connect to MySQL server remotely

 

ERROR 2003 (HY000): Can’t connect to MySQL server on ‘x.x.x.x’ (xxx)


原因為安全性問題,

測試方法: 

1. 確認服務開啟 
ps -e | grep mysql
netstat -n | grep mysql
2. 關閉selinux 
3. 關閉firewalld
service firewalld stop
或者開啟port
# 永久將 mysql 服務從 public 區域中移除 
sudo firewall-cmd --zone=public --permanent --remove-port=3306/tcp
# 重新載入設定 sudo firewall-cmd --reload

# 永久關閉 tcp 的 3306 連接埠
sudo firewall-cmd --zone=public --permanent --remove-port=3306/tcp


4. 確認root grant option權限

mysql> grant all privileges on *.* to 'root'@'localhost' WITH GRANT OPTION;

mysql> grant all privileges on *.* to 'root'@'%' ;

ERROR 1410 (42000): You are not allowed to create a user with GRANT

(新的mysql: 不能對所有主機的帳號授予)

mysql> grant all privileges on *.* to 'root'@'localhost' ;

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)



5. 建立遠端連線帳號

mysql> CREATE USER 'sqmc'@'x.x.x.x' IDENTIFIED BY 'newpassword';

Query OK, 0 rows affected (0.01 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO 'sqmc'@'x.x.x.x';

Query OK, 0 rows affected (0.00 sec)

mysql> select user, host from user;

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)


remote side:

#mysql -usqmc -p

password: newpassword


more info: https://www.tecmint.com/fix-error-2003-hy000-cant-connect-to-mysql-server-on-127-0-0-1-111/

留言

張貼留言

這個網誌中的熱門文章

10.29 Slow HTTP Denial of Service Attack (Slowloris)

站長日誌 109.10.29 弱點掃描偵測到Slow HTTP Denial of Service Attack弱點一隻 Server-Specific Recommendations Applying the above steps to the HTTP servers tested in the previous article indicates the following server-specific settings: Apache Using the < Limit > and < LimitExcept > directives to drop requests with methods not supported by the URL alone won’t help, because Apache waits for the entire request to complete before applying these directives. Therefore, use these parameters in conjunction with the  LimitRequestFields ,  LimitRequestFieldSize ,  LimitRequestBody ,  LimitRequestLine ,  LimitXMLRequestBody  directives as appropriate. For example, it is unlikely that your web app requires an 8190 byte header, or an unlimited body size, or 100 headers per request, as most default configurations have.  Set reasonable  TimeOut  and  KeepAliveTimeOut  directive values. The default value of 300 seconds for  TimeOut  is overkil...
閱讀完整內容

在CentOS 8 Stream安裝NTP Client與設定時區

sudo dnf install chrony vi /etc/chrony.conf 加入 server tock.stdtime.gov.tw sudo systemctl enable chronyd sudo systemctl start chronyd sudo timedatectl set-timezone Asia/Taipei date ls -l /etc/localtime 在Fortigate設定NTP自動校準時間 Use this command to configure Network Time Protocol (NTP) servers. The Network Time Protocol enables you to keep the FortiGate time in sync with other network systems. By enabling NTP on the FortiGate, FortiOS will check with the NTP server you select at the configured intervals. This will also ensure that logs and other time-sensitive settings on the FortiGate are correct. The FortiGate maintains its internal clock using a built-in battery. At start up, the time reported by the FortiGate will indicate the hardware clock time, which may not be accurate. When using NTP, the system time might change after the FortiGate has successfully obtained the time from a configured NTP server. config system ntp set ntpsync {enable | disable} Enable/disable setting the Forti...
閱讀完整內容

Update Pattern of TrendMicro AntiVirus Software - ServerProtect

使用指令更新 SPLX 掃瞄引擎與病毒碼 1. 打開終端機指令並使用 root 登入 2. 在終端機輸入以下指令: /opt/TrendMicro/SProtectLinux/SPLX.vsapiapp/splxmain -u 確認您的病毒碼與掃描引擎版本 在終端機執行指令:ps aux | grep splxmain 指令將顯示一些相似的訊息: root 14913 0.0 0.1 3568 624 pts/2 S 04:51 0:00 /opt/TrendMicro/SProtectLinux/ /SPLX.vsapiapp/splxmain -u 至/opt/TrendMicro/SProtectLinux/目錄並且確認更新的病毒碼檔案 lpt$vpn.xxx (xxx 代表現在的病毒碼版本) 病毒碼更新完成,請在相同目錄下如步驟輸入以下指令: ls -al *vpn.xxx (xxx 代表現在的病毒碼版本) ls -al libvsapi.so (掃描引擎檔案) 確認掃描引擎更新成功,兩個檔案的時間與日期戳記將會相同
閱讀完整內容