When I try to connect to a local mysql database using it's remote ip-address I get a access denied. When I try to connect to that same database from an external machine, it works without any problems. When I connect to the local database using localhost, it works perfectly as well. E.g., if the database server has the ip 1.2.3.4 then I get the following results:
# From the db server
mysql -u username -h localhost -p #works perfectly
mysql -u username -h 127.0.0.1 -p #works perfectly
mysql -u username -h 1.2.3.4 -p #Access denied
# From any other machine
mysql -u username -h 1.2.3.4 -p #works perfectly
What can I do to allow local access to my database using its remote ip-address? The OS of the database server is Fedora 15 and the MySQL version is 5.5.23.
Try to edit/add bind-address = 0.0.0.0 to your [mysqld] section of your /etc/mysql/mysql.conf.d/mysqld.cnf file and restart MySQL Service.
I found the solution to my problem myself, but I still don't quite understand why it didn't work:
I granted privileges to that user on the hosts % and localhost:
# Before
+-----------------+------------+
| Host | User |
+-----------------+------------+
| % | username |
| localhost | username |
+-----------------+------------+
With these settings I got the results I showed above. When I granted privileges to that user on host it suddenly did work.
# After
+-----------------+------------+
| Host | User |
+-----------------+------------+
| % | username |
| localhost | username |
| <myIpAddress> | username |
+-----------------+------------+
Apparently % does work for remote connections, but not for local connections.
This particular issue can be caused by host name resolution.
I have resolved it in my particular case by deleting this variable from my my.cnf config file:
skip-name-resolve
Either remark the variable by placing a pound sign # or just delete it from your my.cnf after making sure you back it up, of course.
Related
I'm configuring my EC2 server. I managed to install php, laravel etc. (with a bit of suffering though). Now I
created an user on MariaDB
granted all permissions from remote
enabled bind-address = 0.0.0.0 in my.cnf
tested local login, works
opened rules in the Security group for Mysql/Aurora, port 3306, TCP, all IPs, both incoming and outcoming
but still can't login from remote, I get
ERROR 2003 (HY000): Can't connect to MySQL server on 'yyz.yyz.yyz.yyz' (110)
What can I do? I don't have any iptables of sort, everything is supposed to be plain simple... but it's not :-(
I'm trying to connect from outside the Amazon network, with this string
mysql -u myuser -pmypwd -h yyz.yyz.yyz.yyz -D myschema
Please notice that from the server itself I can connect using
mysql -u myuser -p -h localhost -P 3306 -D myschema
Thank you
Marco
P.S. For reference, here are my MariaDB users
+---------------------------------------------+-----------+
| host | user |
+---------------------------------------------+-----------+
| % | myuser |
| 127.0.0.1 | root |
| ::1 | root |
| ip-yyz-yy-zz-yyz.us-west-2.compute.internal | root |
| localhost | root |
| localhost | myuser |
+---------------------------------------------+-----------+
EC2 instances have two IP addresses, internal and external.
It looks to me like your user table authorizes access from the internal IP address.
ip-yyz-yy-zz-yyz.us-west-2.compute.internal | root
Are you trying to connect to the internal address from outside AWS? That Doesn't Work™.
If you're trying to connect to the external address, you'll have to add it to your user list.
For troubleshooting but not production, you can add a * | root user.
You can also try https://xyz.xyz.xyz.xyz:3306 from a browser. It won't connect, but if it times out you know there's no route to that address from your machine. If it yields some kind of gibberish, immediately, you know the MySQL port is visible.
good news and bad news.
Good news: I solved the issue!
Bad news: We all were right. It was enough to open the 3306 port in the Security Group. The issue was that - for reasons unknown to me - I kept seing the wrong security group. I logged off, logged in again and saw the right one. Enabled the port 3306 there and - magic - it worked!
Thank you to everybody who spent time in order to help mi fixing this!
I have a Linux VM running Ubuntu 14.04 LTS Server. I have installed MySQL 5.6.26 on it and have added a user by issuing the following commands from the terminal window:
CREATE USER 'sas'#'%' IDENTIFIED BY 'some-password-1234';
GRANT ALL PRIVILEGES ON *.* TO 'sas'#'%' IDENTIFIED BY 'some-password-1234' WITH GRANT OPTION;
FLUSH PRIVILEGES;
I can log into mysql with this user with this command:
mysql -u sas -p
and can see this user listed in mysql.users table by issuing this command:
mysql> select host, user from mysql.user;
which results to the following output:
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | sas |
| 127.0.0.1 | root |
| ::1 | root |
| localhost | debian-sys-maint |
| localhost | root |
| ubuntu | root |
+-----------+------------------+
However, when I try to setup a connection in MySQL Workbench from a Windows box using the credentials of user "sas", I get
"Can't connect to MySQLServer on 10.166.7.16".
This is not a network issue since running tcpdump on the Linux box shows the initiated connection from the Windows box.
What should I be looking out for?
On Debian and Ubuntu, mysqld binds to the lo interface only by default. Go through MySQL's configs and look for a directive that reads bind-address. Change its value to 0.0.0.0 if necessary, restart mysqld and try again.
I am troubleshooting a MySQL privileges problem.
