My MySQL database needs two users: appuser and support.
One of the application developers insists that I create four accounts for these users:
appuser#'%'
appuser#'localhost'
support#'%'
support#'localhost'
For the life of me I can't figure out why he thinks we need this. Wouldn't using the wildcard as the host take care of the 'localhost'?
Any ideas?
(Using MySQL 5.5 here)
localhost is special in MySQL, it means a connection over a UNIX socket (or named pipes on Windows, I believe) as opposed to a TCP/IP socket. Using % as the host does not include localhost, hence the need to explicitly specify it.
As #nos pointed out in the comments of the currently accepted answer to this question, the accepted answer is incorrect.
Yes, there IS a difference between using % and localhost for the user account host when connecting via a socket connect instead of a standard TCP/IP connect.
A host value of % does not include localhost for sockets and thus must be specified if you want to connect using that method.
Let's just test.
Connect as superuser, and then:
SHOW VARIABLES LIKE "%version%";
+-------------------------+------------------------------+
| Variable_name | Value |
+-------------------------+------------------------------+
| version | 10.0.23-MariaDB-0+deb8u1-log |
and then
USE mysql;
Setup
Create a user foo with password bar for testing:
CREATE USER foo#'%' IDENTIFIED BY 'bar'; FLUSH PRIVILEGES;
Connect
To connect to the Unix Domain Socket (i.e. the I/O pipe that is named by the filesystem entry /var/run/mysqld/mysqld.sock or some such), run this on the command line (use the --protocol option to make doubly sure)
mysql -pbar -ufoo
mysql -pbar -ufoo --protocol=SOCKET
One expects that the above matches "user comes from localhost" but certainly not "user comes from 127.0.0.1".
To connect to the server from "127.0.0.1" instead, run this on the command line
mysql -pbar -ufoo --bind-address=127.0.0.1 --protocol=TCP
If you leave out --protocol=TCP, the mysql command will still try to use the Unix domain socket. You can also say:
mysql -pbar -ufoo --bind-address=127.0.0.1 --host=127.0.0.1
The two connection attempts in one line:
export MYSQL_PWD=bar; \
mysql -ufoo --protocol=SOCKET --execute="SELECT 1"; \
mysql -ufoo --bind-address=127.0.0.1 --host=127.0.0.1 --execute="SELECT 1"
(the password is set in the environment so that it is passed to the mysql process)
Verification In Case Of Doubt
To really check whether the connection goes via a TCP/IP socket or a Unix Domain socket
get the PID of the mysql client process by examining the output of ps faux
run lsof -n -p<yourpid>.
You will see something like:
mysql [PID] quux 3u IPv4 [code] 0t0 TCP 127.0.0.1:[port]->127.0.0.1:mysql (ESTABLISHED)
or
mysql [PID] quux 3u unix [code] 0t0 [code] socket
So:
Case 0: Host = '10.10.10.10' (null test)
update user set host='10.10.10.10' where user='foo'; flush privileges;
Connect using socket: FAILURE
Connect from 127.0.0.1: FAILURE
Case 1: Host = '%'
update user set host='%' where user='foo'; flush privileges;
Connect using socket: OK
Connect from 127.0.0.1: OK
Case 2: Host = 'localhost'
update user set host='localhost' where user='foo';flush privileges;
Behaviour varies and this apparently depends on skip-name-resolve. If set, causes lines with localhost to be ignored according to the log. The following can be seen in the error log: "'user' entry 'root#localhost' ignored in --skip-name-resolve mode.". This means no connecting through the Unix Domain Socket. But this is empirically not the case. localhost now means ONLY the Unix Domain Socket, and no longer matched 127.0.0.1.
skip-name-resolve is off:
Connect using socket: OK
Connect from 127.0.0.1: OK
skip-name-resolve is on:
Connect using socket: OK
Connect from 127.0.0.1: FAILURE
Case 3: Host = '127.0.0.1'
update user set host='127.0.0.1' where user='foo';flush privileges;
Connect using socket: FAILURE
Connect from 127.0.0.1: OK
Case 4: Host = ''
update user set host='' where user='foo';flush privileges;
Connect using socket: OK
Connect from 127.0.0.1: OK
(According to MySQL 5.7: 6.2.4 Access Control, Stage 1: Connection Verification, The empty string '' also means “any host” but sorts after '%'. )
Case 5: Host = '192.168.0.1' (extra test)
('192.168.0.1' is one of my machine's IP addresses, change appropriately in your case)
update user set host='192.168.0.1' where user='foo';flush privileges;
Connect using socket: FAILURE
Connect from 127.0.0.1: FAILURE
but
Connect using mysql -pbar -ufoo -h192.168.0.1: OK (!)
