Accessing a mysql database from external host/ip? (ie: mysql workbench) - mysql

I have a mysql server running on x.x.x.x, and can access it internally no problem (of course). However when attempting to connect externally, ie using mysql workbench, or even from an external server, I get the error message "Host 'bla.bla.bla' is not allowed to connect to this MySQL server".
I have done:
GRANT ALL PRIVILEGES ON *.* TO mysql#x.x.x.x IDENTIFIED BY "somepass";
And I have opened port 3306 in iptables.
Is there another fundamental security issue I am missing?

You need to do
GRANT ALL PRIVILEGES ON *.* TO mysql#'bla.bla.bla' ...
The part after the # is the host from which the connection is coming, so you have allowed only connections coming from localhost. You need to allow access from each remote host necessary (or all hosts - ... mysql#'%' ... - if applicable).

To solve this you needed to perform the following commands:
mysql -u root -p
[enter in your password]
CREATE USER 'mysqluser'#'%' IDENTIFIED BY 'aC0MPL3XPa33W0RD';
GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'#'%' WITH GRANT OPTION;

I had the exactly similar situation.my MYSQL is installed on a centOS.
The path to Nirvana is as below.
bind-address: DID NOT WORK
grant permission: DID NOT WORK
Iptables when turned off: DID work.
SOLUTION:I went fishing into the iptables and made following changes:
Access the iptables using the command : vim /etc/sysconfig/iptables
If you find the below statements COMMENT them out by adding a '#' at the beginning of the line.
-A INPUT -s 123.123.123.123/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
Restart the iptables using the command: service iptables restart
Yep, that worked for me. Hope it is useful to someone.

When I Got my server,even I had the same problem accessing the mysql from MySQL client application,
Then I granted the Mysql permission, with following query.
it worked Great
**GRANT ALL PRIVILEGES ON db_base.* TO db_user #'%' IDENTIFIED BY 'db_passwd';**
db_base is the database Name
db_user is database User
db_passwd is the database password
Once you execute this flush it, by the following command
FLUSH PRIVILEGES;
Suppose if you are looking to give privileges to access certain tables in the Database you can use the following command
GRANT ALL PRIVILEGES ON db_base.HELLOWORLD TO db_user #'%' IDENTIFIED BY 'db_passwd';
Where HELLOWORLD is the table Name

Are you connecting as user mysql? You might try running the GRANT query as : GRANT ALL PRIVILEGES ON *.* TO mysql#x.x.x.x IDENTIFIED BY "somepass";

Have you verified that mysql workbench is trying the connect using the appropriate username? Have you flushed the privileges after running the grant command?

I dont know the ins and outs of security behind this bind-addressthing, just learning by installing a debian server on a virtual-box machine.
This guest has a virtual network card set up as a bridge, so the rest of the house can see it. Its IP is 192.168.1.4.
From another computer (192.168.1.3), connection failed with bind-address = 127.0.0.1.
Set up bind-address = 192.168.1.4 works fine.
(its own address, litterally)
It must be the interpretation of 127.0.0.1 inside a virtual config, not sure...

Comment out the line:
bind-address = localhost
#bind-address = localhost < this is what it should look like.
in your MySQL my.conf file. It is normally located in /etc/mysql/my.conf.

Related

Cyberpanel - how to enable remote sql connection with MYSQL Workbench [duplicate]

