Today, a colleague suggested that in a MySQL 5.6 environment, if you log in locally from the database server, everything is normal, but if you access it from a remote server, an error will be reported.
ERROR 1045 (28000): Access denied for user 'bisal'@'x.x.x.x' (using password: YES)
I'm new to MySQL, so every error scenario is an opportunity to gain experience, be it a wrong password or not setting up remote IP access.
Let's simulate this process. First, create the user bisal. If the password is not quoted, an error will be reported.
mysql> create user bisal identified by bisal;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'bisal' at line 1
After the creation is completed, it can be seen that the host of the user bisal is %, not a specific IP.
mysql> create user bisal identified by 'bisal';
Query OK, 0 rows affected (0.00 sec)
mysql> select user, password, host from user;
+-------+-------------------------------------------+-----------------+
| user | password | host |
+-------+-------------------------------------------+-----------------+
...
| bisal | *9AA096167EB7110830776F0438CEADA9A7987E31 | % |+-------+-------------------------------------------+-----------------+
Experiment 1: Let the specified IP access the database
Assuming that the database server IP is xxx1, the authorization allows xxx3 users to access,
mysql> grant all privileges on *.* to 'bisal'@'x.x.x.3';
Query OK, 0 rows affected (0.00 sec)
At this time, when accessing the database from xxx2, an error will be prompted, because only the xxx3 server is allowed to access the database,
mysql -h x.x.x.1 -ubisal
ERROR 1045 (28000): Access denied for user 'bisal'@'app' (using password: YES)
Authorization allows xxx2 users to access,
mysql> grant all privileges on *.* to 'bisal'@'x.x.x.2' identified by 'bisal';
Query OK, 0 rows affected (0.00 sec)
At this point, from xxx2, you can access the database,
mysql -h x.x.x.1 -ubisal -pbisal
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1008
Server version: 5.6.31-log MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
实验二:让所有IP访问数据库
首先,收回刚才的授权,
mysql> revoke all privileges on *.* from bisal@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for bisal;
+--------------------------------------------------------------------------------------------+
| Grants for bisal@% |
+--------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'bisal'@'%' IDENTIFIED BY PASSWORD '*9AA096167EB7110830776F0438CEADA9A7987E31' |
+--------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
此时从x.x.x.2访问数据库,会提示错误,
mysql -h x.x.x.x -ubisal -pbisal
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 997
Server version: 5.6.31-log MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql
ERROR 1044 (42000): Access denied for user 'bisal'@'%' to database 'mysql'
此时授予%所有机器访问权限,
mysql> grant all privileges on *.* to 'bisal'@'%' identified by 'bisal';
Query OK, 0 rows affected (0.00 sec)
从x.x.x.2访问数据库,此处的报错,是因为未输入密码,
mysql -ubisal
ERROR 1045 (28000): Access denied for user 'bisal'@'localhost' (using password: YES)
但如果之前设置的密码,和输入的密码不同,还是会提示错误,
mysql> grant all privileges on *.* to 'bisal'@'%' identified by '123';
Query OK, 0 rows affected (0.00 sec)
[root@vm-kvm11853-app ~]# mysql -h x.x.x.129 -ubisal -pbisal
Warning: Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'bisal'@'vm-kvm11853-app' (using password: YES)
使用正确的密码登录,一切正常了,
mysql -ubisal -p123
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 987
Server version: 5.6.31-log MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
总结:
1. MySQL中可以设置某个IP访问权限,也可以设置%所有IP访问权限。、
2. grant all privileges ... identified by 'password',此处的password可以不是这用户的密码,远程访问以这个密码为准。
3. create user设置密码,需要用引号括起来,否则会提示语法错误。
4. create user用户不加@信息,则默认创建的用户host是%。
如果您觉得此篇文章对您有帮助,欢迎关注微信公众号:bisal的个人杂货铺,您的支持是对我最大的鼓励!共同学习,共同进步:)