什么可以阻止远程登录MySQL服务器？

我正在尝试设置一个MySQL服务器。它在Ubuntu上运行。当我尝试从本地通过“mysql-u user-h server ip add-p”登录时，它会要求输入密码，然后在输入密码后超时。我可以通过SSH连接到服务器，然后从那里访问mysql

我已经检查了端口3306在iptables设置中是否打开：

    Chain INPUT (policy DROP)
target     prot opt source               destination         
f2b-nginx-http-auth  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
f2b-sshd   tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
ufw-before-logging-input  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-after-logging-input  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-reject-input  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-track-input  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
DROP       all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  69.114.251.207       0.0.0.0/0            tcp dpt:3306
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-before-forward  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-after-forward  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-after-logging-forward  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-reject-forward  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-track-forward  all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-before-output  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-after-output  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-after-logging-output  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-reject-output  all  --  0.0.0.0/0            0.0.0.0/0           
ufw-track-output  all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-nginx-http-auth (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     all  --  181.211.20.46        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  5.238.99.64          0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  93.82.51.144         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  91.197.232.103       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  90.150.180.36        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  78.243.95.82         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  61.91.245.98         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  5.140.148.242        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  5.104.107.139        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  31.28.97.115         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  31.163.250.245       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  31.162.171.190       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  223.99.174.194       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  223.229.249.84       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  222.74.225.125       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  222.220.35.196       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  222.171.242.151      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  218.56.106.106       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  218.3.140.74         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  202.163.79.110       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  195.162.95.35        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  195.154.36.75        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  191.80.83.249        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  188.187.52.223       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  185.136.151.107      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  185.116.157.105      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  181.20.73.164        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  177.43.247.139       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  177.19.185.235       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  171.35.163.238       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  123.31.31.146        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  123.31.31.140        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  123.168.209.238      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  122.189.199.143      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  119.193.140.162      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  119.177.250.2        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  116.31.116.41        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  116.16.69.191        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  115.213.198.13       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  113.195.145.21       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  103.217.90.10        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  103.207.37.24        0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138
ufw-skip-to-policy-input  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:139
ufw-skip-to-policy-input  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:445
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
ufw-skip-to-policy-input  all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ufw-user-forward  all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
ufw-not-local  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            239.255.255.250      udp dpt:1900
ufw-user-input  all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-forward (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:22
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:1194
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* 'dapp_OpenSSH' */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination         

在第217行，我看到端口3306已打开：

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306

此外，我还确保尝试登录的本地IP与“用户”绑定：

mysql> SELECT User, Host FROM mysql.user;
+------------------+----------------+
| User             | Host           |
+------------------+----------------+
| alex             | 6x.xxx.xxx.xxx |
| alex             | localhost      |
| debian-sys-maint | localhost      |
| mysql.sys        | localhost      |
| root             | localhost      |
+------------------+----------------+

有人知道我在这里遗漏了什么吗

非常感谢

尝试为您的用户添加一个通配符（%）条目。在我的情况下，它可能会起作用 从mysql.User中选择用户、主机； 命令会给出与您相同的结果，只需一个通配符条目就可以了。谢谢大家

我确定这是一个防火墙问题。我启用了从本地IP到该服务器的所有连接，该服务器现在工作正常。将IP添加到iptables输入部分列表的顶部非常重要：

iptables -I INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT
iptables -I OUTPUT -p tcp -d  XXX.XXX.XXX.XXX -j ACCEPT`

---

你可以在这里找到你的问题答案