I have installed MySQL Community Edition 5.5 on my local machine and I want to allow remote connections so that I can connect from external source.
How can I do that?
That is allowed by default on MySQL.
What is disabled by default is remote root access. If you want to enable that, run this SQL command locally:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
And then find the following line and comment it out in your my.cnf file, which usually lives on /etc/mysql/my.cnf on Unix/OSX systems. In some cases the location for the file is /etc/mysql/mysql.conf.d/mysqld.cnf).
If it's a Windows system, you can find it in the MySQL installation directory, usually something like C:\Program Files\MySQL\MySQL Server 5.5\ and the filename will be my.ini.
Change line
bind-address = 127.0.0.1
to
#bind-address = 127.0.0.1
And restart the MySQL server (Unix/OSX, and Windows) for the changes to take effect.
After doing all of above I still couldn't login as root remotely, but Telnetting to port 3306 confirmed that MySQL was accepting connections.
I started looking at the users in MySQL and noticed there were multiple root users with different passwords.
select user, host, password from mysql.user;
So in MySQL I set all the passwords for root again and I could finally log in remotely as root.
use mysql;
update user set password=PASSWORD('NEWPASSWORD') where User='root';
flush privileges;
Just a note from my experience, you can find configuration file under this path /etc/mysql/mysql.conf.d/mysqld.cnf.
(I struggled for some time to find this path)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
All process for remote login. Remote login is off by default.You need to open it manually for all ip..to give access all ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
Specific Ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'your_desire_ip' IDENTIFIED BY 'password';
then
flush privileges;
You can check your User Host & Password
SELECT host,user,authentication_string FROM mysql.user;
Now your duty is to change this
bind-address = 127.0.0.1
You can find this on
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
if you not find this on there then try this
sudo nano /etc/mysql/my.cnf
comment in this
#bind-address = 127.0.0.1
Then restart Mysql
sudo service mysql restart
Now enjoy remote login
Please follow the below mentioned steps inorder to set the wildcard remote access for MySQL User.
(1) Open cmd.
(2) navigate to path C:\Program Files\MySQL\MySQL Server 5.X\bin and
run this command.
mysql -u root -p
(3) Enter the root password.
(4) Execute the following command to provide the permission.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY
'PASSWORD';
USERNAME: Username you wish to connect to MySQL server.
IP: Public IP address from where you wish to allow access to MySQL
server.
PASSWORD: Password of the username used.
IP can be replaced with % to allow user to connect from any IP
address.
(5) Flush the previleges by following command and exit.
FLUSH PRIVILEGES;
exit;
or \q
I had to this challenge when working on a Java Project with MySQL server as the database.
Here's how I did it:
First, confirm that your MySQL server configuration to allow for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below to grant the root user remote access to the database named my_database:
USE my_database;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
Close comment at link /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf:
bind-address = 127.0.0.1 =>> #bind-address = 127.0.0.1
Change the hostname so that all machines can access it, run this SQL command locally:
UPDATE mysql.user SET Host='%' WHERE Host='localhost' AND User='root';
FLUSH PRIVILEGES;
Restart service:
sudo service mysql restart
Open port mysql:
sudo ufw allow 3306