The latter because this is actually TCP connection coming from 192.168.0.1, as revealed by lsof:
TCP 192.168.0.1:37059->192.168.0.1:mysql (ESTABLISHED)
Edge Case A: Host = '0.0.0.0'
update user set host='0.0.0.0' where user='foo';flush privileges;
Connect using socket: FAILURE
Connect from 127.0.0.1: FAILURE
Edge Case B: Host = '255.255.255.255'
update user set host='255.255.255.255' where user='foo';flush privileges;
Connect using socket: FAILURE
Connect from 127.0.0.1: FAILURE
Edge Case C: Host = '127.0.0.2'
(127.0.0.2 is perfectly valid loopback address equivalent to 127.0.0.1 as defined in RFC6890)
update user set host='127.0.0.2' where user='foo';flush privileges;
Connect using socket: FAILURE
Connect from 127.0.0.1: FAILURE
Interestingly:
mysql -pbar -ufoo -h127.0.0.2 connects from 127.0.0.1 and is FAILURE
mysql -pbar -ufoo -h127.0.0.2 --bind-address=127.0.0.2 is OK
Cleanup
delete from user where user='foo';flush privileges;
Addendum
To see what is actually in the mysql.user table, which is one of the permission tables, use:
SELECT SUBSTR(password,1,6) as password, user, host,
Super_priv AS su,
Grant_priv as gr,
CONCAT(Select_priv, Lock_tables_priv) AS selock,
CONCAT(Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv) AS modif,
CONCAT(References_priv, Index_priv, Alter_priv) AS ria,
CONCAT(Create_tmp_table_priv, Create_view_priv, Show_view_priv) AS views,
CONCAT(Create_routine_priv, Alter_routine_priv, Execute_priv, Event_priv, Trigger_priv) AS funcs,
CONCAT(Repl_slave_priv, Repl_client_priv) AS replic,
CONCAT(Shutdown_priv, Process_priv, File_priv, Show_db_priv, Reload_priv, Create_user_priv) AS admin
FROM user ORDER BY user, host;
this gives:
+----------+----------+-----------+----+----+--------+-------+-----+-------+-------+--------+--------+
| password | user | host | su | gr | selock | modif | ria | views | funcs | replic | admin |
+----------+----------+-----------+----+----+--------+-------+-----+-------+-------+--------+--------+
| *E8D46 | foo | | N | N | NN | NNNNN | NNN | NNN | NNNNN | NN | NNNNNN |
Similarly for table mysql.db:
SELECT host,db,user,
Grant_priv as gr,
CONCAT(Select_priv, Lock_tables_priv) AS selock,
CONCAT(Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv) AS modif,
CONCAT(References_priv, Index_priv, Alter_priv) AS ria,
CONCAT(Create_tmp_table_priv, Create_view_priv, Show_view_priv) AS views,
CONCAT(Create_routine_priv, Alter_routine_priv, Execute_priv) AS funcs
FROM db ORDER BY user, db, host;
If you want connect to user#'%' from localhost use mysql -h192.168.0.1 -uuser -p.
The percent symbol means: any host, including remote and local connections.
The localhost allows only local connections.
(so to start off, if you don't need remote connections to your database, you can get rid of the appuser#'%' user right away)
So, yes, they are overlapping, but...
...there is a reason for setting both types of accounts, this is explained in the mysql docs:
http://dev.mysql.com/doc/refman/5.7/en/adding-users.html.
If you have an have an anonymous user on your localhost, which you can spot with:
select Host from mysql.user where User='' and Host='localhost';
and if you just create the user appuser#'%' (and you not the appuser#'localhost'), then when the appuser mysql user
connects from the local host, the anonymous user account is used (it has precedence over your appuser#'%' user).
