How to enable remote access To Mysql database server?


By default remote access to MySQL database server is disabled for security reasons. However, some time you need to provide remote access to database server from home or a web server.

MySQL Remote Access

You need type the following commands which will allow remote connections.

Step # 1: Login Using SSH (if server is outside your data center)

First, login over ssh to remote MySQL database server:

Step # 2: Edit my.cnf File

Once connected you need to edit the MySQL server configuration file my.cnf

# vim /etc/my.cnf

Step # 3: Once file opened, locate line that read as follows

[mysqld]

Make sure line skip-networking is commented (or remove line) and add following line

bind-address=YOUR-SERVER-IP

For example, if your MySQL server IP is 65.55.55.2 then entire block should be look like as follows:

[mysqld]

user            = mysql

pid-file        = /var/run/mysqld/mysqld.pid

socket          = /var/run/mysqld/mysqld.sock

port              = 3306

basedir         = /usr

datadir          = /var/lib/mysql

tmpdir           = /tmp

bind-address    = 65.55.55.2

# skip-networking

Where,

  • bind-address : IP address to bind to.
  • skip-networking : Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.

Step# 4 Save and Close the file

Restart the mysql server, enter:
# /etc/init.d/mysql restart

Step # 5 Grant access to remote IP address

Connect to mysql server:
$ mysql -u root -p mysql

Grant access to a new database

If you want to add a new database called foo for user bar and remote IP 202.54.10.20 then you need to type the following commands at mysql prompt:

mysql> CREATE DATABASE foo;
mysql> GRANT ALL ON foo.* TO bar@’202.54.10.20′ IDENTIFIED BY ‘PASSWORD’;

How to Grant Access To An Existing Database?

Let us assume that you are making connection from remote IP called 202.54.10.20 for database called webdb for user webadmin, to grant access to this IP address type the following command at mysql prompt for existing database, enter:

mysql> update db set Host=’202.54.10.20′ where Db=’webdb’;
mysql> update user set Host=’202.54.10.20′ where user=’webadmin’;

Step # 5: Logout of MySQL

Step # 6: Open port 3306

You need to open TCP port 3306 using iptables.

/sbin/iptables -A INPUT -i eth0 -p tcp –destination-port 3306 -j ACCEPT

OR only allow remote connection from your web server located at 10.5.1.3:

/sbin/iptables -A INPUT -i eth0 -s 10.5.1.3 -p tcp –destination-port 3306 -j ACCEPT

OR only allow remote connection from your lan subnet 192.168.1.0/24:

/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp –destination-port 3306 -j ACCEPT

Finally save all rules:
# service iptables save

Step # 7: Test it

From your remote system or your desktop type the following command:
$ mysql -u webadmin –h 65.55.55.2 –p
Where,

  • -u webadmin: webadmin is MySQL username
  • -h IP or hostname: 65.55.55.2 is MySQL server IP address or hostname (FQDN)
  • -p : Prompt for password

You can also use telnet to connect to port 3306 for testing purpose:
$ telnet 65.55.55.2 3306

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
Aside | This entry was posted in Linux/CentOS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s