I am trying to access my rds mySql db via 443 only instead of 3306.
After enabling the ssl option on workbench and entering the path to the mysql-ssl-ca-cert.pem I tried to disable tcp 3306 on my security group to insure it connects using 443 but it doesn't.
I can connect using the mysql command line below but yet again it fails once i disable tcp 443 on the security group
mysql -h myinstance.c9akciq32.rds-us-east-1.amazonaws.com --ssl_ca=rds-ssl-ca-cert.pem
Amazon documentation states:
The SSL support in Amazon RDS is strictly for encrypting the connection between your client and your DB instance; it should not be relied on for authenticating the server.
Does this mean that I can only ever authenticate to mysql db over 3306 and not 443, but the data will be encrypted in transit?
My issue is that my customer won't open 3306 outbound on their firewall but 443 is of course opened. Any help appreciated.
You are confusing SSL and HTTPS. Port 443 is the default port for HTTPS connections. MySQL uses 3306 instead (and can use SSL over this port or any other to encrypt the connection). So, setting up SSL encryption for a MySQL connection doesn't affect the used port.
In order to use a different than the standard port you have to reconfigure the MySQL server, which you probably cannot do with an RDS instance.
It is possible to use tunneling to avoid the default port. In this scenario you have to open an SSH tunnel (MySQL Workbench can do that for you or you use an external program like putty on Windows or ssh on *nix like OSes). With that tunnel in place (which uses port 22 by default but can be configured for any other port if that matters for you) you can then forward access from a local port (here 3306, but can be any) to a remote port (can be any as well). This requires an SSH server on the remote end however.
Related
Im trying to setup MariaDB but my TCP port:3306 is already in use by mySQL which has the same port already. How do I fix this problem or rather how do I change to a different port.
3306 is the default port of both MySQL and MariaDB. You can change the port in either of these servers, using the port option in the server's configuration file.
See https://mariadb.com/kb/en/configuring-mariadb-with-option-files/
What value should you use? It's up to you, as long as no other service is using that port on your server host. You might pick 3307 for example.
All clients that need to connect to MariaDB will need to specify the port too. Most client connectors default to port 3306, and if you want to connect to a MySQL or MariaDB instance that has chosen a non-default port, then you need to specify that port in the client code when it makes a connection.
I'm running MySQL server on an EC2 instance on AWS. I've configured security groups to listen at port 3306 and port 22(ssh only from my ip!). But to my surprise, I wasn't able to remotely connect to my ec2 instance on port 3306 from one of my networks as it always gives connection refused, but when I switched my network I'm able to connect.
I'm unable to understand this behaviour as both my networks are working absolutely fine and also I'm not sure if I face similar kind of issue in future, how will I be sure that port 3306 is working?
Only MySQL uses port 3306. You can use netstat command to check if port 3306 is being used or not. Also you can check the firewall rule of the network ( from which you are not able to connect) if something is preventing to connect port 3306. I am assuming that all security inbound and outbound rules are already present.
I have the following scenario:
I changed the port of MySQL 54235, on linux server Centos, I accept connections from outside only on that port.
I have an old and discontinued third-party software, where there is no option to change the default port 3306. However, this software should access 2 fixed external ips.
How do I configure on linux to accept connection on port 3306 only from these 2 fixed ips, and internally, redirect the connection to port 54235?
the most easy is to use "socat"
socat TCP-LISTEN:3306,fork TCP:127.0.0.1:54235
I just created a test RDS instance through the AWS console, and it has been created successfully (it says it is running and available). I currently have my security groups configured to SSH port 22 (MyIP) Custom TCP Rule port 3307 (myIP) and HTTPS port 443 (MyIP). I am currently trying to connect through MySQL workbench. I am using the endpoint of "RDS_URL" :3307 and inputting my username and password. Every time I try to connect, I get this error:
Can't connect to MySQL server "-RDS_URL-" (10060)
Any suggestions?
Default MySQL port is 3306, In RDS you can't change it but in datacenter hosted DB, you can change by changing in my.cnf file and restart it. Before doing it open the port from firewall rules.
I'd like to connect to MySQL (deamon is running on my VPS) via HeidiSQL. I've created new user, commented bind-adress option and when I try to connect with it via HeidiSQL, I've got an error 2003: Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (10061).
What should I do?
It could be a number of factors.
See if a firewall is blocking your traffic to the other host
Can you simply ping the host from the client machine?
Can you also open a simple telnet session to the host on port 3306 ?
(If the telnet is accepted, you will probably see some characters appear and you will remain in the telnet session for a few seconds before the connection is closed. If not accepted, you will see the message Connection refused.)
There's a simple checklist for this:
Is your MySQL server bound to "localhost" only? It might be listening for connections only on 127.0.0.1 or ::1 instead of any which is usually 0.0.0.0. Try connecting on your server to your server with mysql --host=host_ip where host_ip is your network IP address. I think the default is localhost-only.
Is port 3306 firewalled? Many distributions allow only SSH by default, so you may need to open this up to your client machine. Try not to open this up to everyone on the internet as having an open MySQL port is asking for trouble. It's always best to limit access to a set of specific IPs if possible.
Can you connect via an SSH tunnel instead? This is far more secure as it means your 3306 port is properly firewalled. There are many tools for creating SSH tunnels, but the basic principle is to forward a local port of your choosing to the remote server's port 3306.