For some reason, I've been unable to connect remotely to my MySQL server. I've tried everything and I'm still getting errors.
root#server1:/home/administrator# mysql -u monty -p -h www.ganganadores.cl
Enter password:
ERROR 1045 (28000): Access denied for user 'monty'#'server1.ganganadores.cl' (using password: YES)
Now, I've tried running
GRANT ALL ON *.* to monty#localhost IDENTIFIED BY 'XXXXX';
GRANT ALL ON *.* to monty#'%' IDENTIFIED BY 'XXXXXX';`
and still nothing!
What I'm doing wrong?
EDIT: my.cnf has commented out the bind ip .
To expose MySQL to anything other than localhost you will have to have the following line
For mysql version 5.6 and below
uncommented in /etc/mysql/my.cnf and assigned to your computers IP address and not loopback
For mysql version 5.7 and above
uncommented in /etc/mysql/mysql.conf.d/mysqld.cnf and assigned to your computers IP address and not loopback
#Replace xxx with your IP Address
bind-address = xxx.xxx.xxx.xxx
Or add a
bind-address = 0.0.0.0 if you don't want to specify the IP
Then stop and restart MySQL with the new my.cnf entry. Once running go to the terminal and enter the following command.
lsof -i -P | grep :3306
That should come back something like this with your actual IP in the xxx's
mysqld 1046 mysql 10u IPv4 5203 0t0 TCP xxx.xxx.xxx.xxx:3306 (LISTEN)
If the above statement returns correctly you will then be able to accept remote users. However for a remote user to connect with the correct priveleges you need to have that user created in both the localhost and '%' as in.
CREATE USER 'myuser'#'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'myuser'#'%' IDENTIFIED BY 'mypass';
then,
GRANT ALL ON *.* TO 'myuser'#'localhost';
GRANT ALL ON *.* TO 'myuser'#'%';
and finally,
FLUSH PRIVILEGES;
EXIT;
If you don't have the same user created as above, when you logon locally you may inherit base localhost privileges and have access issues. If you want to restrict the access myuser has then you would need to read up on the GRANT statement syntax HERE If you get through all this and still have issues post some additional error output and the my.cnf appropriate lines.
NOTE: If lsof does not return or is not found you can install it HERE based on your Linux distribution. You do not need lsof to make things work, but it is extremely handy when things are not working as expected.
UPDATE: If even after adding/changing the bind-address in my.cnf did not work, then go and change it in the place it was originally declared:
/etc/mysql/mariadb.conf.d/50-server.cnf
Add few points on top of apesa's excellent post:
1) You can use command below to check the ip address mysql server is listening
netstat -nlt | grep 3306
sample result:
tcp 0 0 xxx.xxx.xxx.xxx:3306 0.0.0.0:* LISTEN
2) Use FLUSH PRIVILEGES to force grant tables to be loaded if for some reason the changes not take effective immediately
GRANT ALL ON *.* TO 'user'#'localhost' IDENTIFIED BY 'passwd' WITH GRANT OPTION;
GRANT ALL ON *.* TO 'user'#'%' IDENTIFIED BY 'passwd' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
user == the user u use to connect to mysql ex.root
passwd == the password u use to connect to mysql with
3) If netfilter firewall is enabled (sudo ufw enable) on mysql server machine, do the following to open port 3306 for remote access:
sudo ufw allow 3306
check status using
sudo ufw status
4) Once a remote connection is established, it can be verified in either client or server machine using commands
netstat -an | grep 3306
netstat -an | grep -i established
MySQL only listens to localhost, if we want to enable the remote access to it, then we need to made some changes in my.cnf file:
sudo nano /etc/mysql/my.cnf
We need to comment out the bind-address and skip-external-locking lines:
#bind-address = 127.0.0.1
# skip-external-locking
After making these changes, we need to restart the mysql service:
sudo service mysql restart
You are using ubuntu 12 (quite old one)
First, Open the /etc/mysql/mysql.conf.d/mysqld.cnf file (/etc/mysql/my.cnf in Ubuntu 14.04 and earlier versions
Under the [mysqld] Locate the Line,
bind-address = 127.0.0.1
And change it to,
bind-address = 0.0.0.0
or comment it
Then, Restart the Ubuntu MysQL Server
systemctl restart mysql.service
Now Ubuntu Server will allow remote access to the MySQL Server, But still you need to configure MySQL users to allow access from any host.
