowed to connect to this MySQL server"
On MySQL v5.6 this may be the case.
When another server communicate by advertising its hostname instead of IP address, the resolution might fails (because your user is using IP address instead of hostname for example).
So, you need to disable the following,
skip-host-cache
skip-name-resolve
Or maybe create the user with appropriate hostname (instead of IP address). You may find the hostname when establishing the connection to the remote MySQL.