The Setup
I am currently using the Premium Wordpress Hosting provided by MediaTemple. I have a very large data-set to import and I was hoping to get direct access to the database via an SSH tunnel.
--------------- ------------------- ------------
| My Machine | ---- SSH TUNNEL -----| Hosting Server | -- -- ? -- -- | Database |
--------------- ------------------- ------------
What Works
If I ssh into the Hosting Server and from the shell on the Hosting Provider, connect to mysql like this, I am able to get into MySQL.
mysql -uuser -ppassword -h123.456.789.1 -P3308
What Does Not Work
However, if I try to connect to MySQL using the -L flag with SSH to create a tunnel, I am unable to connect to the server.
ssh me#hostingserver.net -L 7002:123.456.789.1:3308
From a shell on My Machine:
mysql -uuser -ppassword -h127.0.0.1 -P7002
I get the following error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
From reading other answers (StackOverflow , StackOverflow), I have reasoned that the issue stems from the IP address with which MySQL client tries to bind. I think that the ip address attach to the request to connect, when executed on my machine, is not on the white-list of the Database Server.
Is there anyway to get direct access to the MySQL Database from My Machine. From a system administration perspective, I obiviously have enough access to connect to the MySQL database from the shell but I cannot run the client on My Machine. I have a very large dataset that I would like to transfer from My Machine to Database. I would also like to be able access the database and exicute SQL whenever I need to. This and the large dataset kind of eliminates the possibility of just using a the source command from the MySQL Client on Hosting Server. What is the best workaround to give me something close to the ability to run SQL on the Database from My Machine?
I encountered roughly the same issue. That is, I simply could not connect to the MySQL server, even though I had successfully tunneled to the remote host.
TLDR: it was an iptables issue involving the loopback interface
In my situation, mysqld was running on the same VPS as sshd. However, the MySQL instance was bound only to 127.0.0.1 and listening on the default port. As you did, I confirmed that I could connect to the mysqld instance on the remote machine using the credentials used locally.
Here is the tunnel:
ssh -v -N -L 33306:127.0.0.1:3306 sshuser#sshanddbvps.org
Here is the connection string to the mysqld instance using the mysql client:
mysql -umysqluser -h127.0.0.1 -P 33306 -p
Even though ssh indicated that the connection was successful...
debug1: Connection to port 33306 forwarding to 127.0.0.1 port 3306 requested.
...the mysql client connection would error out after accepting the correct password with the message you mentioned:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet'...
To check that data was flowing across the loopback interface, I logged into the remote server and ran three commands in three separate shells:
while true; do echo -e "HTTP/1.1 200 OK\n\n $(date)" | nc -l 127.0.0.1 1234; done
tcpdump -i lo src 127.0.0.1 -or dst 127.0.0.1
nc 127.0.0.1 1234
After running the third, output from the second command appeared:
13:59:14.474552 IP localhost.36146 > localhost.1234: Flags [S], seq 1149798272, win 43690, options [mss 65495,sackOK,TS val 48523264 ecr 0,nop,wscale 7], length 0
But nothing indicating that packets were flowing in the reverse direction.
Inserting a rule in the INPUT chain of the firewall that allowed traffic from the default loopback address solved the issue:
iptables -I INPUT 4 -i lo -s 127.0.0.1 -j ACCEPT
Related
By default, Database Manager from PhpStorm works well. But currently on a special Provider (1u1.de) I have some trouble to got this work.
I can connect to the Provider via SSH. If I want to connect to MySQL database, I have to use:
mysql --host=localhost --user=dbo123123123 -S /tmp/mysql5.sock --password='123123123';
That's works well via CLI on Server, but I didn't find a way to connect via PhpStorm to this Database.
For me it seems that the "socket-connection" may be the Problem. Does anybody have a clue how to got this to work?
