[英]Cannot connect remotely to EC2 MySQL installation
End of my tether, hours of variations... 束缚的尽头,数小时的变化...
I am trying to access installed MySQL running on an EC2 instances. 我正在尝试访问在EC2实例上运行的已安装MySQL。 Lots of searching (this seemed closest to my issues Connect to mysql on Amazon EC2 from a remote server ), and I'm obviously missing something silly or mis-understanding. 大量搜索(这似乎是我的问题中最接近的问题,从远程服务器连接到Amazon EC2上的mysql ),我显然缺少一些愚蠢或误解的东西。
EC2 Ubuntu, mysqld running fine, local web/app server working fine all connecting. EC2 Ubuntu,mysqld运行正常,本地Web /应用服务器正常运行,所有连接正常。 I can mysql from local. 我可以从本地mysql。 I need external access to this dev machine as using iron.io which needs to reach the database from external. 我需要从外部访问此开发机器,就像使用iron.io一样,它需要从外部访问数据库。
I have 我有
I have tried 我努力了
(Always restarting server after) (之后总是重新启动服务器)
Nothing works, the test always 没用,测试总是
$ mysql --host=54.xxx --port=3306 --user=myuser -p Enter password: ERROR 1045 (28000): Access denied for user 'myuser'@'54.xxx' (using password: YES) $ mysql --host = 54.xxx --port = 3306 --user = myuser -p输入密码:错误1045(28000):用户'myuser'@'54.xxx'的访问被拒绝(使用密码:是)
I have noticed however that 但是我注意到
netstat -a shows a different port & a socket listening!? netstat -a显示不同的端口和套接字监听!
The listening port in the netstat below is not 3306 BUT i've telneted externally to that port and it shows mysql IS listening 我下面的netstat中的侦听端口不是3306,但是我已经从外部远程连接到该端口,并且它显示mysql正在侦听
Can anyone suggest any step I've missed? 有人可以建议我错过的任何步骤吗?
Extracts of db priviledges, my.cnf below db特权的摘录,以下是my.cnf
# user_privileges
# e.g. SELECT * from information_schema.user_privileges;
+--------------------------------+---------------+-------------------------+--------------+
| GRANTEE | TABLE_CATALOG | PRIVILEGE_TYPE | q1 |
+--------------------------------+---------------+-------------------------+--------------+
| 'root'@'localhost' | def | SELECT | YES |
...
| 'myuser'@'%' | def | SELECT | NO |
| 'myuser'@'%' | def | INSERT | NO |
| 'myuser'@'%' | def | UPDATE | NO |
#
]$ netstat -a | grep 'mysql'
tcp 0 0 *:mysql *:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 61212 /var/run/mysqld/mysqld.sock
$ telnet 54.x.x.x 3306
Trying 54.x.x.x...
Connected to ec2-54-x-x-x.us-west-2.compute.amazonaws.com.
Escape character is '^]'.
[
5.5.44-0ubuntu0.14.04.1+c<>d^+W?1*!e\{wdp&hZmysql_native_password
# my.cnf
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
#skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = localhost
# donts seem to work
bind-address = 0.0.0.0
# does not work
# ec2 external ip
#bind-address = 54.x.x.x
# ec2 internal ip
#bind-address = 172.x.x.x
the best tool i found was sqlyog, (perhaps mysql workbench too), which would actually tell the hostname you are coming in from on the failed connect. 我发现的最好的工具是sqlyog(也许还有MySQL工作台),它实际上会告诉您失败连接时来自的主机名。
The reason I like it is that it keeps security tight, showing something like Access denied for user "fred123@hdm38.newyork.comcastbusiness.net". 我喜欢它的原因是它保持了紧密的安全性,显示了诸如“ fred123@hdm38.newyork.comcastbusiness.net”用户的访问被拒绝之类的信息。 Note, that hostname, I just made up, but it is important, whatever yours is coming in. Otherwise it is wildcard time, something I won't do. 请注意,该主机名是我刚刚编造的,但无论您要输入什么主机名,这都非常重要。否则,这是通配符时间,我不会做。 You might choose to. 您可能会选择。
that is important because that hostname ( hdm38.newyork.comcastbusiness.net ) is the one i use during mysql create user
as opposed to using wildcards like % 这很重要,因为主机名( hdm38.newyork.comcastbusiness.net )是我在mysql create user