I want to connect to MySQL on the local server, but refer to it by it's LAN name (so I can use the same user/pass/host on several web-nodes).
I have included credentials in the privilege tables for both a %.lan and a localhost user.
mysql> select user,host from mysql.user where user = 'mysqluser';
+-----------+---------------------+
| user | host |
+-----------+---------------------+
| mysqluser | %.lan |
| mysqluser | localhost |
+-----------+---------------------+
However, when I try to login, I get the error message
[systemuser#servername.mydomain.com ~]$ mysql -u mysqluser -p -h servername.mydomain.com.lan
Access denied for user 'mysqluser'#'servername.mydomain.com'
Note that servername.mydomain.com.lan does resolve to a 192.168.% IP; i.e. it's in my /etc/hosts file. Moreover, reverse DNS for the IP in question resolves as expected.
[systemuser#servername.mydomain.com ~]$ dig -x 192.168.X.Y
...
;; ANSWER SECTION:
Y.X.168.192.in-addr.arpa. 86400 IN PTR servername.mydomain.com.lan.
If I temporarily grant privileges to 'mysqluser'#'%' and login, MySQL reports
mysql> status
...
Current user: mysqluser#servername.mydomain.com
...
Connection: servername.mydomain.com.lan via TCP/IP
...
Why is the host for my Current user not equal to the host for my Connection?
What I am doing/assuming incorrectly? I should note that my arrangement was working as intended (for weeks), on two farms on a common LAN, then both, independent MySQL instances suddenly started rejecting MySQL connections.
Well, after reading topics with the same name without success I feel forced to ask again and show you my scenario:
I am on a Kali Linux machine, my mysql config file (/etc/my.cnf) is setup this way:
bind-address = 172.16.1.228
I reset the service I can't enter neither remotely nor localy, I got this 2 errors depending on how I access:
root#Adkadon:~# mysql -u root -p -h 172.16.1.228
Enter password:
ERROR 1130 (HY000): Host 'Adkadon' is not allowed to connect to this MySQL server
mysql -u root -p -h 127.0.0.1
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1' (111)
Note that without the -h 127.0.0.1 I have never been allowed to access.
So, I change the my.cnf and set bind-address to 0.0.0.0.
I access this way: mysql -u root -p -h 127.0.0.1, I do the following:
GRANT ALL PRIVILEGES ON *.* TO root#172.16.1.228 BY ‘root‘ WITH GRANT OPTION;
Again change bind-address to 172.16.1.228 and no success.
This is the output of SELECT user,host FROM user; inside the database:
root | 127.0.0.1 |
| root | 172.1.16.228 |
| root | ::1 |
| debian-sys-maint | localhost |
| root | localhost |
| root | repo
I don't know what do to, any idea¿? Thank you very much
If I guess right, 172.1.16.228 is your IP of mysql server .
'Adkadon' is the host where you try to access mysql from.
If that is the case, get the IP address of Adkadon (ifconfig)
Say if 172.1.16.xxx is your host IP, then in my.cnf mention
bind-address = 172.16.1.xxx
This indicates connections are allowed only from 172.16.1.xxx
Create a user root#172.16.1.xxx
And for connecting to mysql , use command
mysql -u root -p -h 172.1.16.228
Please note, -h 172.1.16.228 indicates where to connect to, not where it is connecting from.
Does it solve your problem? Or am I missing something from your question?
I am very new to mysql and I want to use remote login I followed this stack process but the command gives me nothing on the screen as listed on that link
$ lsof -i -P | grep :3306
$
this is the output.
What I did so far:
I edited the file /etc/mysql/my.cnf to make change and looks like this
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0
What I want basically that I want remote login.But I am unable to that.
I run following command on my terminal
$ mysql -h 127.6.110.2 -u adminTwz5PWn -p
$ enter password:
ERROR 1045 (28000): Access denied for user 'adminTwz5PWn'#'localhost' (using password: YES)
For sake of information needed I got this username and password from Openshift
My concern is that how #'localhost' comes into the picture If I am providing the host ip in the command
I have user log in to mysql as follows
+------------------+---------------+
| user | host |
+------------------+---------------+
| root | % |
| root | 127.0.0.1 |
| adminvKbP1kf | 127.3.138.130 |
| adminTwz5PWn | 127.6.110.2 |
| root | ::1 |
| user | hostname |
| debian-sys-maint | localhost |
| phpmyadmin | localhost |
| phpmyadmin_suraj | localhost |
| root | localhost |
| suraj | localhost |
+------------------+---------------+
Please correct me if I am wrong anywhere. And what steps are needed to make this successfull
If you are running this on OpenShift, and trying to connect from your local workstation, you need to use the rhc port-forward command. Check the answer to a very similar question, but it was using postgresql, you can adapt it very easily to use mysql: OpenShift: How to connect to postgresql from my PC
It looks like Mysql is not able to resolve your host so it is defaulting to localhost. So when looking up permissions for your login, it evaluates 'adminTwz5PWn'#'localhost' instead of 'adminTwz5PWn'#IP. I suspect that problem has something to do with the bind address 0.0.0.0. Try changing the bind address to 127.0.0.1 or localhost and see what happens.
You should first restart the MySQL server
/etc/init.d/mysqld restart