User must be 'username'#'%' with all the required grants
To make sure that, MySQL server listens on all interfaces, run the netstat command as follows.
netstat -tulnp | grep mysql
Hope this works !
If testing on Windows, don't forget to open port 3306.
In my case I was using MySql Server version: 8.0.22
I had to add
bind-address = 0.0.0.0
and change this line to be
mysqlx-bind-address = 0.0.0.0
in file at
/etc/mysql/mysql.conf.d
then restart MySQL by running
sudo service mysql restart
I was facing the same problem when I was trying to connect Mysql to a Remote Server. I had found out that I had to change the bind-address to the current private IP address of the DB server.
But when I was trying to add the bind-address =0.0.0.0 line in my.cnf file, it was not understanding the line when I tried to create a DB.
Upon searching, I found out the original place where bind-address was declared.
The actual declaration is in : /etc/mysql/mariadb.conf.d/50-server.cnf
Therefore I changed the bind-address directly there and then all seems working.
Related
I have installed MySQL Community Edition 5.5 on my local machine and I want to allow remote connections so that I can connect from external source.
How can I do that?
That is allowed by default on MySQL.
What is disabled by default is remote root access. If you want to enable that, run this SQL command locally:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
And then find the following line and comment it out in your my.cnf file, which usually lives on /etc/mysql/my.cnf on Unix/OSX systems. In some cases the location for the file is /etc/mysql/mysql.conf.d/mysqld.cnf).
If it's a Windows system, you can find it in the MySQL installation directory, usually something like C:\Program Files\MySQL\MySQL Server 5.5\ and the filename will be my.ini.
Change line
bind-address = 127.0.0.1
to
#bind-address = 127.0.0.1
And restart the MySQL server (Unix/OSX, and Windows) for the changes to take effect.
After doing all of above I still couldn't login as root remotely, but Telnetting to port 3306 confirmed that MySQL was accepting connections.
I started looking at the users in MySQL and noticed there were multiple root users with different passwords.
select user, host, password from mysql.user;
So in MySQL I set all the passwords for root again and I could finally log in remotely as root.
use mysql;
update user set password=PASSWORD('NEWPASSWORD') where User='root';
flush privileges;
Just a note from my experience, you can find configuration file under this path /etc/mysql/mysql.conf.d/mysqld.cnf.
(I struggled for some time to find this path)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
All process for remote login. Remote login is off by default.You need to open it manually for all ip..to give access all ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
Specific Ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'your_desire_ip' IDENTIFIED BY 'password';
then
flush privileges;
You can check your User Host & Password
SELECT host,user,authentication_string FROM mysql.user;
Now your duty is to change this
bind-address = 127.0.0.1
You can find this on
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
if you not find this on there then try this
sudo nano /etc/mysql/my.cnf
comment in this
#bind-address = 127.0.0.1
Then restart Mysql
sudo service mysql restart
Now enjoy remote login
Please follow the below mentioned steps inorder to set the wildcard remote access for MySQL User.
(1) Open cmd.
(2) navigate to path C:\Program Files\MySQL\MySQL Server 5.X\bin and
run this command.
mysql -u root -p
(3) Enter the root password.
(4) Execute the following command to provide the permission.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY
'PASSWORD';
USERNAME: Username you wish to connect to MySQL server.
IP: Public IP address from where you wish to allow access to MySQL
server.
PASSWORD: Password of the username used.
IP can be replaced with % to allow user to connect from any IP
address.
(5) Flush the previleges by following command and exit.
FLUSH PRIVILEGES;
exit;
or \q
I had to this challenge when working on a Java Project with MySQL server as the database.