If your MySQL server process is listening on 127.0.0.1 or ::1 only then you will not be able to connect remotely. If you have a bind-address setting in /etc/my.cnf this might be the source of the problem.
You will also have to add privileges for a non-localhost user as well.
If you installed MySQL from brew it really does only listen on the local interface by default. To fix that you need to edit /usr/local/etc/my.cnf and change the bind-address from 127.0.0.1 to *.
Then run brew services restart mysql.
Just F.Y.I
I pulled my hair out with this problem for hours.. finally I call my hosting provider and found that in my case using a cloud server that in the control panel for 1and1 they have a secondary firewall that you have to clone and add port 3306. Once added I got straight in..
For whom it needs it, check firewall port 3306 is open too, if your firewall service is running.
This blog How to setup a MySQL server on Local Area Network will be useful in setting up a MySQL from scratch
If mysqld has a bind address set to a loopback/local address (e.g. 127.0.0.1), the server will not be reachable from remote hosts, because a loopback interface cannot be reached from any remote host.
Set this option to 0.0.0.0 (:: for IPv4+6) to accept connections from any host, or to another externally-reachable address if you want to only allow connections on one interface.
Source
And for OS X people out there be aware that the bind-address parameter is typically set in the launchd plist and not in the my.ini file. So in my case, I removed <string>--bind-address=127.0.0.1</string> from /Library/LaunchDaemons/homebrew.mxcl.mariadb.plist.
Enabling remote root access can be dangerous. It would be preferable if you were to set up user accounts with more restrictive permissions. The following three steps should do it.
Ensure that the line starting with bind-address ... is at least commented out in your my.ini or my.cnf file. If it doesn't exist, move on.
You can find this file in C:\ProgramData\MySQL\MySQL Server 8.0 on Windows.
Afterwards, check that the user account you are establishing the connection with does not have localhost in the Limit to Hosts Matching field. While it isn't recommended, you can instead put % in that field for testing purposes. You can do this by opening a local connection to the server with MySQL Workbench, then going to Server>Users and Privileges from the menu bar and finding the user account you want to connect with.
The "Limit to Hosts Matching" field is what disallows you to connect non-locally. I.e. it limits the accepted connections to a pattern of IP addresses. Ideally, you should be accessing the MySQL server from a static IP address or subnet, so that you can be as restrictive as possible.
Obviously, your firewall should allow the MySQL Server application to communicate over the port you want. The physical networking equipment in between you and your server should allow communication on the port you want to connect with. (port 3306 typically)
MySQL 8 no longer allows you to create a user using the GRANT command. You need to create the user first.
CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
some times need to use name of pc on windows
first step) put in config file of mysql:
mysqld.cnf SET bind-address= 0.0.0.0
(to let recibe connections over tcp/ip)
second step) make user in mysql, table users, with name of pc on windows propierties, NOT ip
Check remote server grant permission to Wildcard access to port 3306:
sudo lsof -i -P -n | grep LISTEN
It should NOT be same like this:
mysqld 23083 mysql 21u IPv4 145900142 0t0 TCP
127.0.0.1:3306 (LISTEN)
In this case, we need to update /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/mariadb.conf.d/50-server.cnf with:
bind-address = 127.0.0.1 --> 0.0.0.0
And then restart mysql "sudo service mysql restart"
In order to test mySQL connection from a client:
nc -vz <host_address> 3306

