The reason for writing this article is because there was a problem when I tried to connect to the mysql database of the remote server through Navicat locally today. I have not been able to connect. Many solutions have been tried. The 3306 port on the Alibaba Cloud server is also open, or No, finally found a solution, share it here!
First of all, my question is: I want to connect to the remote server mysql database locally, and I am connected as the root user, but access is denied Access denied for user 'root'@'我本机的公网ip(using password:YES). The error message is: I was very depressed at the time, and the ip address displayed by the error message was not my remote Ali. The public network ip of the cloud server, I checked it later, it was the public network ip of my local machine (the ip address displayed by searching for "ip" in Baidu)
In the end, I found the problem. The reason why my machine cannot connect to the mysql database of the remote server as the root user is because other hosts on the network are not authorized to access the database root user. The following settings are required to solve the problem:
- create user ‘root’@’%’ identified by ‘123456’;
- GRANT ALL PRIVILEGES ON * . * TO ‘root’@’%’ IDENTIFIED BY ‘123456’;
- FLUSH PRIVILEGES;
Explanation of the above three steps:
- Create a root user that allows other hosts on the network to access the database, and set the password to 123456 (% refers to other hosts on the network except localhost)
- Give the newly created root user the authority to operate all databases. Without this authorization operation, the newly created root user will not be able to see the mysql database and cannot perform related operations on the database.
- Refresh the system permission table
The reason for the above problems and it took a lot of time. The fundamental reason is that my mastery of mysql user operations is not solid enough. In order to deepen my grasp of user operations-related knowledge, here is the common Summary of user operations:
- View users
The information about mysql database users is stored in the user table of the mysql database. We can check this table and only list the
fields that are useful to us. The attribute host field indicates the host allowed to log in, and the "localhost" refers to the Users can only log in locally, not remotely on another machine. And "%" means that you can log in on any computer. You can also specify only a certain machine to log in remotely. Therefore, according to the results of the query in the above table, users a, root, and shoesshop can log in locally or remotely on any machine, while users mysql.session and mysql.sys can only log in locally.
- Create user
The user information is stored in the user table of the mysql database, so theoretically we can insert a new statement into the user table to represent a new user
insert into mysql.user(Host,User,Password) values("localhost","test",password("1234"));
The above statement will have two problems: First, if our database version is 5.7, then it will prompt:, Unknown column 'password' in 'field list'this is because the user table has no password field since mysql5.7, and the password field is changed to authentication_string. When we change Inserting into authentication_string will prompt again: Field 'ssl_cipher' doesn't have a default valuethe reason for the error is that mysql is configured in strict mode by default, which prohibits directly modifying the user table in the mysql library through insert to add new users. The solution is to modify the my.ini (Windows system) or my.conf (Linux system) configuration file.
But in order to secure the database, does not recommend the use of the above approach to create a user, the right way is to create a user create user 'test'@'localhost' identified by '1234'after the statement is executed, created a directory named test, the user password is 1234, and can only log on locally, is not supported Remote login; we can verify, use Navicat to connect to the mysql of the remote server on this machine, and connect with the test user just created:
you can see that the connection is rejected, let's check the user table of the mysql database, and it is indeed the test user The host field is only localhost, and there is no %.
So we execute the statement again to create user 'test'@'%' identified by '1234'allow any machine to log in remotely as the test user, and check the user table of the mysql database. The host field of the test user has both localhost and %, which means that it supports local Login also supports remote login, when you connect again, you can connect successfully
3. Grant user permissions
For the newly created user, there is no permission to operate any database. After logging in as the newly created test user, we can use the show databases;command to view all databases
①Log in to mysql as the test user locally and view all databases only to see the information_schema. This is because we did not grant any database permissions to the test user whose host field is localhost, so we have no right to operate the database, including viewing the database
②Remote as the test user Log in to mysql and view all databases and you can only see information_schema. This is because we have not given any database permissions to the test user whose host field is %, so we have no right to operate the database, including viewing the database. The
authorization format for the user is grant permission on the database. * to username@ login host identified by'password';
①We set the test user logged in locally to have all database permissions: GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost'IDENTIFIED BY'1234';check the database again, you can see all the databases, and you can also add, delete, and modify the database. ②We
set the remote login test user to have all the database permissions: GRANT ALL PRIVILEGES ON *.* TO 'test'@'%'IDENTIFIED BY'1234';check again Database, you can see all the databases, you can also add, delete and modify the database
4. Modify the user password (mysql 5.7 as an example)
# 修改本地登录的test用户密码
update mysql.user set authentication_string=password(“新密码”) where User=”test” and Host=”localhost”;
# 修改远程登录的test用户密码
update mysql.user set authentication_string=password(“新密码”) where User=”test” and Host=”%”;
# 修改密码之后需要刷新系统权限表才能生效
flush privileges;
- delete users
# 删除用户
Delete FROM mysql.user Where User='用户名' and Host='localhost或者%';
flush privileges;
# 删除账户及权限:
drop user 用户名@’%’;
drop user 用户名@ localhost;