Here's how I did it:
First, confirm that your MySQL server configuration to allow for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below to grant the root user remote access to the database named my_database:
USE my_database;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
Close comment at link /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf:
bind-address = 127.0.0.1 =>> #bind-address = 127.0.0.1
Change the hostname so that all machines can access it, run this SQL command locally:
UPDATE mysql.user SET Host='%' WHERE Host='localhost' AND User='root';
FLUSH PRIVILEGES;
Restart service:
sudo service mysql restart
Open port mysql:
sudo ufw allow 3306
If your MySQL server process is listening on 127.0.0.1 or ::1 only then you will not be able to connect remotely. If you have a bind-address setting in /etc/my.cnf this might be the source of the problem.
You will also have to add privileges for a non-localhost user as well.
If you installed MySQL from brew it really does only listen on the local interface by default. To fix that you need to edit /usr/local/etc/my.cnf and change the bind-address from 127.0.0.1 to *.
Then run brew services restart mysql.
Just F.Y.I
I pulled my hair out with this problem for hours.. finally I call my hosting provider and found that in my case using a cloud server that in the control panel for 1and1 they have a secondary firewall that you have to clone and add port 3306. Once added I got straight in..
For whom it needs it, check firewall port 3306 is open too, if your firewall service is running.
This blog How to setup a MySQL server on Local Area Network will be useful in setting up a MySQL from scratch
If mysqld has a bind address set to a loopback/local address (e.g. 127.0.0.1), the server will not be reachable from remote hosts, because a loopback interface cannot be reached from any remote host.
Set this option to 0.0.0.0 (:: for IPv4+6) to accept connections from any host, or to another externally-reachable address if you want to only allow connections on one interface.
Source
And for OS X people out there be aware that the bind-address parameter is typically set in the launchd plist and not in the my.ini file. So in my case, I removed <string>--bind-address=127.0.0.1</string> from /Library/LaunchDaemons/homebrew.mxcl.mariadb.plist.
Enabling remote root access can be dangerous. It would be preferable if you were to set up user accounts with more restrictive permissions. The following three steps should do it.
Ensure that the line starting with bind-address ... is at least commented out in your my.ini or my.cnf file. If it doesn't exist, move on.
You can find this file in C:\ProgramData\MySQL\MySQL Server 8.0 on Windows.
Afterwards, check that the user account you are establishing the connection with does not have localhost in the Limit to Hosts Matching field. While it isn't recommended, you can instead put % in that field for testing purposes. You can do this by opening a local connection to the server with MySQL Workbench, then going to Server>Users and Privileges from the menu bar and finding the user account you want to connect with.
The "Limit to Hosts Matching" field is what disallows you to connect non-locally. I.e. it limits the accepted connections to a pattern of IP addresses. Ideally, you should be accessing the MySQL server from a static IP address or subnet, so that you can be as restrictive as possible.
Obviously, your firewall should allow the MySQL Server application to communicate over the port you want. The physical networking equipment in between you and your server should allow communication on the port you want to connect with. (port 3306 typically)
MySQL 8 no longer allows you to create a user using the GRANT command. You need to create the user first.
CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
some times need to use name of pc on windows
first step) put in config file of mysql:
mysqld.cnf SET bind-address= 0.0.0.0
(to let recibe connections over tcp/ip)
second step) make user in mysql, table users, with name of pc on windows propierties, NOT ip
Check remote server grant permission to Wildcard access to port 3306:
sudo lsof -i -P -n | grep LISTEN
It should NOT be same like this:
mysqld 23083 mysql 21u IPv4 145900142 0t0 TCP
127.0.0.1:3306 (LISTEN)
In this case, we need to update /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/mariadb.conf.d/50-server.cnf with:
bind-address = 127.0.0.1 --> 0.0.0.0
And then restart mysql "sudo service mysql restart"
In order to test mySQL connection from a client:
nc -vz <host_address> 3306
MySQL 5.1.31 running on Windows XP.