RDS MySQL DNS hostname incorrect [duplicate]

MySQL 5.1.31 running on Windows XP.
From the local MySQL server (192.168.233.142) I can connect as root as follows:
>mysql --host=192.168.233.142 --user=root --password=redacted
From a remote machine (192.168.233.163), I can see that the mysql port is open:
# telnet 192.168.233.142 3306
Trying 192.168.233.142...
Connected to 192.168.233.142 (192.168.233.142).
But when trying to connect to mysql from the remote machine, I receive:
# mysql --host=192.168.233.142 --user=root --password=redacted
ERROR 1045 (28000): Access denied for user 'root'#'192.168.233.163' (using password: YES)
I have only 2 entries in mysql.user:
Host User Password
--------------------------------------
localhost root *blahblahblah
% root [same as above]
What more do I need to do to enable remote access?
EDIT
As suggested by Paulo below, I tried replacing the mysql.user entry for % with an IP specific entry, so my user table now looks like this:
Host User Password
------------------------------------------
localhost root *blahblahblah
192.168.233.163 root [same as above]
I then restarted the machine, but the problem persists.
You have to put this as root:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY 'PASSWORD' with grant option;
;
where IP is the IP you want to allow access, USERNAME is the user you use to connect, and PASSWORD is the relevant password.
If you want to allow access from any IP just put % instead of your IP
and then you only have to put
FLUSH PRIVILEGES;
Or restart mysql server and that's it.
I was getting the same error after granting remote access until I made this:
From /etc/mysql/my.cnf
In newer versions of mysql the location of the file is
/etc/mysql/mysql.conf.d/mysqld.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
(comment this line: bind-address = 127.0.0.1)
Then run service mysql restart.
By default in MySQL server remote access is disabled. The process to provide a remote access to user is.
Go to my sql bin folder or add it to PATH
Login to root by mysql -uroot -proot (or whatever the root password is.)
On success you will get mysql>
Provide grant access all for that user.
GRANT ALL PRIVILEGES ON *.* TO 'username'#'IP' IDENTIFIED BY 'password';
Here IP is IP address for which you want to allow remote access, if we put % any IP address can access remotely.
Example:
C:\Users\UserName> cd C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin>mysql -uroot -proot
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root';
Query OK, 0 rows affected (0.27 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.25 sec)
This for a other user.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'testUser'#'%' IDENTIFIED BY 'testUser';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Hope this will help
Paulo's help lead me to the solution. It was a combination of the following:
the password contained a dollar sign
I was trying to connect from a Linux shell
The bash shell treats the dollar sign as a special character for expansion to an environment variable, so we need to escape it with a backslash. Incidentally, we don't have to do this in the case where the dollar sign is the final character of the password.
As an example, if your password is "pas$word", from Linux bash we must connect as follows:
# mysql --host=192.168.233.142 --user=root --password=pas\$word
Do you have a firewall ? make sure that port 3306 is open.
On windows , by default mysql root account is created that is permitted to have access from localhost only unless you have selected the option to enable access from remote machines during installation .
creating or update the desired user with '%' as hostname .
example :
CREATE USER 'krish'#'%' IDENTIFIED BY 'password';
Try to flush privileges again.
Try to restart server to reload grants.
Try create a user with host "192.168.233.163". "%" appears to not allow all (it's weird)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
if you are using dynamic ip just grant access to 192.168.2.% so now you dont have to worry about granting access to your ip address every time.
I was struggling with remote login to MYSQL for my Amazon EC2 Linux instance. Found the solution was to make sure my security group included an inbound rule for MySQL port 3306 to include my IP address (or 0.0.0.0/0 for anywhere). Immediately could connect remotely as soon as I added this rule.
MySQL ODBC 3.51 Driver is that special characters in the password aren't handled.
"Warning – You might have a serious headache with MySQL ODBC 3.51 if the password in your GRANT command contains special characters, such as ! # # $ % ^ ?. MySQL ODBC 3.51 ODBC Driver does not support these special characters in the password box. The only error message you would receive is “Access denied” (using password: YES)" - from http://www.plaintutorials.com/install-and-create-mysql-odbc-connector-on-windows-7/
The user/host combination may have been created without password.
I was assuming that when adding a new host for an existing user (using a GUI app), the existing password would also be used for the new user/host combination.
I could log in with
mysql -u username -p PASSWORD
locally, but not from IPADDRESS with
mysql -u --host=HOST -p PASSWORD
(I could actually log in from IPADDRESS without using a password)
mysql -u --host=HOST
Setting the password allowed access:
set password for '<USER>'#'<IPADDRESS>' = '<PASSWORD>';
New location for mysql config file is
/etc/mysql/mysql.conf.d/mysqld.cnf
My case is absolutely simple.
You may have this problem in case if you type in WRONG password. No create user is needed (user already existed), no other permissions. Basically make sure that the password is correct. So make double-sure the password is correct

How to connect remotly or through IP address to mariaDB? [duplicate]

