什么可以阻止远程登录MySQL服务器?
我正在尝试设置一个MySQL服务器。它在Ubuntu上运行。当我尝试从本地通过“mysql-u user-h server ip add-p”登录时,它会要求输入密码,然后在输入密码后超时。我可以通过SSH连接到服务器,然后从那里访问mysql 我已经检查了端口3306在iptables设置中是否打开:什么可以阻止远程登录MySQL服务器?,mysql,linux,server,Mysql,Linux,Server,我正在尝试设置一个MySQL服务器。它在Ubuntu上运行。当我尝试从本地通过“mysql-u user-h server ip add-p”登录时,它会要求输入密码,然后在输入密码后超时。我可以通过SSH连接到服务器,然后从那里访问mysql 我已经检查了端口3306在iptables设置中是否打开: Chain INPUT (policy DROP) target prot opt source destination f2b-n
Chain INPUT (policy DROP)
target prot opt source destination
f2b-nginx-http-auth tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 69.114.251.207 0.0.0.0/0 tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ufw-before-logging-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-forward all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-output all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-nginx-http-auth (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 181.211.20.46 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 5.238.99.64 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 93.82.51.144 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 91.197.232.103 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 90.150.180.36 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 78.243.95.82 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 61.91.245.98 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 5.140.148.242 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 5.104.107.139 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 31.28.97.115 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 31.163.250.245 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 31.162.171.190 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 223.99.174.194 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 223.229.249.84 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 222.74.225.125 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 222.220.35.196 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 222.171.242.151 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 218.56.106.106 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 218.3.140.74 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 202.163.79.110 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 195.162.95.35 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 195.154.36.75 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 191.80.83.249 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 188.187.52.223 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 185.136.151.107 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 185.116.157.105 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 181.20.73.164 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 177.43.247.139 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 177.19.185.235 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 171.35.163.238 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 123.31.31.146 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 123.31.31.140 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 123.168.209.238 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 122.189.199.143 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 119.193.140.162 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 119.177.250.2 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 116.31.116.41 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 116.16.69.191 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 115.213.198.13 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 113.195.145.21 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 103.217.90.10 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 103.207.37.24 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ufw-skip-to-policy-input all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
ufw-user-forward all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ufw-not-local all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900
ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ufw-user-output all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* 'dapp_OpenSSH' */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
在第217行,我看到端口3306已打开:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
此外,我还确保尝试登录的本地IP与“用户”绑定:
mysql> SELECT User, Host FROM mysql.user;
+------------------+----------------+
| User | Host |
+------------------+----------------+
| alex | 6x.xxx.xxx.xxx |
| alex | localhost |
| debian-sys-maint | localhost |
| mysql.sys | localhost |
| root | localhost |
+------------------+----------------+
有人知道我在这里遗漏了什么吗
非常感谢 尝试为您的用户添加一个通配符(%)条目。在我的情况下,它可能会起作用
从mysql.User中选择用户、主机;
命令会给出与您相同的结果,只需一个通配符条目就可以了。谢谢大家
我确定这是一个防火墙问题。我启用了从本地IP到该服务器的所有连接,该服务器现在工作正常。将IP添加到iptables输入部分列表的顶部非常重要:
iptables -I INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT
iptables -I OUTPUT -p tcp -d XXX.XXX.XXX.XXX -j ACCEPT`
你可以在这里找到你的问题答案