From the local MySQL server (192.168.233.142) I can connect as root as follows:
>mysql --host=192.168.233.142 --user=root --password=redacted
From a remote machine (192.168.233.163), I can see that the mysql port is open:
# telnet 192.168.233.142 3306
Trying 192.168.233.142...
Connected to 192.168.233.142 (192.168.233.142).
But when trying to connect to mysql from the remote machine, I receive:
# mysql --host=192.168.233.142 --user=root --password=redacted
ERROR 1045 (28000): Access denied for user 'root'#'192.168.233.163' (using password: YES)
I have only 2 entries in mysql.user:
Host User Password
--------------------------------------
localhost root *blahblahblah
% root [same as above]
What more do I need to do to enable remote access?
EDIT
As suggested by Paulo below, I tried replacing the mysql.user entry for % with an IP specific entry, so my user table now looks like this:
Host User Password
------------------------------------------
localhost root *blahblahblah
192.168.233.163 root [same as above]
I then restarted the machine, but the problem persists.
You have to put this as root:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY 'PASSWORD' with grant option;
;
where IP is the IP you want to allow access, USERNAME is the user you use to connect, and PASSWORD is the relevant password.
If you want to allow access from any IP just put % instead of your IP
and then you only have to put
FLUSH PRIVILEGES;
Or restart mysql server and that's it.
I was getting the same error after granting remote access until I made this:
From /etc/mysql/my.cnf
In newer versions of mysql the location of the file is
/etc/mysql/mysql.conf.d/mysqld.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
(comment this line: bind-address = 127.0.0.1)
Then run service mysql restart.
By default in MySQL server remote access is disabled. The process to provide a remote access to user is.
Go to my sql bin folder or add it to PATH
Login to root by mysql -uroot -proot (or whatever the root password is.)
On success you will get mysql>
Provide grant access all for that user.
GRANT ALL PRIVILEGES ON *.* TO 'username'#'IP' IDENTIFIED BY 'password';
Here IP is IP address for which you want to allow remote access, if we put % any IP address can access remotely.
Example:
C:\Users\UserName> cd C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin>mysql -uroot -proot
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root';
Query OK, 0 rows affected (0.27 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.25 sec)
This for a other user.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'testUser'#'%' IDENTIFIED BY 'testUser';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Hope this will help
Paulo's help lead me to the solution. It was a combination of the following:
the password contained a dollar sign
I was trying to connect from a Linux shell
The bash shell treats the dollar sign as a special character for expansion to an environment variable, so we need to escape it with a backslash. Incidentally, we don't have to do this in the case where the dollar sign is the final character of the password.
As an example, if your password is "pas$word", from Linux bash we must connect as follows:
# mysql --host=192.168.233.142 --user=root --password=pas\$word
Do you have a firewall ? make sure that port 3306 is open.
On windows , by default mysql root account is created that is permitted to have access from localhost only unless you have selected the option to enable access from remote machines during installation .
creating or update the desired user with '%' as hostname .
example :
CREATE USER 'krish'#'%' IDENTIFIED BY 'password';
Try to flush privileges again.
Try to restart server to reload grants.
Try create a user with host "192.168.233.163". "%" appears to not allow all (it's weird)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
if you are using dynamic ip just grant access to 192.168.2.% so now you dont have to worry about granting access to your ip address every time.
I was struggling with remote login to MYSQL for my Amazon EC2 Linux instance. Found the solution was to make sure my security group included an inbound rule for MySQL port 3306 to include my IP address (or 0.0.0.0/0 for anywhere). Immediately could connect remotely as soon as I added this rule.
MySQL ODBC 3.51 Driver is that special characters in the password aren't handled.
"Warning – You might have a serious headache with MySQL ODBC 3.51 if the password in your GRANT command contains special characters, such as ! # # $ % ^ ?. MySQL ODBC 3.51 ODBC Driver does not support these special characters in the password box. The only error message you would receive is “Access denied” (using password: YES)" - from http://www.plaintutorials.com/install-and-create-mysql-odbc-connector-on-windows-7/
The user/host combination may have been created without password.