Part of the Solution (?!):
Maybe a first part of an solution, I found that you be able to forwarding an Socket to your local pc as own socket this way:
ssh -nNT -L $(pwd)/yourLocal.sock:/var/run/mysqlREMOTEMYSQL.sock user#somehost
Source of Information
This show me, that the Socket is established:
netstat -ln | grep mysql
unix 2 [ ACC ] STREAM LISTENING 3713865 /myFolder/mysql5.sock
But I'm still unable to connect to this Socket with:
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /myFolder/mysql5.sock
Got this Error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95 "Operation not supported"
ssh -L /tmp/mysql.sock:/var/run/mysqld/mysqld.sock sshuser#remotehost
and then
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /tmp/mysql.sock
seems to work fine for me
Use SSH to setup a port forward, this will allow you to connect securely to your database without exposing it to the world.
On ssh, use the -L argument to establish the tunnel.
ssh -L <local_port>:<remote_host>:<remote_port> user#host
This will open <local_port> on your local machine, and then redirect all packets out the other side of the tunnel, destened for the <remote_host>:<remote_port>
In your case, you might want to try something like this:
ssh -L 3306:127.0.0.1:3306 user#mybox.1u1.de
After establishing the tunnel, you will be able to connect to the database through a local port.
From your local machine, not the 1u1 host,
mysql -u <user> -p --host 127.0.0.1 --port 3306
If this works properly, you should be able to configure PhpStorm to use the same address, 127.0.0.1:3306
The SSH tunnel will need to remain open the entire time you need to be connected to the database.
I have a MySQL database server on a remote AWS Linux Machine. I can access this server by SSH.
However, I need to access this from my Windows computer and it's not working (using mysql -u root -p -h remoteAddress where remoteAddress in the IP address of my remote server). I also have a local MySQL server installed so mysql -u root -p -h localhost on Windows works normally.
I have read a lot on this but no solutions are working for me. The error I'm getting is:
Error 2003 (HY000): Can't connect to MySQL server on 'remoteAddress' (10060)
Now I have bind-address commented out in my my.cnf file and in addition using phpmyadmin, I can confirm that root can be accessed from anywhere (i.e. it says from %).
Even if I turn off the iptables service, I still get the same error.
Furthemore, if I type in netstat -tln | grep 3306, I get:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
I don't care about the safety implications presently, I just want to get this working.
After reading the comments on my question I had an idea which led me to the solution. Everything on the server was set up properly except that AWS places a level of security on top of things which needs to be changed.
I simply added MySQL to the list of inbound traffic allowed in the security group settings and that solved it. I should have done this when creating the instance but didn't know that I would be using MySQL on the server at the time.
So I modified the security group to add MySQL traffic.
I know this was a really niche problem but I hope it helps someone if they find themselves in the same situation.
This seems like a duplicate post, but I have checked all the solutions posted in relevant posts and none of them worked for me. So allow me to state the problem more accurately.
I have a server, where MySQL is installed. I have a user X with password P.
If I connect to the server (ssh or something) and try to run MySQL locally (mysql --user=X --password==P) it logs in perfectly, and I have access to everything:
mysql> show grants;
...
+------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'X'#'%' IDENTIFIED BY |
|PASSWORD 'somehash' WITH GRANT OPTION |
+------------------------------------------------------+
Now if I go to the config file: (sudo vim /etc/mysql/my.cnf) I see the following:
bind-address = 0.0.0.0
port = 3306
Then I go to hosts allow file (sudo vim /etc/hosts.allow) I see:
mysqld: ALL
Then I go to hosts allow file (sudo vim /etc/hosts.deny): the file is empty (except for some comments).
Still, when I try to connect with MySQL workbench I have the problem.
Here is how I do it. I go to add a new connection, I add the URL, username, pass, and port, and I click test connection and I get the message that is the title of this question. I tried with a random (non-existent) user pass combination and still I get the same response.
