Amazon RDS documentation (http://aws.amazon.com/rds/faqs/#53) specifies that "Amazon RDS generates an SSL certificate for each [MySQL] DB Instance". I haven't been able to find any documentation on how to find the certificates and the certificates are nowhere to be found in the management console.
Where are the certificates?
I found the solution here: https://forums.aws.amazon.com/thread.jspa?threadID=62110.
Download ca cert file from here: https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
curl -O https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
Connect to mysql:
mysql -uusername -p --host=host --ssl-ca=mysql-ssl-ca-cert.pem
Check that your connection is really encrypted:
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+------------+
| Variable_name | Value |
+---------------+------------+
| Ssl_cipher | AES256-SHA |
+---------------+------------+
1 row in set (0.00 sec)
Optionally force SSL for a specific user to connect to MySQL
mysql> ALTER USER 'username'#'host|%' REQUIRE SSL
You can get the AWS RDS certificate file information from the AWS Documentation guide itself
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html
Download the certificate from here
https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem
Update - Amazon updated the SSL certificate, you can download the it from here : https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
Use the following command to login into mysql
root#sathish:/usr/src# mysql -h awssathish.xxyyzz.eu-west-1.rds.amazonaws.com -u awssathish -p --ssl-ca=mysql-ssl-ca-cert.pem
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 5.6.13-log MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql> GRANT USAGE ON *.* TO ‘awssathish’#’%’ REQUIRE SSL
Query OK, 0 rows affected (0.02 sec)
mysql>
mysql> show variables like "%ssl";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
+---------------+-------+
2 rows in set (0.00 sec)
mysql>
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+------------+
| Variable_name | Value |
+---------------+------------+
| Ssl_cipher | AES256-SHA |
+---------------+------------+
1 row in set (0.01 sec)
mysql> exit
Bye
Where
awssathish.xxyyzz.eu-west-1.rds.amazonaws.com
is Endpoint of RDS,
awssathish
is the username of the rds server
I used http://aws-blog.io/2016/rds-over-ssl/
You have to get root pem and pem for the region and concatenate 2 files in one.
https://s3.amazonaws.com/rds-downloads/rds-ca-2015-us-west-2.pem
https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem
And merge files to have single rds-ca-2015-us-west-2-bundle.pem file.
With --ssl-ca provide full path to you pem file.
Related
When I connect my MYSQL , I have to choose database to use everytime using :
use mysql_crashcourse;
I noticed the DATABASE() returns null when I check it right after I connect to MYSQL
mysql> SELECT DATABASE();
+------------+
| DATABASE() |
+------------+
| NULL |
+------------+
My question is : how can I set a default MYSQL database ,so that I don't need to provide database info each time I connect or login to MYSQL ?
If you log-in directly from cli.
Create a client session on my.cnf and restart mysql service.
Note every root user logged from localhost will have the default database.
Example:
root#ergesttstsrv:~# cat /etc/mysql/my.cnf
[client]
host=localhost
user=root
password=
database=gesti
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
root#ergesttstsrv:~# service mysql restart
root#ergesttstsrv:~# mysql -u root -p
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.25 MySQL Community Server - GPL
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> select database();
+------------+
| database() |
+------------+
| gesti |
+------------+
1 row in set (0.00 sec)
If you do not select anything else in the query, the return value is null. If you want to get anything else, you can do for example:
mysql> SELECT 1 IS NULL, 1 IS NOT "something";
I am in a MySQL terminal session but I don't know what server I am connected to, or what database I am connected to.
Is there a MySQL command that will tell me the host, port, and username and database I am using now?
There are MYSQL functions you can use. Like this one that resolves the user:
SELECT USER();
This will return something like root#localhost so you get the host and the user.
To get the current database run this statement:
SELECT DATABASE();
Other useful functions can be found here: http://dev.mysql.com/doc/refman/5.0/en/information-functions.html
You can use the status command in MySQL client.
mysql> status;
--------------
mysql Ver 14.14 Distrib 5.5.8, for Win32 (x86)
Connection id: 1
Current database: test
Current user: ODBC#localhost
SSL: Not in use
Using delimiter: ;
Server version: 5.5.8 MySQL Community Server (GPL)
Protocol version: 10
Connection: localhost via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: gbk
Conn. characterset: gbk
TCP port: 3306
Uptime: 7 min 16 sec
Threads: 1 Questions: 21 Slow queries: 0 Opens: 33 Flush tables: 1 Open tables: 26 Queries per second avg: 0.48
--------------
mysql>
If you want to know the port number of your local host on which Mysql is running you can use this query on MySQL Command line client --
SHOW VARIABLES WHERE Variable_name = 'port';
mysql> SHOW VARIABLES WHERE Variable_name = 'port';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| port | 3306 |
+---------------+-------+
1 row in set (0.00 sec)
It will give you the port number on which MySQL is running.
If you want to know the hostname of your Mysql you can use this query on MySQL Command line client --
SHOW VARIABLES WHERE Variable_name = 'hostname';
mysql> SHOW VARIABLES WHERE Variable_name = 'hostname';
+-------------------+-------+
| Variable_name | Value |
+-------------------+-------+
| hostname | Dell |
+-------------------+-------+
1 row in set (0.00 sec)
It will give you the hostname for mysql.