I was assuming that when adding a new host for an existing user (using a GUI app), the existing password would also be used for the new user/host combination.
I could log in with
mysql -u username -p PASSWORD
locally, but not from IPADDRESS with
mysql -u --host=HOST -p PASSWORD
(I could actually log in from IPADDRESS without using a password)
mysql -u --host=HOST
Setting the password allowed access:
set password for '<USER>'#'<IPADDRESS>' = '<PASSWORD>';
New location for mysql config file is
/etc/mysql/mysql.conf.d/mysqld.cnf
My case is absolutely simple.
You may have this problem in case if you type in WRONG password. No create user is needed (user already existed), no other permissions. Basically make sure that the password is correct. So make double-sure the password is correct
Problem:
I have server where is install Laravel app and database. But i want share same database with another server. And i want enable remote access.
What i tried:
I changed config file /etc/mysql/mysql.conf
commented out bind-address = 127.0.0.1
Also changed to bind-address = 0.0.0.0 or bind-address = *, not helps
(this is what everywhere i found to do)
ufw is disabled
netstat -ltn returns
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
isn't 127.0.0.1:3306 suppose to be 0.0.0.1:3306?
I try connect from another server
mysql -h xxx.xxx.xxx.xxx -u pf_remote -p
i got error
Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (111)
I think that port is not open, but where else i can open. Do i miss something?
Find mysql.conf and set
bind-address=0.0.0.0
Then login to MySQL and run below 2 commands
GRANT ALL PRIVILEGES ON *.* TO 'pf_remote'#'%' IDENTIFIED BY 'your_password' with grant option;
flush privileges;
then
sudo service mysql restart
Then also make sure you do not have any firewall blocking connections, check by
sudo ufw status
If its enabled, then allow remote connections to MySQL port
sudo ufw allow 3306 && sudo ufw reload
If you are using Amazon Web Services server then allowing connections from within shell won't work, you will have to allow connections from AWS Dashboard
Try to grant priviliges to user for remote access:
mysql> GRANT ALL ON yourDatabase.* TO user#'1.2.3.4' IDENTIFIED BY 'yourPassword';
Also please remember to restart your mysql service after config changes:
sudo /etc/init.d/mysql restart
I have installed MySQL Community Edition 5.5 on my local machine and I want to allow remote connections so that I can connect from external source.
How can I do that?
That is allowed by default on MySQL.
What is disabled by default is remote root access. If you want to enable that, run this SQL command locally:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
And then find the following line and comment it out in your my.cnf file, which usually lives on /etc/mysql/my.cnf on Unix/OSX systems. In some cases the location for the file is /etc/mysql/mysql.conf.d/mysqld.cnf).
If it's a Windows system, you can find it in the MySQL installation directory, usually something like C:\Program Files\MySQL\MySQL Server 5.5\ and the filename will be my.ini.
Change line
bind-address = 127.0.0.1
to
#bind-address = 127.0.0.1
And restart the MySQL server (Unix/OSX, and Windows) for the changes to take effect.
After doing all of above I still couldn't login as root remotely, but Telnetting to port 3306 confirmed that MySQL was accepting connections.
I started looking at the users in MySQL and noticed there were multiple root users with different passwords.
select user, host, password from mysql.user;
So in MySQL I set all the passwords for root again and I could finally log in remotely as root.
use mysql;
update user set password=PASSWORD('NEWPASSWORD') where User='root';
flush privileges;
Just a note from my experience, you can find configuration file under this path /etc/mysql/mysql.conf.d/mysqld.cnf.
(I struggled for some time to find this path)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
All process for remote login. Remote login is off by default.You need to open it manually for all ip..to give access all ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
Specific Ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'your_desire_ip' IDENTIFIED BY 'password';
then
flush privileges;
You can check your User Host & Password
SELECT host,user,authentication_string FROM mysql.user;
Now your duty is to change this
bind-address = 127.0.0.1
You can find this on
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
if you not find this on there then try this
sudo nano /etc/mysql/my.cnf
comment in this
#bind-address = 127.0.0.1
Then restart Mysql
sudo service mysql restart
Now enjoy remote login
Please follow the below mentioned steps inorder to set the wildcard remote access for MySQL User.
