MySQL permission denied from local but can connect remotely - mysql

I am trying to connect to my mysql database on a remote server (via ssh) through the command:
mysql -u me -h mydomain.com -p
But it fails with a ERROR 1045 (28000): Access denied for user.. error
While
mysql -u me -h localhost -p
Works
Now this isn't just because I have not setup permissions, because the permissions to this database are set for % or any host for the me user.
This is proved by the fact that I can connect correctly from my local machine to the server, using the same user. i.e. running the following command from my local machine works:
mysql -u me -h mydomain.com -p
So my question why does this happen and how can I fix it? Why can I not connect to my mysql server from my server when I use the domain name instead of localhost, even though the permissions are setup to accept connections from any host.

This happens because of the way MySQL handles permission grants.
When you connect from a remote host (or from the local host via an external IP), it will match the me#% entry (if there is no specific grant for the particular host you're using!). But when you connect via the loopback interface (the "localhost" IP) or a socket, it will use the me#localhost grant. So you must have two GRANT PRIVILEGES; one for me#localhost and one for me#%.

Related

Use same database with different computers on same lan [duplicate]

I have MySQL setup in a PC on my local network, how do I connect to it?
I also have MySQL installed on this computer (which I want to use to connect to the database).
I tried the following but it's not working:
mysql -u user -h 192.168.1.28:3306 -p password
ERROR 2005 (HY000): Unknown MySQL server host '192.168.1.28:3306' (0)
EDIT
Thanks for your help. Anyway, I connect without 3306 and I have another problem. MACBOOK is the name of my client computer.
mysql -u user -ppassword -h 192.168.1.28
ERROR 1045 (28000): Access denied for user 'user'#'MACBOOK' (using password: YES)
Thanks.
That was a very useful question! Since we need to run the application with a centralized database, we should give the privileges to that computer in LAN to access the particular database hosted in LAN PC. Here is the solution for that!
Go to MySQL server
Type the following code to grant access for other pc:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root_password';
then type:
FLUSH PRIVILEGES;
Replace % with the IP you want to grant access for!
Users who can Install MySQL Workbench on MySQL Server Machine
If you use or have MySQL Workbench on the MySQL Server PC you can do this with just a few clicks. Recommend only for development environment.
Connect to MySQL Server
Find this option Users and Privileges from Navigator and click on it.
Select root user and change value for Limit to Hosts Matching to %.
The click Apply at the bottom.
This should enable root user to access MySQL Server from remote machine.
Since you have MySQL on your local computer, you do not need to bother with the IP address of the machine. Just use localhost:
mysql -u user -p
or
mysql -hlocalhost -u user -p
If you cannot login with this, you must find out what usernames (user#host) exist in the MySQL Server locally. Here is what you do:
Step 01) Startup MySQL so that no passwords are require no passwords and denies TCP/IP connections
service mysql restart --skip-grant-tables --skip-networking
Keep in mind that standard SQL for adding users, granting and
revoking privileges are disabled.
Step 02) Show users and hosts
select concat(''',user,'''#''',host,'''') userhost,password from mysql.user;
Step 03) Check your password to make sure it works
select user,host from mysql.user where password=password('YourMySQLPassword');
If your password produces no output for this query, you have a bad
password.
If your password produces output for this query, look at the users
and hosts. If your host value is '%', your should be able to connect
from anywhere. If your host is 'localhost', you should be able to
connect locally.
Make user you have 'root'#'localhost' defined.
Once you have done what is needed, just restart mysql normally
service mysql restart
If you are able to connect successfully on the macbook, run this
query:
SELECT USER(),CURRENT_USER();
USER() reports how you attempted to authenticate in MySQL
CURRENT_USER() reports how you were allowed to authenticate in
MySQL
Let us know what happens !!!
UPDATE 2012-02-13 20:47 EDT
Login to the remote server and repeat Step 1-3
See if any user allows remote access (i.e, host in mysql.user is '%'). If you do not, then add 'user'#'%' to mysql.user.
Follow a simple checklist:
Try pinging the machine ping 192.168.1.2
Ensure MySQL is running on the specified port 3306 i.e. it has not been modified.
Ensure that the other PC is not blocking inbound connections on that port. If it is, add a firewall exception to allow connections on port 3306 and allow inbound connections in general.
It would be nice if you could post the exact error as it is displayed when you attempt to make that connection.
mysql -u user -h 192.168.1.2 -p
This should be enough for connection to MySQL server.
Please, check the firewall of 192.168.1.2 if remote connection to MySQL server is enabled.
Regards
In Ubuntu Follow these steps:
Set bind-address at /etc/mysql/mysql.conf.d
Change bind-address = 127.0.0.1 to bind-address = 192.24.805.50 # your IP
Grant permission for the remote machine
mysql>GRANT ALL PRIVILEGES ON *.* TO 'root'#'[remoteip]' IDENTIFIED
BY 'anypassword' WITH GRANT OPTION;
Then try connect from remote machine
mysql -u root -h 192.24.805.50 -p
Connecting to any mysql database should be like this:
$mysql -h hostname -Pportnumber -u username -p (then enter)
Then it will ask for password. Note: Port number should be closer to -P or it will show error. Make sure you know what is your mysql port. Default is 3306 and is optional to specify the port in this case. If its anything else you need to mention port number with -P or else it will show error.
For example:
$mysql -h 10.20.40.5 -P3306 -u root -p (then enter)
Password:My_Db_Password
Gubrish about product you using.
mysql>_
Note: If you are trying to connect a db at different location make sure you can ping to that server/computer.
$ping 10.20.40.5
It should return TTL with time you got back PONG.
If it says destination unreachable then you cannot connect to remote mysql no matter what.
In such case contact your Network Administrator or Check your cable connection to your computer till the end of your target computer. Or check if you got LAN/WAN/MAN or internet/intranet/extranet working.
actually you shouldn't specify port in the host name. Mysql has special option for port (if port differs from default)
kind of
mysql --host=192.168.1.2 --port=3306
You don't have to specify ':3306' after the IP, it's the default port for MySQL.
And if your MySQL server runs with another port than 3306, then you have to add '-P [port]' instead of adding it to the IP address.
The MySQL client won't recognize the syntax "host:port", you HAVE to use -P [port] instead.
And btw, if you use '-p password', it won't work and will ask you the password again. You have to stick the password to the -p : -ppassword. (still, it's a very bad habit, because anyone that could do a PS on your server could see the plain password...)
You should use this:
>mysql -u user -h 192.168.1.2 -P 3306 -ppassword
or this:
>mysql -u user -h 192.168.1.2 -ppassword
...because 3306 is a default port number.
mysql Options

