MySQL Workbench - 'Access Denied' without port forwarding
Question
I'm running mysql workbench on my 2011 macbook pro. I use it to connect to a mysql database on a remote ubuntu server. I was able to connect no problem from my macbook pro to the mysql database on the remote server until I had to do a hard reboot on my mac. After that I would get the error below.
However once I port forwarded with the command below on my mac for the specified user it connects to the database on the remote server with mysql workbench no problem. What does this tell us about the issue connecting from my mac to the database on the remote server? I would rather not portforward for every user I want to login with from my mac. Does anyone have a suggestion how to fix this?
command:
ssh -N -f -L localhost:3306:localhost:3306 username@192.168.50.122
previous error:
Failed to connect to MySQL at xxx.xxx.xx.xxx:3306 with user username Access denied for user 'username'@'xxx.xxx.xx.xxx' (using password: YES)
Update:
When I try looking up the grants for the username with the ip address I'm not finding them and getting the error message below. When I try to look up the sql_show_grants table I get another error message. When I try looking up the same username with '%' I'm finding all the grants below. So does it make sense that the user still can't connect from any ip? Is there something else I need to do?
show grants for 'username'@'xxx.xxx.xx.xxx';
ERROR 1141 (42000): There is no such grant defined for user 'username' on host 'xxx.xxx.xx.xxx'
SELECT sql_grants FROM common_schema.sql_show_grants;
ERROR 1049 (42000): Unknown database 'common_schema'
show grants for 'username'@'%';
+--------------------------------------------------------------+
| Grants for username@% |
+--------------------------------------------------------------+
| GRANT USAGE ON *.* TO `username`@`%` |
| GRANT ALL PRIVILEGES ON `finances`.* TO `username`@`%` |
| GRANT ALL PRIVILEGES ON `geographical`.* TO `username`@`%` |
| GRANT ALL PRIVILEGES ON `realestate`.* TO `username`@`%` |
| GRANT ALL PRIVILEGES ON `sandbox`.* TO `username`@`%` |
| GRANT ALL PRIVILEGES ON `stocks`.* TO `username`@`%` |
+--------------------------------------------------------------+
1 answers
solution1
0 2021-08-19 19:44:37
The account you are trying to connect with does not have permission to access the server from your clients IP address. If you use SSH port forwarding, you are being connected from localhost (from the server to the server), and hence get a different permission scheme applied.
On the MySQL server, start a mysql shell as an administrator, and run
SHOW GRANTS FOR 'username'@'xxx.xxx.xx.xxx'
(replacing 'username'@'xxx.xxx.xx.xxx' with what it showed you in the error message).
If it does not show any results, your user does not have any permissions from the respective IP address, and you would need to alter or create it. If it does show permissions, make sure SELECT is underneath them.
If you cannot locate your user, attempt to view all grants:
SELECT sql_grants FROM common_schema.sql_show_grants;
If you say it worked before, it is possible that the original user was added with a dynamic IP address, which changed after the reboot of your client. If this is the case, and the last statement shows your user with a wrong IP address, use the following to update it:
RENAME USER 'username'@'ipaddress1' TO 'username'@'ipaddress2';
You might want to consider using '%' instead of 'ipaddress2', if you are using dynamic IP addresses and want to grant the user access from all source addresses. Whether this is a security issue, depends on your environment.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.