(1) Open cmd.
(2) navigate to path C:\Program Files\MySQL\MySQL Server 5.X\bin and
run this command.
mysql -u root -p
(3) Enter the root password.
(4) Execute the following command to provide the permission.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY
'PASSWORD';
USERNAME: Username you wish to connect to MySQL server.
IP: Public IP address from where you wish to allow access to MySQL
server.
PASSWORD: Password of the username used.
IP can be replaced with % to allow user to connect from any IP
address.
(5) Flush the previleges by following command and exit.
FLUSH PRIVILEGES;
exit;
or \q
I had to this challenge when working on a Java Project with MySQL server as the database.
Here's how I did it:
First, confirm that your MySQL server configuration to allow for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below to grant the root user remote access to the database named my_database:
USE my_database;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
Close comment at link /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf:
bind-address = 127.0.0.1 =>> #bind-address = 127.0.0.1
Change the hostname so that all machines can access it, run this SQL command locally:
UPDATE mysql.user SET Host='%' WHERE Host='localhost' AND User='root';
FLUSH PRIVILEGES;
Restart service:
sudo service mysql restart
Open port mysql:
sudo ufw allow 3306
If your MySQL server process is listening on 127.0.0.1 or ::1 only then you will not be able to connect remotely. If you have a bind-address setting in /etc/my.cnf this might be the source of the problem.
You will also have to add privileges for a non-localhost user as well.
If you installed MySQL from brew it really does only listen on the local interface by default. To fix that you need to edit /usr/local/etc/my.cnf and change the bind-address from 127.0.0.1 to *.
Then run brew services restart mysql.
Just F.Y.I
I pulled my hair out with this problem for hours.. finally I call my hosting provider and found that in my case using a cloud server that in the control panel for 1and1 they have a secondary firewall that you have to clone and add port 3306. Once added I got straight in..
For whom it needs it, check firewall port 3306 is open too, if your firewall service is running.
This blog How to setup a MySQL server on Local Area Network will be useful in setting up a MySQL from scratch
If mysqld has a bind address set to a loopback/local address (e.g. 127.0.0.1), the server will not be reachable from remote hosts, because a loopback interface cannot be reached from any remote host.
Set this option to 0.0.0.0 (:: for IPv4+6) to accept connections from any host, or to another externally-reachable address if you want to only allow connections on one interface.
Source
And for OS X people out there be aware that the bind-address parameter is typically set in the launchd plist and not in the my.ini file. So in my case, I removed <string>--bind-address=127.0.0.1</string> from /Library/LaunchDaemons/homebrew.mxcl.mariadb.plist.
Enabling remote root access can be dangerous. It would be preferable if you were to set up user accounts with more restrictive permissions. The following three steps should do it.
Ensure that the line starting with bind-address ... is at least commented out in your my.ini or my.cnf file. If it doesn't exist, move on.
You can find this file in C:\ProgramData\MySQL\MySQL Server 8.0 on Windows.
Afterwards, check that the user account you are establishing the connection with does not have localhost in the Limit to Hosts Matching field. While it isn't recommended, you can instead put % in that field for testing purposes. You can do this by opening a local connection to the server with MySQL Workbench, then going to Server>Users and Privileges from the menu bar and finding the user account you want to connect with.
The "Limit to Hosts Matching" field is what disallows you to connect non-locally. I.e. it limits the accepted connections to a pattern of IP addresses. Ideally, you should be accessing the MySQL server from a static IP address or subnet, so that you can be as restrictive as possible.
Obviously, your firewall should allow the MySQL Server application to communicate over the port you want. The physical networking equipment in between you and your server should allow communication on the port you want to connect with. (port 3306 typically)
MySQL 8 no longer allows you to create a user using the GRANT command. You need to create the user first.
CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
some times need to use name of pc on windows
first step) put in config file of mysql:
mysqld.cnf SET bind-address= 0.0.0.0
(to let recibe connections over tcp/ip)
second step) make user in mysql, table users, with name of pc on windows propierties, NOT ip
Check remote server grant permission to Wildcard access to port 3306:
sudo lsof -i -P -n | grep LISTEN
It should NOT be same like this:
mysqld 23083 mysql 21u IPv4 145900142 0t0 TCP
127.0.0.1:3306 (LISTEN)
In this case, we need to update /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/mariadb.conf.d/50-server.cnf with:
bind-address = 127.0.0.1 --> 0.0.0.0
And then restart mysql "sudo service mysql restart"
In order to test mySQL connection from a client:
nc -vz <host_address> 3306
I have a mysql server running on x.x.x.x, and can access it internally no problem (of course). However when attempting to connect externally, ie using mysql workbench, or even from an external server, I get the error message "Host 'bla.bla.bla' is not allowed to connect to this MySQL server".
I have done:
GRANT ALL PRIVILEGES ON *.* TO mysql#x.x.x.x IDENTIFIED BY "somepass";
And I have opened port 3306 in iptables.
Is there another fundamental security issue I am missing?
You need to do
GRANT ALL PRIVILEGES ON *.* TO mysql#'bla.bla.bla' ...
The part after the # is the host from which the connection is coming, so you have allowed only connections coming from localhost. You need to allow access from each remote host necessary (or all hosts - ... mysql#'%' ... - if applicable).
To solve this you needed to perform the following commands:
mysql -u root -p
[enter in your password]
CREATE USER 'mysqluser'#'%' IDENTIFIED BY 'aC0MPL3XPa33W0RD';
GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'#'%' WITH GRANT OPTION;
I had the exactly similar situation.my MYSQL is installed on a centOS.
The path to Nirvana is as below.
bind-address: DID NOT WORK
grant permission: DID NOT WORK
Iptables when turned off: DID work.
SOLUTION:I went fishing into the iptables and made following changes:
Access the iptables using the command : vim /etc/sysconfig/iptables
If you find the below statements COMMENT them out by adding a '#' at the beginning of the line.
-A INPUT -s 123.123.123.123/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
Restart the iptables using the command: service iptables restart
Yep, that worked for me. Hope it is useful to someone.
When I Got my server,even I had the same problem accessing the mysql from MySQL client application,
Then I granted the Mysql permission, with following query.
it worked Great
**GRANT ALL PRIVILEGES ON db_base.* TO db_user #'%' IDENTIFIED BY 'db_passwd';**
db_base is the database Name
db_user is database User
db_passwd is the database password
Once you execute this flush it, by the following command
FLUSH PRIVILEGES;
Suppose if you are looking to give privileges to access certain tables in the Database you can use the following command
GRANT ALL PRIVILEGES ON db_base.HELLOWORLD TO db_user #'%' IDENTIFIED BY 'db_passwd';
Where HELLOWORLD is the table Name
Are you connecting as user mysql? You might try running the GRANT query as : GRANT ALL PRIVILEGES ON *.* TO mysql#x.x.x.x IDENTIFIED BY "somepass";
Have you verified that mysql workbench is trying the connect using the appropriate username? Have you flushed the privileges after running the grant command?
I dont know the ins and outs of security behind this bind-addressthing, just learning by installing a debian server on a virtual-box machine.
This guest has a virtual network card set up as a bridge, so the rest of the house can see it. Its IP is 192.168.1.4.
From another computer (192.168.1.3), connection failed with bind-address = 127.0.0.1.
Set up bind-address = 192.168.1.4 works fine.
(its own address, litterally)
It must be the interpretation of 127.0.0.1 inside a virtual config, not sure...
Comment out the line:
bind-address = localhost
#bind-address = localhost < this is what it should look like.
in your MySQL my.conf file. It is normally located in /etc/mysql/my.conf.