And the fix for this is (as one can guess) to create the appuser#'localhost' (which is more specific that the local host anonymous user and will be used if your appuser connects from the localhost).
Going to provide a slightly different answer to those provided so far.
If you have a row for an anonymous user from localhost in your users table ''#'localhost' then this will be treated as more specific than your user with wildcard'd host 'user'#'%'. This is why it is necessary to also provide 'user'#'localhost'.
You can see this explained in more detail at the bottom of this page.
Related
I have installed MySQL Community Edition 5.5 on my local machine and I want to allow remote connections so that I can connect from external source.
How can I do that?
That is allowed by default on MySQL.
What is disabled by default is remote root access. If you want to enable that, run this SQL command locally:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
And then find the following line and comment it out in your my.cnf file, which usually lives on /etc/mysql/my.cnf on Unix/OSX systems. In some cases the location for the file is /etc/mysql/mysql.conf.d/mysqld.cnf).
If it's a Windows system, you can find it in the MySQL installation directory, usually something like C:\Program Files\MySQL\MySQL Server 5.5\ and the filename will be my.ini.
Change line
bind-address = 127.0.0.1
to
#bind-address = 127.0.0.1
And restart the MySQL server (Unix/OSX, and Windows) for the changes to take effect.
After doing all of above I still couldn't login as root remotely, but Telnetting to port 3306 confirmed that MySQL was accepting connections.
I started looking at the users in MySQL and noticed there were multiple root users with different passwords.
select user, host, password from mysql.user;
So in MySQL I set all the passwords for root again and I could finally log in remotely as root.
use mysql;
update user set password=PASSWORD('NEWPASSWORD') where User='root';
flush privileges;
Just a note from my experience, you can find configuration file under this path /etc/mysql/mysql.conf.d/mysqld.cnf.
(I struggled for some time to find this path)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
All process for remote login. Remote login is off by default.You need to open it manually for all ip..to give access all ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
Specific Ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'your_desire_ip' IDENTIFIED BY 'password';
then
flush privileges;
You can check your User Host & Password
SELECT host,user,authentication_string FROM mysql.user;
Now your duty is to change this
bind-address = 127.0.0.1
You can find this on
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
if you not find this on there then try this
sudo nano /etc/mysql/my.cnf
comment in this
#bind-address = 127.0.0.1
Then restart Mysql
sudo service mysql restart
Now enjoy remote login
Please follow the below mentioned steps inorder to set the wildcard remote access for MySQL User.
(1) Open cmd.
(2) navigate to path C:\Program Files\MySQL\MySQL Server 5.X\bin and
run this command.
mysql -u root -p
(3) Enter the root password.
(4) Execute the following command to provide the permission.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY
'PASSWORD';
USERNAME: Username you wish to connect to MySQL server.
IP: Public IP address from where you wish to allow access to MySQL
server.
PASSWORD: Password of the username used.
IP can be replaced with % to allow user to connect from any IP
address.
(5) Flush the previleges by following command and exit.
FLUSH PRIVILEGES;
exit;
or \q
I had to this challenge when working on a Java Project with MySQL server as the database.
Here's how I did it:
First, confirm that your MySQL server configuration to allow for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below to grant the root user remote access to the database named my_database:
USE my_database;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
Close comment at link /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf:
bind-address = 127.0.0.1 =>> #bind-address = 127.0.0.1
Change the hostname so that all machines can access it, run this SQL command locally:
UPDATE mysql.user SET Host='%' WHERE Host='localhost' AND User='root';
FLUSH PRIVILEGES;
Restart service:
sudo service mysql restart
Open port mysql:
sudo ufw allow 3306
If your MySQL server process is listening on 127.0.0.1 or ::1 only then you will not be able to connect remotely. If you have a bind-address setting in /etc/my.cnf this might be the source of the problem.
You will also have to add privileges for a non-localhost user as well.
If you installed MySQL from brew it really does only listen on the local interface by default. To fix that you need to edit /usr/local/etc/my.cnf and change the bind-address from 127.0.0.1 to *.
Then run brew services restart mysql.
Just F.Y.I
I pulled my hair out with this problem for hours.. finally I call my hosting provider and found that in my case using a cloud server that in the control panel for 1and1 they have a secondary firewall that you have to clone and add port 3306. Once added I got straight in..