MySQL 5.1.31 running on Windows XP.
From the local MySQL server (192.168.233.142) I can connect as root as follows:
>mysql --host=192.168.233.142 --user=root --password=redacted
From a remote machine (192.168.233.163), I can see that the mysql port is open:
# telnet 192.168.233.142 3306
Trying 192.168.233.142...
Connected to 192.168.233.142 (192.168.233.142).
But when trying to connect to mysql from the remote machine, I receive:
# mysql --host=192.168.233.142 --user=root --password=redacted
ERROR 1045 (28000): Access denied for user 'root'#'192.168.233.163' (using password: YES)
I have only 2 entries in mysql.user:
Host User Password
--------------------------------------
localhost root *blahblahblah
% root [same as above]
What more do I need to do to enable remote access?
EDIT
As suggested by Paulo below, I tried replacing the mysql.user entry for % with an IP specific entry, so my user table now looks like this:
Host User Password
------------------------------------------
localhost root *blahblahblah
192.168.233.163 root [same as above]
I then restarted the machine, but the problem persists.
You have to put this as root:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY 'PASSWORD' with grant option;
;
where IP is the IP you want to allow access, USERNAME is the user you use to connect, and PASSWORD is the relevant password.
If you want to allow access from any IP just put % instead of your IP
and then you only have to put
FLUSH PRIVILEGES;
Or restart mysql server and that's it.
I was getting the same error after granting remote access until I made this:
From /etc/mysql/my.cnf
In newer versions of mysql the location of the file is
/etc/mysql/mysql.conf.d/mysqld.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
(comment this line: bind-address = 127.0.0.1)
Then run service mysql restart.
By default in MySQL server remote access is disabled. The process to provide a remote access to user is.
Go to my sql bin folder or add it to PATH
Login to root by mysql -uroot -proot (or whatever the root password is.)
On success you will get mysql>
Provide grant access all for that user.
GRANT ALL PRIVILEGES ON *.* TO 'username'#'IP' IDENTIFIED BY 'password';
Here IP is IP address for which you want to allow remote access, if we put % any IP address can access remotely.
Example:
C:\Users\UserName> cd C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin>mysql -uroot -proot
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root';
Query OK, 0 rows affected (0.27 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.25 sec)
This for a other user.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'testUser'#'%' IDENTIFIED BY 'testUser';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Hope this will help
Paulo's help lead me to the solution. It was a combination of the following:
the password contained a dollar sign
I was trying to connect from a Linux shell
The bash shell treats the dollar sign as a special character for expansion to an environment variable, so we need to escape it with a backslash. Incidentally, we don't have to do this in the case where the dollar sign is the final character of the password.
As an example, if your password is "pas$word", from Linux bash we must connect as follows:
# mysql --host=192.168.233.142 --user=root --password=pas\$word
Do you have a firewall ? make sure that port 3306 is open.
On windows , by default mysql root account is created that is permitted to have access from localhost only unless you have selected the option to enable access from remote machines during installation .
creating or update the desired user with '%' as hostname .
example :
CREATE USER 'krish'#'%' IDENTIFIED BY 'password';
Try to flush privileges again.
Try to restart server to reload grants.
Try create a user with host "192.168.233.163". "%" appears to not allow all (it's weird)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
if you are using dynamic ip just grant access to 192.168.2.% so now you dont have to worry about granting access to your ip address every time.
I was struggling with remote login to MYSQL for my Amazon EC2 Linux instance. Found the solution was to make sure my security group included an inbound rule for MySQL port 3306 to include my IP address (or 0.0.0.0/0 for anywhere). Immediately could connect remotely as soon as I added this rule.
MySQL ODBC 3.51 Driver is that special characters in the password aren't handled.
"Warning – You might have a serious headache with MySQL ODBC 3.51 if the password in your GRANT command contains special characters, such as ! # # $ % ^ ?. MySQL ODBC 3.51 ODBC Driver does not support these special characters in the password box. The only error message you would receive is “Access denied” (using password: YES)" - from http://www.plaintutorials.com/install-and-create-mysql-odbc-connector-on-windows-7/
The user/host combination may have been created without password.
I was assuming that when adding a new host for an existing user (using a GUI app), the existing password would also be used for the new user/host combination.
I could log in with
mysql -u username -p PASSWORD
locally, but not from IPADDRESS with
mysql -u --host=HOST -p PASSWORD
(I could actually log in from IPADDRESS without using a password)
mysql -u --host=HOST
Setting the password allowed access:
set password for '<USER>'#'<IPADDRESS>' = '<PASSWORD>';
New location for mysql config file is
/etc/mysql/mysql.conf.d/mysqld.cnf
My case is absolutely simple.
You may have this problem in case if you type in WRONG password. No create user is needed (user already existed), no other permissions. Basically make sure that the password is correct. So make double-sure the password is correct