I tried commenting out bind-address too BTW. Also the server is generally accessible for other services like PostgreSQL and such.
not a solution to your server firewall issue but a workaround, as you are able to ssh into your database server:
You can try ssh remote port forwarding from your mysql server to your local machine, and then connect the mysql client to the local port. I use this method whenever I'm behind a firewall. As a bonus, data transmitted over this connection is also very secure.
For example, if you ssh'ed into the remote machine using
ssh hal#remote.machine.com -i ~/.ssh/hal.key
Then you could set up the port forwarding like this:
ssh -L 54321:127.0.0.1:3306 hal#remote.machine.com -i ~/.ssh/hal.key -f -N -M -S ~/.ssh/tunnel_54321_remote_machine_mysql
Then you can connect to the database as if you were connecting to the database locally (using the commanline mysql client as example):
mysql -h 127.0.0.1 -P 54321 -u my_user -p my_database
This should then prompt for your password.
To close the tunnel:
ssh -S ~/.ssh/tunnel_54321_remote_machine_mysql hal#remote.machine.com -i ~/.ssh/hal.key
I first learned about this method from the postgres docs.
This is more than likely a firewall issue.
Easiest way to debug that at first, is to try telnet to the server on port 3306 both locally, and from remote. MySQL will send the version string in plaintext that you can see inside telnet if you are being correctly connected.
If you do not get that string, then something such as a firewall is likely blocking the connection.
When I attempt to connect from Windows 7 using 32bit and 64bit mysql-connector-odbc-5.3.2 and the connectionstring:
Provider=MSDASQL;Driver={MySQL ODBC 5.3 Driver};Server=192.168.1.13;Port=3306;Database=mydb;Uid=root;Pwd=****;
I get
[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified
Likewise with version 5.2.6. After downgrading the provider to 5.1 I get:
[MySQL][ODBC 5.1 Driver]Can't connect to MySQL server on '192.168.1.13' (10060)
which is more encouraging as it has at least recognised the provider.
I have tried adding a firewall rule to allow outbound connections to port 3306. I've tried disabling my local firewall. I have checked that the server is listening on port 3306 and verified the IP address. (tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN) I have further verified that I can access the server and that MySQL is running.
When I attempted to connect using the IP address from an ssh terminal to the server itself:
mysql -u root -h 192.168.1.13 -D whiskeywheel -p
I am prompted for the password after which I get:
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.1.13' (111)
I have added the host/user to the user table in the mysql database and restarted MySQL. I've granted 'ALL' on the database to the user at anyhost ('%') and I've explicitly added access to port 3306 to the ubuntu firewall:
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
I will of course restrict access prior to deployment but I need to be able to interact with the database in a meaningful form while I'm developing it. I'm happy to re install any of the various components and start again as this is early enough in the project but ideally I'd like to know what I've misconfigured or where I went wrong.
mysql server by default only bind to the loopback address on the sever (127.0.0.1). you have to edit the my.cnf file of the server and do a restart of the mysql server.
also note that specifying localhost is treated special by mysql server. it does not call 127.0.0.1 as one would expects.
more info here on how to bind to your external ipaddress:
http://www.cyberciti.biz/faq/unix-linux-mysqld-server-bind-to-more-than-one-ip-address/
I've created an SSH tunnel on my local machine to reach an access to the mysql server on my remote machine. Everything is fine, tunnel is working if I get this error, but why this error occurs?
Here is the error message:
2013 - Lost connection to MySQL server at 'reading initial communication packet', system error: 0
It happends only, when I want to connect via Navicat (SSH Tunnel) from my local to the remote machine, on the remote machine mysql works without such errors.
Have you guys any solutions for that?
This error occurs when the configuration of the bind-adress option is wrong. Your MySQL server at least should listen on the localhost - 127.0.0.1
Login to your local Linux machine then run this command:
ssh -L 3307:localhost:3306 -N user#remote.server.com
Use the mysql database from remote server:
mysql -u root -p --port 3307 -h 127.0.0.1
Make sure the local mysql does not use the same port in Linux environment.