我将尝试设置MySQL,以便用户“imbnpandmkexby”可以从任何远程IP地址或本地连接到数据库“de0rllo43ct314”。
以下是我已经采取的步骤:
1)在我的MySQL配置中,我已经注释掉了bind-address行,验证文件中没有skip-networking,并重新启动了MySQL。
这将输出:
我能连接到dreamhost服务器上的数据库,所以看起来不是我的问题所在造成的阻塞。
以下是我已经采取的步骤:
1)在我的MySQL配置中,我已经注释掉了bind-address行,验证文件中没有skip-networking,并重新启动了MySQL。
#/etc/mysql/my.cnf:
#bind-address = 127.0.0.1
2)我在所需的数据库“de0rllo43ct314”上为用户“imbnpandmkexby”添加了远程权限(使用“%”符号):
[ remote ] > mysql -u root -p
[ mysql ] > GRANT ALL PRIVILEGES ON de0rllo43ct314.* TO 'imbnpandmkexby'@'localhost' IDENTIFIED BY 'passwordhere' WITH GRANT OPTION;
[ mysql ] > GRANT ALL PRIVILEGES ON de0rllo43ct314.* TO 'imbnpandmkexby'@'127.0.0.1' IDENTIFIED BY 'passwordhere' WITH GRANT OPTION;
[ mysql ] > GRANT ALL PRIVILEGES ON de0rllo43ct314.* TO 'imbnpandmkexby'@'%' IDENTIFIED BY 'passwordhere' WITH GRANT OPTION;
[ mysql ] > FLUSH PRIVILEGES;
[ mysql ] > select * from mysql.user\G
这将输出:
*************************** 6. row ***************************
Host: localhost
User: imbnpandmkexby
Password: *0000000000000000000000
...
*************************** 7. row ***************************
Host: 127.0.0.1
User: imbnpandmkexby
Password:
...
*************************** 8. row ***************************
Host: %
User: imbnpandmkexby
Password:
...
3) 现在,我可以使用Sequel Pro连接SSH隧道。用户似乎拥有所有正确的权限。
4) 接下来,我打开了一个防火墙端口,并验证MySQL正在监听该端口:
[ remote ] > sudo iptables -I INPUT 10 -p tcp --dport 3306 -j ACCEPT
[ remote ] > sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4505
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4506
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:zabbix-agent
ACCEPT tcp -- anywhere anywhere tcp dpt:zabbix-trapper
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
既然这个盒子托管在亚马逊EC2上,我也在其安全组中打开了3306端口:
5) 我可以通过telnet进入该端口:
Trying 00.00.00.000...
Connected to ec2-00.00.00.000.us-west-2.compute.amazonaws.com.
Escape character is '^]'.
=========== 我卡住了:============
显示00.00.00.000而不是实际IP地址
当我尝试从我的本地计算机连接数据库时,它无法工作:
[ local ] > mysql -u imbnpandmkexby -h 00.00.00.000 -p
[ local ] > Enter password:
[ local ] > ERROR 2003 (HY000): Can't connect to MySQL server on '00.00.00.000' (61)
我能连接到dreamhost服务器上的数据库,所以看起来不是我的问题所在造成的阻塞。
[ local ] > mysql -u dreamhost_user -h mysql.dreamhostdomain.com -p
[ local ] > Enter password:
[ local ] > Welcome to the MySQL monitor. Commands end with ; or \g.
我是否缺少一层权限?