I can connect to my remote database via command line but not from golang, although local db works fine with both [duplicate]

MySQL 5.1.31 running on Windows XP.
From the local MySQL server (192.168.233.142) I can connect as root as follows:
>mysql --host=192.168.233.142 --user=root --password=redacted
From a remote machine (192.168.233.163), I can see that the mysql port is open:
# telnet 192.168.233.142 3306
Trying 192.168.233.142...
Connected to 192.168.233.142 (192.168.233.142).
But when trying to connect to mysql from the remote machine, I receive:
# mysql --host=192.168.233.142 --user=root --password=redacted
ERROR 1045 (28000): Access denied for user 'root'#'192.168.233.163' (using password: YES)
I have only 2 entries in mysql.user:
Host User Password
--------------------------------------
localhost root *blahblahblah
% root [same as above]
What more do I need to do to enable remote access?
EDIT
As suggested by Paulo below, I tried replacing the mysql.user entry for % with an IP specific entry, so my user table now looks like this:
Host User Password
------------------------------------------
localhost root *blahblahblah
192.168.233.163 root [same as above]
I then restarted the machine, but the problem persists.
You have to put this as root:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY 'PASSWORD' with grant option;
;
where IP is the IP you want to allow access, USERNAME is the user you use to connect, and PASSWORD is the relevant password.
If you want to allow access from any IP just put % instead of your IP
and then you only have to put
FLUSH PRIVILEGES;
Or restart mysql server and that's it.
I was getting the same error after granting remote access until I made this:
From /etc/mysql/my.cnf
In newer versions of mysql the location of the file is
/etc/mysql/mysql.conf.d/mysqld.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
(comment this line: bind-address = 127.0.0.1)
Then run service mysql restart.
By default in MySQL server remote access is disabled. The process to provide a remote access to user is.
Go to my sql bin folder or add it to PATH
Login to root by mysql -uroot -proot (or whatever the root password is.)
On success you will get mysql>
Provide grant access all for that user.
GRANT ALL PRIVILEGES ON *.* TO 'username'#'IP' IDENTIFIED BY 'password';
Here IP is IP address for which you want to allow remote access, if we put % any IP address can access remotely.
Example:
C:\Users\UserName> cd C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin>mysql -uroot -proot
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root';
Query OK, 0 rows affected (0.27 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.25 sec)
This for a other user.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'testUser'#'%' IDENTIFIED BY 'testUser';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Hope this will help
Paulo's help lead me to the solution. It was a combination of the following:
the password contained a dollar sign
I was trying to connect from a Linux shell
The bash shell treats the dollar sign as a special character for expansion to an environment variable, so we need to escape it with a backslash. Incidentally, we don't have to do this in the case where the dollar sign is the final character of the password.
As an example, if your password is "pas$word", from Linux bash we must connect as follows:
# mysql --host=192.168.233.142 --user=root --password=pas\$word
Do you have a firewall ? make sure that port 3306 is open.
On windows , by default mysql root account is created that is permitted to have access from localhost only unless you have selected the option to enable access from remote machines during installation .
creating or update the desired user with '%' as hostname .
example :
CREATE USER 'krish'#'%' IDENTIFIED BY 'password';
Try to flush privileges again.
Try to restart server to reload grants.
Try create a user with host "192.168.233.163". "%" appears to not allow all (it's weird)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
if you are using dynamic ip just grant access to 192.168.2.% so now you dont have to worry about granting access to your ip address every time.
I was struggling with remote login to MYSQL for my Amazon EC2 Linux instance. Found the solution was to make sure my security group included an inbound rule for MySQL port 3306 to include my IP address (or 0.0.0.0/0 for anywhere). Immediately could connect remotely as soon as I added this rule.
MySQL ODBC 3.51 Driver is that special characters in the password aren't handled.
"Warning – You might have a serious headache with MySQL ODBC 3.51 if the password in your GRANT command contains special characters, such as ! # # $ % ^ ?. MySQL ODBC 3.51 ODBC Driver does not support these special characters in the password box. The only error message you would receive is “Access denied” (using password: YES)" - from http://www.plaintutorials.com/install-and-create-mysql-odbc-connector-on-windows-7/
The user/host combination may have been created without password.
I was assuming that when adding a new host for an existing user (using a GUI app), the existing password would also be used for the new user/host combination.
I could log in with
mysql -u username -p PASSWORD
locally, but not from IPADDRESS with
mysql -u --host=HOST -p PASSWORD
(I could actually log in from IPADDRESS without using a password)
mysql -u --host=HOST
Setting the password allowed access:
set password for '<USER>'#'<IPADDRESS>' = '<PASSWORD>';
New location for mysql config file is
/etc/mysql/mysql.conf.d/mysqld.cnf
My case is absolutely simple.
You may have this problem in case if you type in WRONG password. No create user is needed (user already existed), no other permissions. Basically make sure that the password is correct. So make double-sure the password is correct