For whom it needs it, check firewall port 3306 is open too, if your firewall service is running.
This blog How to setup a MySQL server on Local Area Network will be useful in setting up a MySQL from scratch
If mysqld has a bind address set to a loopback/local address (e.g. 127.0.0.1), the server will not be reachable from remote hosts, because a loopback interface cannot be reached from any remote host.
Set this option to 0.0.0.0 (:: for IPv4+6) to accept connections from any host, or to another externally-reachable address if you want to only allow connections on one interface.
Source
And for OS X people out there be aware that the bind-address parameter is typically set in the launchd plist and not in the my.ini file. So in my case, I removed <string>--bind-address=127.0.0.1</string> from /Library/LaunchDaemons/homebrew.mxcl.mariadb.plist.
Enabling remote root access can be dangerous. It would be preferable if you were to set up user accounts with more restrictive permissions. The following three steps should do it.
Ensure that the line starting with bind-address ... is at least commented out in your my.ini or my.cnf file. If it doesn't exist, move on.
You can find this file in C:\ProgramData\MySQL\MySQL Server 8.0 on Windows.
Afterwards, check that the user account you are establishing the connection with does not have localhost in the Limit to Hosts Matching field. While it isn't recommended, you can instead put % in that field for testing purposes. You can do this by opening a local connection to the server with MySQL Workbench, then going to Server>Users and Privileges from the menu bar and finding the user account you want to connect with.
The "Limit to Hosts Matching" field is what disallows you to connect non-locally. I.e. it limits the accepted connections to a pattern of IP addresses. Ideally, you should be accessing the MySQL server from a static IP address or subnet, so that you can be as restrictive as possible.
Obviously, your firewall should allow the MySQL Server application to communicate over the port you want. The physical networking equipment in between you and your server should allow communication on the port you want to connect with. (port 3306 typically)
MySQL 8 no longer allows you to create a user using the GRANT command. You need to create the user first.
CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
some times need to use name of pc on windows
first step) put in config file of mysql:
mysqld.cnf SET bind-address= 0.0.0.0
(to let recibe connections over tcp/ip)
second step) make user in mysql, table users, with name of pc on windows propierties, NOT ip
Check remote server grant permission to Wildcard access to port 3306:
sudo lsof -i -P -n | grep LISTEN
It should NOT be same like this:
mysqld 23083 mysql 21u IPv4 145900142 0t0 TCP
127.0.0.1:3306 (LISTEN)
In this case, we need to update /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/mariadb.conf.d/50-server.cnf with:
bind-address = 127.0.0.1 --> 0.0.0.0
And then restart mysql "sudo service mysql restart"
In order to test mySQL connection from a client:
nc -vz <host_address> 3306
I have created a MariaDB database user user. Looks something like:
MariaDB [(none)]> select host,user,password from mysql.user;
+-----------+-------+-------------------------------------------+
| host | user | password |
+-----------+-------+-------------------------------------------+
| % | user | ***************************************** |
+-----------+-------+-------------------------------------------+
I can connect to the database from a remote computer using command like
mysql -uuser -hdevops.ok -p mydatabase
This works as expected. I can login using my password.
When I am on the database server and try to connect with
[vagrant#devops ~]$ mysql -h127.0.0.1 -uuser -p mydatabase
Enter password:
ERROR 1045 (28000): Access denied for user 'user'#'localhost' (using password: YES)
I expected the % to allow access from all nodes in the network including localhost but it seems this is not how it works.
Is it possible to grant this user local access?
I can create another account of course
create user 'myser'#'localhost' identified by '****';
This would allow me access to the database but that feels more like a workaround.
Update
I now think this is only possible by creating two accounts 'myuser'#'localhost' and 'myuser'#'%'
% does not include localhost. Btw 127.0.0.1 and 127.0.0.2 resolve to localhost and as a consequence these are also not matches by %.
Doesn't make sense but it looks like this is the way it is supposed to work.
The % in the host field means any targeted host is possible.
There is one special case, when the database makes a difference between 127.0.0.1 (TCP based connection) and localhost which connects to the local unix socket.