If you want to know the username of your Mysql you can use this query on MySQL Command line client --
select user();
mysql> select user();
+----------------+
| user() |
+----------------+
| root#localhost |
+----------------+
1 row in set (0.00 sec)
It will give you the username for mysql.
Does MySQL have built in function to get host name?
Similar to
select user(); //this returns user#userip
Edit:
select current_user(); //returns user#10.0.3.%
Last symbol is % -- why?
SELECT ##hostname;
--mysql 4.1 didn't have this one.
select current_user(); returns user#10.0.3.% last simbol is % why ??
the % is the record in mysql.user that match your current login
which can be derived from
select concat(user, '#', host) from mysql.user;
the % is determined by host value.
wouldn't his work?
select substring_index(user(),'#', -1) as hostname;
The above is wrong, it returns the user's IP not host's. I was fooled by testing on local. Sorry about that.
I guess this returns host name, but this wouldn't be useful unless you are ready to grep, pipe and cut Just a FYI:
C:\>mysqladmin -u username -pmypassword -h dev.naishelabs.com version
mysqladmin Ver 8.41 Distrib 5.0.22, for Win32 on ia32
Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license
Server version 5.0.77
Protocol version 10
Connection dev.naishelabs.com via TCP/IP
TCP port 3306
Uptime: 73 days 5 hours 7 min 45 sec
If you want the hostname of the database server, you can use SHOW VARIABLES:
mysql> SHOW VARIABLES LIKE 'hostname';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| hostname | munda |
+---------------+-------+
1 row in set (0.00 sec)
It's not a built-in function so it can't be used in a SELECT statement.
Are you looking for CURRENT_USER function.
Returns the user name and host name
combination for the MySQL account that
the server used to authenticate the
current client. This account
determines your access privileges.
The value of CURRENT_USER() can differ
from the value of USER().
You can use user() and current_user() functions. If you want only hostname do something like select substr(current_user(),LOCATE('#', current_user())+1) AS localhost;
You can find details here
The ##hostname variable contains the system hostname:
$ cat /etc/hostname
bruno
$ hostname
bruno
$ mysql
mysql> SELECT ##hostname;
+------------+
| ##hostname |
+------------+
| bruno |
+------------+
Note that this can be combined and used in other queries:
mysql> SELECT name, ##hostname FROM people;
+-------+-------------+
| name | ##hostname |
+-------+-------------+
| Dotan | bruno |
+-------+-------------+
mysql> SELECT CONCAT('I am on server ', ##hostname);
+---------------------------------------+
| CONCAT('I am on server ', ##hostname) |
+---------------------------------------+
| I am on server bruno |
+---------------------------------------+
I am in a MySQL terminal session but I don't know what server I am connected to, or what database I am connected to.
Is there a MySQL command that will tell me the host, port, and username and database I am using now?
There are MYSQL functions you can use. Like this one that resolves the user:
SELECT USER();
This will return something like root#localhost so you get the host and the user.
To get the current database run this statement:
SELECT DATABASE();
Other useful functions can be found here: http://dev.mysql.com/doc/refman/5.0/en/information-functions.html
You can use the status command in MySQL client.
mysql> status;
--------------
mysql Ver 14.14 Distrib 5.5.8, for Win32 (x86)
Connection id: 1
Current database: test
Current user: ODBC#localhost
SSL: Not in use
Using delimiter: ;
Server version: 5.5.8 MySQL Community Server (GPL)
Protocol version: 10
Connection: localhost via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: gbk
Conn. characterset: gbk
TCP port: 3306
Uptime: 7 min 16 sec
Threads: 1 Questions: 21 Slow queries: 0 Opens: 33 Flush tables: 1 Open tables: 26 Queries per second avg: 0.48
--------------
mysql>
If you want to know the port number of your local host on which Mysql is running you can use this query on MySQL Command line client --
SHOW VARIABLES WHERE Variable_name = 'port';
mysql> SHOW VARIABLES WHERE Variable_name = 'port';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| port | 3306 |
+---------------+-------+
1 row in set (0.00 sec)
It will give you the port number on which MySQL is running.
If you want to know the hostname of your Mysql you can use this query on MySQL Command line client --
SHOW VARIABLES WHERE Variable_name = 'hostname';
mysql> SHOW VARIABLES WHERE Variable_name = 'hostname';
+-------------------+-------+
| Variable_name | Value |
+-------------------+-------+
| hostname | Dell |
+-------------------+-------+
1 row in set (0.00 sec)
It will give you the hostname for mysql.
If you want to know the username of your Mysql you can use this query on MySQL Command line client --
select user();
mysql> select user();
+----------------+
| user() |
+----------------+
| root#localhost |
+----------------+
1 row in set (0.00 sec)
It will give you the username for mysql.
What command do I use on a mysql command line to see all the databases on some database server that I have permissions to? Specifically I am looking for the DBs that I have full CRUD permissions to.
mysql -e "show databases"
UPDATE:
Based on your edit, here is a query you can run against the mysql database in your server:
mysql> select Db from db where User='aj' and (select_priv='Y' and insert_priv='Y' and update_priv='Y' and delete_priv='Y');
+---------+
| Db |
+---------+
| HopeDB |
| LocusDB |
+---------+
2 rows in set (0.00 sec)