MySQL: How to allow remote connection to mysql

I have installed MySQL Community Edition 5.5 on my local machine and I want to allow remote connections so that I can connect from external source.
How can I do that?
That is allowed by default on MySQL.
What is disabled by default is remote root access. If you want to enable that, run this SQL command locally:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
And then find the following line and comment it out in your my.cnf file, which usually lives on /etc/mysql/my.cnf on Unix/OSX systems. In some cases the location for the file is /etc/mysql/mysql.conf.d/mysqld.cnf).
If it's a Windows system, you can find it in the MySQL installation directory, usually something like C:\Program Files\MySQL\MySQL Server 5.5\ and the filename will be my.ini.
Change line
bind-address = 127.0.0.1
to
#bind-address = 127.0.0.1
And restart the MySQL server (Unix/OSX, and Windows) for the changes to take effect.
After doing all of above I still couldn't login as root remotely, but Telnetting to port 3306 confirmed that MySQL was accepting connections.
I started looking at the users in MySQL and noticed there were multiple root users with different passwords.
select user, host, password from mysql.user;
So in MySQL I set all the passwords for root again and I could finally log in remotely as root.
use mysql;
update user set password=PASSWORD('NEWPASSWORD') where User='root';
flush privileges;
Just a note from my experience, you can find configuration file under this path /etc/mysql/mysql.conf.d/mysqld.cnf.
(I struggled for some time to find this path)
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
All process for remote login. Remote login is off by default.You need to open it manually for all ip..to give access all ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
Specific Ip
GRANT ALL PRIVILEGES ON *.* TO 'root'#'your_desire_ip' IDENTIFIED BY 'password';
then
flush privileges;
You can check your User Host & Password
SELECT host,user,authentication_string FROM mysql.user;
Now your duty is to change this
bind-address = 127.0.0.1
You can find this on
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
if you not find this on there then try this
sudo nano /etc/mysql/my.cnf
comment in this
#bind-address = 127.0.0.1
Then restart Mysql
sudo service mysql restart
Now enjoy remote login
Please follow the below mentioned steps inorder to set the wildcard remote access for MySQL User.
(1) Open cmd.
(2) navigate to path C:\Program Files\MySQL\MySQL Server 5.X\bin and
run this command.
mysql -u root -p
(3) Enter the root password.
(4) Execute the following command to provide the permission.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY
'PASSWORD';
USERNAME: Username you wish to connect to MySQL server.
IP: Public IP address from where you wish to allow access to MySQL
server.
PASSWORD: Password of the username used.
IP can be replaced with % to allow user to connect from any IP
address.
(5) Flush the previleges by following command and exit.
FLUSH PRIVILEGES;
exit;
or \q
I had to this challenge when working on a Java Project with MySQL server as the database.
Here's how I did it:
First, confirm that your MySQL server configuration to allow for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below to grant the root user remote access to the database named my_database:
USE my_database;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
Close comment at link /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf:
bind-address = 127.0.0.1 =>> #bind-address = 127.0.0.1
Change the hostname so that all machines can access it, run this SQL command locally:
UPDATE mysql.user SET Host='%' WHERE Host='localhost' AND User='root';
FLUSH PRIVILEGES;
Restart service:
sudo service mysql restart
Open port mysql:
sudo ufw allow 3306