Unable to connect to mysql remotely

I have a mysql database running on a VPS. I can ssh into the host and connect to mysql with no problems. I cannot connect to mysql remotely from my desktop. I have performed the following:
opened port 3306 on the firewall
added my local IP to the remote IPs accepted by mysql. This was done via CPanel
executed
GRANT ALL ON dbname.* TO username#'x.x.x.x' IDENTIFIED BY 'PASSWORD'
to tell mysql to let me connect from the specified address.
I execute the following from the command line on my desktop:
mysql -h x.x.x.x -u username -p
I get a password prompt which indicates I am past the firewall and mysql is responding. When I supply the password, it denies access:
ERROR 1045 (28000): Access denied for user 'username'#'x.x.x.x' (using password: YES)
Have I missed something?
The answer was given in the comments, so I will repeat it here to properly close the thread. alvits suspected that the remote user had not been created. It had been created but his comment prompted me to clean up the user table.
I deleted all remote users including loads that had been created by CPanel or migrated from another host. I then started from scratch doing create user and grant all and it works now.
Thanks!

MySQL Database Connection via SSH Tunnel

i have a problem with our new database. The only way to access the database is throw a SSH tunnel. But it doesn't work...
I use following commands:
sshpass -p <PASSWORD> ssh <USER>#<DOMAIN> -p <PORT> -L 3306:localhost:3306 -f -N
I think the ssh tunnel works and is established.
Now I want to connect via Shell-File the database.
deposit=`mysql -h localhost --port=3306 -u <DATABASEUSER> --password=<DATABASEPASSWORD> --skip-column-names -e "<MYSQLSYNTAX>"`
But there is always folowing error:
ERROR 1045 (28000): Access denied for user '<DATABASEUSER>'#'localhost' (using password: YES)
Do you have any ideas or am I doing something wrong?
Thank you very much!
Assuming all your permissions are okay, it may be worth swapping localhost for 127.0.0.1.
As per the MySQL docs: http://dev.mysql.com/doc/refman/5.5/en/connecting.html
On Unix, MySQL programs treat the host name localhost specially, in a
way that is likely different from what you expect compared to other
network-based programs. For connections to localhost, MySQL programs
attempt to connect to the local server by using a Unix socket file.
This occurs even if a --port or -P option is given to specify a port
number. To ensure that the client makes a TCP/IP connection to the
local server, use --host or -h to specify a host name value of
127.0.0.1, or the IP address or name of the local server.
As I understand you are trying to create a tunnel between your computer and a remote computer that's running SQL server. In your ssh command substitute 3306:localhost:3306 with the remote computer IP address. Note this should be its internal local IP address if you are not in the same local network as the remote computer. Check your SQL Database permissions, username and password as well.