Consider the db settings skip-networking and bind-address. See
https://mariadb.com/kb/en/mariadb/configuring-mariadb-for-remote-client-access/
TCP connections are usually disabled by default - this might be different depending on distribution, package used, ...
So when you type the following it should work:
mysql -hlocalhost -uuser -p mydatabase
References:
https://dev.mysql.com/doc/refman/5.5/en/connecting.html
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file.
You could also use the --socket option.
I am troubleshooting a MySQL privileges problem.
I want to connect to MySQL on the local server, but refer to it by it's LAN name (so I can use the same user/pass/host on several web-nodes).
I have included credentials in the privilege tables for both a %.lan and a localhost user.
mysql> select user,host from mysql.user where user = 'mysqluser';
+-----------+---------------------+
| user | host |
+-----------+---------------------+
| mysqluser | %.lan |
| mysqluser | localhost |
+-----------+---------------------+
However, when I try to login, I get the error message
[systemuser#servername.mydomain.com ~]$ mysql -u mysqluser -p -h servername.mydomain.com.lan
Access denied for user 'mysqluser'#'servername.mydomain.com'
Note that servername.mydomain.com.lan does resolve to a 192.168.% IP; i.e. it's in my /etc/hosts file. Moreover, reverse DNS for the IP in question resolves as expected.
[systemuser#servername.mydomain.com ~]$ dig -x 192.168.X.Y
...
;; ANSWER SECTION:
Y.X.168.192.in-addr.arpa. 86400 IN PTR servername.mydomain.com.lan.
If I temporarily grant privileges to 'mysqluser'#'%' and login, MySQL reports
mysql> status
...
Current user: mysqluser#servername.mydomain.com
...
Connection: servername.mydomain.com.lan via TCP/IP
...
Why is the host for my Current user not equal to the host for my Connection?
What I am doing/assuming incorrectly? I should note that my arrangement was working as intended (for weeks), on two farms on a common LAN, then both, independent MySQL instances suddenly started rejecting MySQL connections.
I have installed MySQL Community Edition 5.5 on my local machine and I want to allow remote connections so that I can connect from external source.
How can I do that?
That is allowed by default on MySQL.
What is disabled by default is remote root access. If you want to enable that, run this SQL command locally:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
And then find the following line and comment it out in your my.cnf file, which usually lives on /etc/mysql/my.cnf on Unix/OSX systems. In some cases the location for the file is /etc/mysql/mysql.conf.d/mysqld.cnf).
If it's a Windows system, you can find it in the MySQL installation directory, usually something like C:\Program Files\MySQL\MySQL Server 5.5\ and the filename will be my.ini.
Change line
bind-address = 127.0.0.1
to
#bind-address = 127.0.0.1
And restart the MySQL server (Unix/OSX, and Windows) for the changes to take effect.
After doing all of above I still couldn't login as root remotely, but Telnetting to port 3306 confirmed that MySQL was accepting connections.
I started looking at the users in MySQL and noticed there were multiple root users with different passwords.
select user, host, password from mysql.user;
So in MySQL I set all the passwords for root again and I could finally log in remotely as root.
use mysql;
update user set password=PASSWORD('NEWPASSWORD') where User='root';
flush privileges;
Just a note from my experience, you can find configuration file under this path /etc/mysql/mysql.conf.d/mysqld.cnf.
(I struggled for some time to find this path)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
All process for remote login. Remote login is off by default.You need to open it manually for all ip..to give access all ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
Specific Ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'your_desire_ip' IDENTIFIED BY 'password';
then
flush privileges;
You can check your User Host & Password
SELECT host,user,authentication_string FROM mysql.user;
Now your duty is to change this
bind-address = 127.0.0.1
You can find this on
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
if you not find this on there then try this
sudo nano /etc/mysql/my.cnf
comment in this
#bind-address = 127.0.0.1
Then restart Mysql
sudo service mysql restart
Now enjoy remote login
Please follow the below mentioned steps inorder to set the wildcard remote access for MySQL User.
(1) Open cmd.
(2) navigate to path C:\Program Files\MySQL\MySQL Server 5.X\bin and
run this command.
mysql -u root -p
(3) Enter the root password.
(4) Execute the following command to provide the permission.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY
'PASSWORD';
USERNAME: Username you wish to connect to MySQL server.