If your MySQL server process is listening on 127.0.0.1 or ::1 only then you will not be able to connect remotely. If you have a bind-address setting in /etc/my.cnf this might be the source of the problem.
You will also have to add privileges for a non-localhost user as well.
If you installed MySQL from brew it really does only listen on the local interface by default. To fix that you need to edit /usr/local/etc/my.cnf and change the bind-address from 127.0.0.1 to *.
Then run brew services restart mysql.
Just F.Y.I
I pulled my hair out with this problem for hours.. finally I call my hosting provider and found that in my case using a cloud server that in the control panel for 1and1 they have a secondary firewall that you have to clone and add port 3306. Once added I got straight in..
For whom it needs it, check firewall port 3306 is open too, if your firewall service is running.
This blog How to setup a MySQL server on Local Area Network will be useful in setting up a MySQL from scratch
If mysqld has a bind address set to a loopback/local address (e.g. 127.0.0.1), the server will not be reachable from remote hosts, because a loopback interface cannot be reached from any remote host.
Set this option to 0.0.0.0 (:: for IPv4+6) to accept connections from any host, or to another externally-reachable address if you want to only allow connections on one interface.
Source
And for OS X people out there be aware that the bind-address parameter is typically set in the launchd plist and not in the my.ini file. So in my case, I removed <string>--bind-address=127.0.0.1</string> from /Library/LaunchDaemons/homebrew.mxcl.mariadb.plist.
Enabling remote root access can be dangerous. It would be preferable if you were to set up user accounts with more restrictive permissions. The following three steps should do it.
Ensure that the line starting with bind-address ... is at least commented out in your my.ini or my.cnf file. If it doesn't exist, move on.
You can find this file in C:\ProgramData\MySQL\MySQL Server 8.0 on Windows.
Afterwards, check that the user account you are establishing the connection with does not have localhost in the Limit to Hosts Matching field. While it isn't recommended, you can instead put % in that field for testing purposes. You can do this by opening a local connection to the server with MySQL Workbench, then going to Server>Users and Privileges from the menu bar and finding the user account you want to connect with.
The "Limit to Hosts Matching" field is what disallows you to connect non-locally. I.e. it limits the accepted connections to a pattern of IP addresses. Ideally, you should be accessing the MySQL server from a static IP address or subnet, so that you can be as restrictive as possible.
Obviously, your firewall should allow the MySQL Server application to communicate over the port you want. The physical networking equipment in between you and your server should allow communication on the port you want to connect with. (port 3306 typically)
MySQL 8 no longer allows you to create a user using the GRANT command. You need to create the user first.
CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
some times need to use name of pc on windows
first step) put in config file of mysql:
mysqld.cnf SET bind-address= 0.0.0.0
(to let recibe connections over tcp/ip)
second step) make user in mysql, table users, with name of pc on windows propierties, NOT ip
Check remote server grant permission to Wildcard access to port 3306:
sudo lsof -i -P -n | grep LISTEN
It should NOT be same like this:
mysqld 23083 mysql 21u IPv4 145900142 0t0 TCP
127.0.0.1:3306 (LISTEN)
In this case, we need to update /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/mariadb.conf.d/50-server.cnf with:
bind-address = 127.0.0.1 --> 0.0.0.0
And then restart mysql "sudo service mysql restart"
In order to test mySQL connection from a client:
nc -vz <host_address> 3306