Unable to setup remote connections MYSQL Ubuntu

I'm having trouble opening a up my MYSQL server to ALL remote connections. I have followed many online guides and appear to have something wrong. Perhaps SO could provide guidance? My server details are as follows:
Ubuntu 12.04 Server,
MYSQL Ver 14.14 Distrib 5.5.34, for debian-linux-gnu (x86_64) using readline 6.2
/etc/mysql/my.cnf: Other stuff too, but importantly the bind-address...
bind-address = 0.0.0.0
my.conf has the following permissions:
-rw-r--r-- 1 root root 3516 Jan 31 17:12 my.cnf
The server isn't blocked because:
telnet myDomain.com 3306
prompts for my native mysql password.
MYSQL Queries
CREATE USER 'myUser'#'%' IDENTIFIED BY 'myPASSWORD';
GRANT INSERT
ON db.table_v
TO 'myUser'#'%'
IDENTIFIED BY 'myPASSWORD';
FLUSH PRIVILEGES;
Permissions from show grants for 'myUser'#'%';
GRANT USAGE ON . TO 'myUser'#'%' IDENTIFIED BY PASSWORD '****************'
GRANT INSERT ON db.table_v TO 'myUser'#'%'
I also restarted my server
PROBLEM:
mysql -h myDomain.com -u myUser -p
Enter password:
ERROR 1045 (28000): Access denied for user 'myDomain'#'***MYIPADDRESS***' (using password: YES)
I am also not able to login locally with any user where the host is not specifically local, such as '%' or my home IP.
this is interesting if not typo:
Access denied for user 'myDomain'
are you trying to use your domain name as username? there should be myUser instead of myDomain cause you give remote permissions to myUser only.
also in:
mysql -h myDomain.com -u myUser -p
-h means the host where mysql server resides, not your user's current host. so trying anything other then "localhost" when you're locally trying to connect the database surely gives error cause you are trying to connect a database you are not intend to. suppose you are connected to mysql server locally and typed the above line; this command will try to connect the server at myDomain.com with the user myUser and password you provide. if the permissions you defined are where you run this command, you'll get that access denied error cause you are connecting to a different server.
I think the problem is the location of the .cnf file where you specify the bind-address attribute.
Most guides and tutorials say the file is /etc/mysql/my.cnf but after many tries I realized that the correct place was in mysqld.cnf file under mysqld profile.
Try to include the bind-address attribute there.
To check if this worked for you type "netstat -lt" and find if the local address of mysql process is 0.0.0.0:3306.
Then check again yor connection
You need also create local user account
CREATE USER 'myUser'#'localhost' IDENTIFIED BY 'myPASSWORD';
MySQL Manual | Adding users
I don't advise usage such unsecure statements as
GRANT ALL ON *.* TO 'myuser'#'%';
It creates superuser e.g. grants privileges to all databases for all operations.
May I ask why you need direct access to MySQL? MySQL should really only listen to localhost, but you can access easily using SSH.
If using Windows, Putty allows you to establish an SSH connection to the host, and then forward 3306 localhost traffic to your own computer.
Better still, programs like SQLyog allow SSH tunnel connections to MySQL which is how I usually connect (unless the servers are on a VPN).
Are you using this server for development or does it have a public IP address?
please post the result of
nmap ***MYIPADDRESS***
and
nmap localhost
and
nmap MyDomain
if you do not have nmap install it from apt, then I can help you more.