期间使用的主机名,而不是使用%之类的通配符
I let that connect above fail, but I note what the hostname is above. 我让上面的连接失败,但是我注意到上面的主机名。 You will see it below. 您将在下面看到它。
1) your remote user is connecting through an account that was created with appropriate user,host
entries (look at output from select user,host from mysql.user order by 1,2
) 1)您的远程用户正在通过使用适当的user,host
条目创建的帐户进行连接(请查看select user,host from mysql.user order by 1,2
输出select user,host from mysql.user order by 1,2
)
CREATE USER 'santa'@'hdm38.newyork.comcastbusiness.net' IDENTIFIED BY 'mypassword';
With that above command we now have a new user that has a chance to get in. Cannot do anything. 通过上述命令,我们现在有了一个新用户,该用户有机会进入。无法执行任何操作。 Cannot change to a db. 无法更改为数据库。 Basically they can just do things like select now();
基本上,他们可以做诸如select now();
类的事情select now();
2) you have performed grants
with flush privileges
(at least the former) 2)您已经执行grants
具有flush privileges
(至少是前者)
GRANT ALL PRIVILEGES ON mydb123.* TO 'santa'@'hdm38.newyork.comcastbusiness.net';
Our user with the above command now can do anything in the mydb123 database/schema. 现在,使用上述命令的用户可以在mydb123数据库/模式中执行任何操作。 Explore that above Grant command in the manual for fine-tuning access to the bare minimum for the users you create. 浏览手册上方Grant命令上方的内容,以微调您创建的用户的最低访问权限。
If you are new to mysql security, do not include the WITH GRANT OPTION
until you research it. 如果您不熟悉mysql安全性,请在研究它之前不要包括WITH GRANT OPTION
。
There are those that would say have that hostname above to be '%' for steps 1 and 2. That means santa can connect from any host. 有些人说步骤1和2的主机名是“%”,这意味着santa可以从任何主机进行连接。 The choice is yours. 这是你的选择。 Start tight, loosen up once you are getting somewhere and have done the research on it. 开始收紧,一旦到达某个地方并对其进行了研究,就放松一下。
3) you have modified my.cnf and changed bind-address
away from 127.0.0.1
or localhost
, in favor of 0.0.0.0
3)您修改了my.cnf并从127.0.0.1
或localhost
更改了bind-address
,而改为0.0.0.0
If bind-address is not 0.0.0.0
, you are only connecting with ssh 如果bind-address不是0.0.0.0
,则仅与ssh连接
4) you have modified my.cnf and have a rem'd out line #skip-networking
. 4)您修改了my.cnf ,并删除了#skip-networking
。 Even if you have to create the line just to rem it out, do it. 即使您必须创建一条线来重新制作它,也要这样做。
3/4 changes require mysql daemon restart 3/4的更改需要重新启动mysql守护程序
5) firewall issues. 5)防火墙问题。 So for EC2, you need your AWS Security Group
that is active for the instance to include the opening up of port 3306 因此,对于EC2,您需要针对实例处于活动状态的AWS Security Group
,以包括开放端口3306
我一直运行到与在亚马逊Linux和该溶液的mysqld 37年5月6日这个相同的问题是增加行bind-address = 0.0.0.0
到/etc/my.cnf
下面[mysqld]
但上述[mysqld_safe]
Changing the bind-address to 0.0.0.0
in my.cnf
solved the issue for me. 在my.cnf
中将bind-address更改为0.0.0.0
为我解决了这个问题。 I have installed virtualmin, so don't have to go through all that MySQL user creation and granting permission part, done that with the help of GUI. 我已经安装了virtualmin,所以不必经历所有MySQL用户创建和授予权限的部分,而需要借助GUI来完成。 But I wasn't able to connect to the MySQL server remotely. 但是我无法远程连接到MySQL服务器。
I have another VPS and it has no issues connecting remotely with the MySQL server, and I was not able to find the solution to connect to this EC2 instance's MySQL server remotely. 我有另一个VPS,它与MySQL服务器远程连接没有问题,而且我找不到远程连接到此EC2实例的MySQL服务器的解决方案。 I was looking for a solution for past few days, and when I followed your instructions and changed the bind-address, and restarted the MySQL server, it all worked fine for me. 过去几天,我一直在寻找解决方案,当我按照您的说明更改绑定地址并重新启动MySQL服务器时,对我来说一切正常。
Thanks again. 再次感谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.