IP: Public IP address from where you wish to allow access to MySQL
server.
PASSWORD: Password of the username used.
IP can be replaced with % to allow user to connect from any IP
address.
(5) Flush the previleges by following command and exit.
FLUSH PRIVILEGES;
exit;
or \q
I had to this challenge when working on a Java Project with MySQL server as the database.
Here's how I did it:
First, confirm that your MySQL server configuration to allow for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below to grant the root user remote access to the database named my_database:
USE my_database;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
Close comment at link /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf:
bind-address = 127.0.0.1 =>> #bind-address = 127.0.0.1
Change the hostname so that all machines can access it, run this SQL command locally:
UPDATE mysql.user SET Host='%' WHERE Host='localhost' AND User='root';
FLUSH PRIVILEGES;
Restart service:
sudo service mysql restart
Open port mysql:
sudo ufw allow 3306
If your MySQL server process is listening on 127.0.0.1 or ::1 only then you will not be able to connect remotely. If you have a bind-address setting in /etc/my.cnf this might be the source of the problem.
You will also have to add privileges for a non-localhost user as well.
If you installed MySQL from brew it really does only listen on the local interface by default. To fix that you need to edit /usr/local/etc/my.cnf and change the bind-address from 127.0.0.1 to *.
Then run brew services restart mysql.
Just F.Y.I
I pulled my hair out with this problem for hours.. finally I call my hosting provider and found that in my case using a cloud server that in the control panel for 1and1 they have a secondary firewall that you have to clone and add port 3306. Once added I got straight in..
For whom it needs it, check firewall port 3306 is open too, if your firewall service is running.
This blog How to setup a MySQL server on Local Area Network will be useful in setting up a MySQL from scratch
If mysqld has a bind address set to a loopback/local address (e.g. 127.0.0.1), the server will not be reachable from remote hosts, because a loopback interface cannot be reached from any remote host.
Set this option to 0.0.0.0 (:: for IPv4+6) to accept connections from any host, or to another externally-reachable address if you want to only allow connections on one interface.
Source
And for OS X people out there be aware that the bind-address parameter is typically set in the launchd plist and not in the my.ini file. So in my case, I removed <string>--bind-address=127.0.0.1</string> from /Library/LaunchDaemons/homebrew.mxcl.mariadb.plist.
Enabling remote root access can be dangerous. It would be preferable if you were to set up user accounts with more restrictive permissions. The following three steps should do it.
Ensure that the line starting with bind-address ... is at least commented out in your my.ini or my.cnf file. If it doesn't exist, move on.
You can find this file in C:\ProgramData\MySQL\MySQL Server 8.0 on Windows.
Afterwards, check that the user account you are establishing the connection with does not have localhost in the Limit to Hosts Matching field. While it isn't recommended, you can instead put % in that field for testing purposes. You can do this by opening a local connection to the server with MySQL Workbench, then going to Server>Users and Privileges from the menu bar and finding the user account you want to connect with.
The "Limit to Hosts Matching" field is what disallows you to connect non-locally. I.e. it limits the accepted connections to a pattern of IP addresses. Ideally, you should be accessing the MySQL server from a static IP address or subnet, so that you can be as restrictive as possible.
Obviously, your firewall should allow the MySQL Server application to communicate over the port you want. The physical networking equipment in between you and your server should allow communication on the port you want to connect with. (port 3306 typically)
MySQL 8 no longer allows you to create a user using the GRANT command. You need to create the user first.
CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
some times need to use name of pc on windows
first step) put in config file of mysql:
mysqld.cnf SET bind-address= 0.0.0.0
(to let recibe connections over tcp/ip)
second step) make user in mysql, table users, with name of pc on windows propierties, NOT ip
Check remote server grant permission to Wildcard access to port 3306:
sudo lsof -i -P -n | grep LISTEN
It should NOT be same like this:
mysqld 23083 mysql 21u IPv4 145900142 0t0 TCP
127.0.0.1:3306 (LISTEN)
In this case, we need to update /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/mariadb.conf.d/50-server.cnf with:
bind-address = 127.0.0.1 --> 0.0.0.0
And then restart mysql "sudo service mysql restart"
In order to test mySQL connection from a client:
nc -vz <host_address> 3306
I've installed MySQL server on a remote Ubuntu machine. The root user is defined in the mysql.user table this way:
mysql> SELECT host, user, password FROM user WHERE user = 'root';
+------------------+------+-------------------------------------------+
| host | user | password |
+------------------+------+-------------------------------------------+
| localhost | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| ip-10-48-110-188 | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| 127.0.0.1 | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| ::1 | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+------------------+------+-------------------------------------------+
I can access with user root from the same remote machine command-line interface using the standard mysql client. Now I want to allow root access from every host on the internet, so I tried adding following row (it's an exact duplicate of the first row from previous dump, except for the host column):
mysql> SELECT host, user, password FROM user WHERE host = '%';
+------------------+------+-------------------------------------------+
| host | user | password |
+------------------+------+-------------------------------------------+
| % | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+------------------+------+-------------------------------------------+
But my client on my personal PC continues to tell me (I obscured the server IP):
SQL Error (2003): Can't connect to MySQL server on '46.x.x.x' (10061)
I can't tell if it's a authentication error or a network error. On the server firewall I enabled port 3306/TCP for 0.0.0.0/0, and that's ok for me...
Update:
As mentioned in the comments, since MySql 8 you need to first explicitly create the user, so the command will look like:
CREATE USER 'root'#'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
Original answer:
There's two steps in that process:
a) Grant privileges. As root user execute with this substituting 'password' with your current root password :
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
b) bind to all addresses:
The easiest way is to comment out the line in your my.cnf file:
#bind-address = 127.0.0.1
and restart mysql
service mysql restart
By default it binds only to localhost, but if you comment the line it binds to all interfaces it finds. Commenting out the line is equivalent to bind-address=*.
To check where mysql service has binded execute as root:
netstat -tupan | grep mysql
Update For Ubuntu 16:
Config file is (now)
/etc/mysql/mysql.conf.d/mysqld.cnf
(at least on standard Ubuntu 16)
Run the following query:
use mysql;
update user set host='%' where host='localhost'
NOTE: Not recommended for production use.
MYSQL 8.0 - open mysql command line client
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost';
use mysql
UPDATE mysql.user SET host='%' WHERE user='root';
Restart mysql service
Sometimes
bind-address = 127.0.0.1
should be
bind-address = *
MariaDB running on Raspbian - the file containing bind-address is hard to pinpoint. MariaDB have some not-very-helpful-info on the subject.
I used
# sudo grep -R bind-address /etc
to locate where the damn thing is.
I also had to set the privileges and hosts in the mysql like everyone above pointed out.
And also had some fun time opening the 3306 port for remote connections to my Raspberry Pi - finally used iptables-persistent.
All works great now.
I'm using AWS LightSail and for my instance to work, I had to change:
bind-address = 127.0.0.1
to
bind-address = <Private IP Assigned by Amazon>
Then I was able to connect remotely.
if you have many networks attached to you OS, yo must especify one of this network in the bind-addres from my.conf file.
an example:
[mysqld]
bind-address = 127.100.10.234
this ip is from a ethX configuration.
In my case the "bind-address" setting was the problem. Commenting this setting in my.cnf did not help, because in my case mysql set the default to 127.0.0.1 for some reason.
To verify what setting MySql is currently using, open the command line on your local box:
mysql -h localhost -u myname -pmypass mydb
Read out the current setting:
Show variables where variable_name like "bind%"
You should see 0.0.0.0 here if you want to allow access from all hosts. If this is not the case, edit your /etc/mysql/my.cnf and set bind-address under the [mysqld] section:
bind-address=0.0.0.0
Finally restart your MySql server to pick up the new setting:
sudo service mysql restart
Try again and check if the new setting has been picked up.
Update the bind-address = 0.0.0.0 in the /etc/mysql/mysql.conf.d/mysqld.cnf and from the mysql command line allow the root user to connect from any Ip.
Below was the only commands worked for mysql-8.0 as other were failing with error syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'abcd'' at line 1
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost';
UPDATE mysql.user SET host='%' WHERE user='root';
Restart the mysql client
sudo service mysql restart
mysql_update is what you need.
I don't know why anyone would follow the more complex ways of correcting this issue, when MySql graciously built a tool that already does this...