从外部主机/IP 访问 mysql 数据库? (即:mysql工作台)

发布于 2024-11-05 12:57:24 字数 422 浏览 4 评论 0原文

我有一个在xxxx上运行的mysql服务器,并且可以在内部访问它没有问题(当然)。然而,当尝试从外部连接时,即使用 mysql 工作台,甚至从外部服务器连接时,我收到错误消息“主机‘bla.bla.bla’不允许连接到此 MySQL 服务器”。

我已完成:

我还遗漏了另一个基本的安全问题吗?

I have a mysql server running on x.x.x.x, and can access it internally no problem (of course). However when attempting to connect externally, ie using mysql workbench, or even from an external server, I get the error message "Host 'bla.bla.bla' is not allowed to connect to this MySQL server".

I have done:

  • GRANT ALL PRIVILEGES ON *.* TO [email protected] IDENTIFIED BY "somepass";
  • And I have opened port 3306 in iptables.

Is there another fundamental security issue I am missing?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(8

巷子口的你 2024-11-12 12:57:24

您需要执行

GRANT ALL PRIVILEGES ON *.* TO mysql@'bla.bla.bla' ...

@ 之后的部分是连接来自的主机,因此您只允许来自本地主机的连接。您需要允许来自每个必要的远程主机的访问(或所有主机 - ... mysql@'%' ... - 如果适用)。

You need to do

GRANT ALL PRIVILEGES ON *.* TO mysql@'bla.bla.bla' ...

The part after the @ is the host from which the connection is coming, so you have allowed only connections coming from localhost. You need to allow access from each remote host necessary (or all hosts - ... mysql@'%' ... - if applicable).

深海不蓝 2024-11-12 12:57:24

为了解决这个问题,您需要执行以下命令:

mysql -u root -p
[enter in your password]
CREATE USER 'mysqluser'@'%' IDENTIFIED BY 'aC0MPL3XPa33W0RD';
GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'%' WITH GRANT OPTION;

To solve this you needed to perform the following commands:

mysql -u root -p
[enter in your password]
CREATE USER 'mysqluser'@'%' IDENTIFIED BY 'aC0MPL3XPa33W0RD';
GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'%' WITH GRANT OPTION;
鹿! 2024-11-12 12:57:24

我有完全相同的情况。我的MYSQL安装在centOS上。
涅槃之道如下。

  1. 绑定地址:不工作
  2. 授予权限:不工作
  3. Iptables 关闭时:不工作。

解决方案:我深入研究了 iptables 并进行了以下更改:

  1. 使用以下命令访问 iptables: vim /etc/sysconfig/iptables
  2. 如果您发现以下语句,请通过在开头添加“#”来注释它们线。

    -A INPUT -s 123.123.123.123/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j 接受

    -A INPUT -j REJECT --reject-with icmp-host-prohibited

    -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT

  3. 重新启动使用以下命令重新启动 iptables:service iptables restart

是的,这对我有用。希望它对某人有用。

I had the exactly similar situation.my MYSQL is installed on a centOS.
The path to Nirvana is as below.

  1. bind-address: DID NOT WORK
  2. grant permission: DID NOT WORK
  3. Iptables when turned off: DID work.

SOLUTION:I went fishing into the iptables and made following changes:

  1. Access the iptables using the command : vim /etc/sysconfig/iptables
  2. If you find the below statements COMMENT them out by adding a '#' at the beginning of the line.

    -A INPUT -s 123.123.123.123/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

    -A INPUT -j REJECT --reject-with icmp-host-prohibited

    -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT

  3. Restart the iptables using the command: service iptables restart

Yep, that worked for me. Hope it is useful to someone.

舂唻埖巳落 2024-11-12 12:57:24

当我得到我的服务器时,即使我从 MySQL 客户端应用程序访问 mysql 也遇到了同样的问题,
然后我授予Mysql权限,并进行以下查询。

它工作得很好

**GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd';** 

db_base is the database Name
db_user is database User
db_passwd is the database password 

一旦你执行这个刷新它,通过以下命令
FLUSH PRIVILEGES;

假设如果您希望授予访问数据库中某些表的权限,您可以使用以下命令

GRANT ALL PRIVILEGES ON db_base.HELLOWORLD TO db_user @'%' IDENTIFIED BY 'db_passwd';

其中 HELLOWORLD 是表名称

When I Got my server,even I had the same problem accessing the mysql from MySQL client application,
Then I granted the Mysql permission, with following query.

it worked Great

**GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd';** 

db_base is the database Name
db_user is database User
db_passwd is the database password 

Once you execute this flush it, by the following command
FLUSH PRIVILEGES;

Suppose if you are looking to give privileges to access certain tables in the Database you can use the following command

GRANT ALL PRIVILEGES ON db_base.HELLOWORLD TO db_user @'%' IDENTIFIED BY 'db_passwd';

Where HELLOWORLD is the table Name

孤者何惧 2024-11-12 12:57:24

您是否以 mysql 用户身份连接?您可以尝试运行 GRANT 查询: GRANT ALL PRIVILEGES ON *.* TO [电子邮件受保护] 由“somepass”识别;

Are you connecting as user mysql? You might try running the GRANT query as : GRANT ALL PRIVILEGES ON *.* TO [email protected] IDENTIFIED BY "somepass";

甜味拾荒者 2024-11-12 12:57:24

您是否已验证 mysql 工作台正在尝试使用适当的用户名进行连接?运行 grant 命令后,您是否刷新了权限

Have you verified that mysql workbench is trying the connect using the appropriate username? Have you flushed the privileges after running the grant command?

二智少女 2024-11-12 12:57:24

我不知道这个绑定地址背后的安全细节,只是通过在虚拟机上安装 debian 服务器来学习。
该客人有一个虚拟网卡设置为桥接器,因此房子的其他人可以看到它。它的IP是192.168.1.4。
在另一台计算机 (192.168.1.3) 上,连接失败,bind-address = 127.0.0.1
设置 bind-address = 192.168.1.4 效果很好。
(它自己的地址,逐字逐句)
它一定是虚拟配置中 127.0.0.1 的解释,不确定......

I dont know the ins and outs of security behind this bind-addressthing, just learning by installing a debian server on a virtual-box machine.
This guest has a virtual network card set up as a bridge, so the rest of the house can see it. Its IP is 192.168.1.4.
From another computer (192.168.1.3), connection failed with bind-address = 127.0.0.1.
Set up bind-address = 192.168.1.4 works fine.
(its own address, litterally)
It must be the interpretation of 127.0.0.1 inside a virtual config, not sure...

月棠 2024-11-12 12:57:24

注释掉

bind-address = localhost
#bind-address = localhost < this is what it should look like.

MySQL my.conf 文件中的行:。它通常位于 /etc/mysql/my.conf 中。

Comment out the line:

bind-address = localhost
#bind-address = localhost < this is what it should look like.

in your MySQL my.conf file. It is normally located in /etc/mysql/my.conf.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文