Connecting to MySQL server on another PC in LAN

I have MySQL setup in a PC on my local network, how do I connect to it?
I also have MySQL installed on this computer (which I want to use to connect to the database).
I tried the following but it's not working:
mysql -u user -h 192.168.1.28:3306 -p password
ERROR 2005 (HY000): Unknown MySQL server host '192.168.1.28:3306' (0)
EDIT
Thanks for your help. Anyway, I connect without 3306 and I have another problem. MACBOOK is the name of my client computer.
mysql -u user -ppassword -h 192.168.1.28
ERROR 1045 (28000): Access denied for user 'user'#'MACBOOK' (using password: YES)
Thanks.
Users who can Install MySQL Workbench on MySQL Server Machine
If you use or have MySQL Workbench on the MySQL Server PC you can do this with just a few clicks. Recommend only for development environment.
Connect to MySQL Server
Find this option Users and Privileges from Navigator and click on it.
Select root user and change value for Limit to Hosts Matching to %.
The click Apply at the bottom.
This should enable root user to access MySQL Server from remote machine.
That was a very useful question! Since we need to run the application with a centralized database, we should give the privileges to that computer in LAN to access the particular database hosted in LAN PC. Here is the solution for that!
Go to MySQL server
Type the following code to grant access for other pc:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root_password';
then type:
FLUSH PRIVILEGES;
Replace % with the IP you want to grant access for!
Since you have MySQL on your local computer, you do not need to bother with the IP address of the machine. Just use localhost:
mysql -u user -p
or
mysql -hlocalhost -u user -p
If you cannot login with this, you must find out what usernames (user#host) exist in the MySQL Server locally. Here is what you do:
Step 01) Startup MySQL so that no passwords are require no passwords and denies TCP/IP connections
service mysql restart --skip-grant-tables --skip-networking
Keep in mind that standard SQL for adding users, granting and
revoking privileges are disabled.
Step 02) Show users and hosts
select concat(''',user,'''#''',host,'''') userhost,password from mysql.user;
Step 03) Check your password to make sure it works
select user,host from mysql.user where password=password('YourMySQLPassword');
If your password produces no output for this query, you have a bad
password.
If your password produces output for this query, look at the users
and hosts. If your host value is '%', your should be able to connect
from anywhere. If your host is 'localhost', you should be able to
connect locally.
Make user you have 'root'#'localhost' defined.
Once you have done what is needed, just restart mysql normally
service mysql restart
If you are able to connect successfully on the macbook, run this
query:
SELECT USER(),CURRENT_USER();
USER() reports how you attempted to authenticate in MySQL
CURRENT_USER() reports how you were allowed to authenticate in
MySQL
Let us know what happens !!!
UPDATE 2012-02-13 20:47 EDT
Login to the remote server and repeat Step 1-3
See if any user allows remote access (i.e, host in mysql.user is '%'). If you do not, then add 'user'#'%' to mysql.user.
Follow a simple checklist:
Try pinging the machine ping 192.168.1.2
Ensure MySQL is running on the specified port 3306 i.e. it has not been modified.
Ensure that the other PC is not blocking inbound connections on that port. If it is, add a firewall exception to allow connections on port 3306 and allow inbound connections in general.
It would be nice if you could post the exact error as it is displayed when you attempt to make that connection.
mysql -u user -h 192.168.1.2 -p
This should be enough for connection to MySQL server.
Please, check the firewall of 192.168.1.2 if remote connection to MySQL server is enabled.
Regards
In Ubuntu Follow these steps:
Set bind-address at /etc/mysql/mysql.conf.d
Change bind-address = 127.0.0.1 to bind-address = 192.24.805.50 # your IP
Grant permission for the remote machine
mysql>GRANT ALL PRIVILEGES ON *.* TO 'root'#'[remoteip]' IDENTIFIED
BY 'anypassword' WITH GRANT OPTION;
Then try connect from remote machine
mysql -u root -h 192.24.805.50 -p
Connecting to any mysql database should be like this:
$mysql -h hostname -Pportnumber -u username -p (then enter)
Then it will ask for password. Note: Port number should be closer to -P or it will show error. Make sure you know what is your mysql port. Default is 3306 and is optional to specify the port in this case. If its anything else you need to mention port number with -P or else it will show error.
For example:
$mysql -h 10.20.40.5 -P3306 -u root -p (then enter)
Password:My_Db_Password
Gubrish about product you using.
mysql>_
Note: If you are trying to connect a db at different location make sure you can ping to that server/computer.
$ping 10.20.40.5
It should return TTL with time you got back PONG.
If it says destination unreachable then you cannot connect to remote mysql no matter what.
In such case contact your Network Administrator or Check your cable connection to your computer till the end of your target computer. Or check if you got LAN/WAN/MAN or internet/intranet/extranet working.
actually you shouldn't specify port in the host name. Mysql has special option for port (if port differs from default)
kind of
mysql --host=192.168.1.2 --port=3306
You don't have to specify ':3306' after the IP, it's the default port for MySQL.
And if your MySQL server runs with another port than 3306, then you have to add '-P [port]' instead of adding it to the IP address.
The MySQL client won't recognize the syntax "host:port", you HAVE to use -P [port] instead.
And btw, if you use '-p password', it won't work and will ask you the password again. You have to stick the password to the -p : -ppassword. (still, it's a very bad habit, because anyone that could do a PS on your server could see the plain password...)
You should use this:
>mysql -u user -h 192.168.1.2 -P 3306 -ppassword
or this:
>mysql -u user -h 192.168.1.2 -ppassword
...because 3306 is a default port number.
mysql Options