Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Fri Nov 26, 2010 8:16 am 
Offline
Senior Newbie

Joined: Thu Nov 25, 2010 5:22 am
Posts: 8
Hi there,
I've seen similar posts on this board, but did not find any solutions in them and thought to post a new topic instead of hijacking one.

I' trying to connect to mysql remotely from my windows machine using MySQL Administrator or HeidiSQL.

I get the same error from both:
Quote:
Can't connect to MySQL server on 'xx.xx.xx.xx'(10061)


I've googled around and found copious information related to the issue but I have not found a solution. My disability with Linux does not help...

I have checked my.cnf, and issued mysqladmin commands to verify that the port being used is 3306 and mysql ip is binded to localhost ip (127.0.0.1)
Mysql seems to be running.
Quote:
mysqladmin --protocol=tcp ping
mysqld is alive

I also issued other commands that I might not fully understand the result:
Quote:
netstat -an | grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN


Quote:
netstat -ln | grep mysql
unix 2 [ACC] STREAM LISTENING 19069 /var/run/mysqld/mysqld.sock


I also followed the Securely Administer MySQL with an SSH Tunnel guide using putty, but I might not fully understand it, since I did not make it work.

Please, directions!

----------------------------------------------------------

Configuration Profile:
My LAMP Stack Profile

Linux Distro:
Ubuntu 10.04


Last edited by goliatone on Fri Nov 26, 2010 11:56 am, edited 1 time in total.

Top
   
 Post subject:
PostPosted: Fri Nov 26, 2010 9:23 am 
Offline
Senior Member

Joined: Sun Aug 02, 2009 1:32 pm
Posts: 222
Website: https://www.barkerjr.net
Location: Connecticut, USA
Check in my.cnf and remove the line that specifies it should bind to 127.0.0.1.


Top
   
 Post subject:
PostPosted: Fri Nov 26, 2010 11:51 am 
Offline
Senior Newbie

Joined: Thu Nov 25, 2010 5:22 am
Posts: 8
BarkerJr wrote:
Check in my.cnf and remove the line that specifies it should bind to 127.0.0.1.

I have commented it out, and it works!!

Like I wrote before, I was using HeidiSQL and MySQL Administrator.

Using HeidiSQL did not help me out. After creating my ssr keys and uploading to the server, it gave me a different error while trying to connect through a SSH tunnel.
Quote:
lost connection to mysql server at 'reading initial communication packet', system error 0


The thing is that i had previously added a tunnel with putty, which did not work. I guess that commenting that ip out made it ok, but i was trying to connect with a HeidiSQL tunnel (using my servers ip) and not with a normal tcp ip connection to 127.0.0.1

I would add here tow key tutorials that complemented linode“s Securely Administer MySQL with an SSH Tunnel greatly:
Key-Based SSH Logins With PuTTY
Using putty with OpenSSH

Thanks BarkerJr, succinct answer but right on...


Top
   
 Post subject:
PostPosted: Sat Nov 27, 2010 7:20 am 
Offline
Senior Member
User avatar

Joined: Tue Nov 24, 2009 1:59 pm
Posts: 362
NOOOOOOOOOOOOO!

You DO NOT WANT to have your MySQL server listen on the internet-accesible interface, EXCEPT when you're doing replication or other server-server stuff, and then only after you set up iptables to block 3306 from everyone except that other server.

Keep it bound to 127.0.0.1 only.

For HeidiSQL and co. you SSH into your VPS, and use SSH port forwarding.

In case of Putty, you'd go to Connection->SSH->Tunnels,
put Source port: XXXX, Destination: 127.0.0.1:3306, then put 127.0.0.1:XXXX in HeidiSQL as the IP to connect to.

Re: second part of the post - sounds to me like you were trying to put your server's IP instead of 127.0.0.1 as the destination. You want to access the server's own loop-back interface.

_________________
rsk, providing useless advice on the Internet since 2005.


Top
   
 Post subject:
PostPosted: Sat Nov 27, 2010 9:09 am 
Offline
Senior Member

Joined: Sun Aug 02, 2009 1:32 pm
Posts: 222
Website: https://www.barkerjr.net
Location: Connecticut, USA
So long as you have passwords on your mysql users, it shouldn't be any less secure than allowing sshd to listen at the public interface, right?


Top
   
 Post subject:
PostPosted: Sat Nov 27, 2010 11:33 am 
Offline
Senior Member

Joined: Fri Jan 09, 2009 5:32 pm
Posts: 634
BarkerJr wrote:
So long as you have passwords on your mysql users, it shouldn't be any less secure than allowing sshd to listen at the public interface, right?


If you're using passwords in sshd, it's a little less secure (mysql uses 40 bit encryption IIRC). If you're using keys in sshd, it's definitely less secure.


Top
   
 Post subject:
PostPosted: Sat Nov 27, 2010 12:21 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
That also assumes that MySQL's access control methods are as secure as OpenSSH's, or at least get as much active scrutiny. Since most reasonable default configurations have MySQL bound to localhost (unlike OpenSSH, which is open to the world and actively attacked by default), this is a dangerous assumption.

_________________
Code:
/* TODO: need to add signature to posts */


Top
   
 Post subject:
PostPosted: Sat Nov 27, 2010 8:03 pm 
Offline
Senior Newbie

Joined: Thu Nov 25, 2010 5:22 am
Posts: 8
So, by commenting the localhost ip from the config file, it is listening to all?
I will try to use localhost in the config file and check if i can still connect.

Quote:
Re: second part of the post - sounds to me like you were trying to put your server's IP instead of 127.0.0.1 as the destination. You want to access the server's own loop-back interface.

Yes, at one point that is exactly what I was doing...


Top
   
 Post subject:
PostPosted: Mon Nov 29, 2010 6:06 pm 
Offline
Junior Member

Joined: Sun Nov 07, 2010 10:36 pm
Posts: 33
Website: http://www.rent-matcher.com
I wish there was a way to flag posts like this for future reference as a certain reply here is going to save me a lot of headaches...


Top
   
 Post subject:
PostPosted: Mon Nov 29, 2010 8:32 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:18 am
Posts: 681
jefe78 wrote:
I wish there was a way to flag posts like this for future reference as a certain reply here is going to save me a lot of headaches...

Would the "Watch this topic for replies" function (link at bottom of a topic page) serve?

(Either that, or since you added a post, checking the "Notify me when a reply is posted" option when you make your post should serve similarly).

-- David


Top
   
 Post subject:
PostPosted: Mon Nov 29, 2010 8:43 pm 
Offline
Junior Member

Joined: Sun Nov 07, 2010 10:36 pm
Posts: 33
Website: http://www.rent-matcher.com
db3l wrote:
jefe78 wrote:
I wish there was a way to flag posts like this for future reference as a certain reply here is going to save me a lot of headaches...

Would the "Watch this topic for replies" function (link at bottom of a topic page) serve?

(Either that, or since you added a post, checking the "Notify me when a reply is posted" option when you make your post should serve similarly).

-- David


hot damn, I hadn't noticed either of those. I figured someone would point SOMETHING like that out. Thanks!


Top
   
 Post subject:
PostPosted: Tue Nov 30, 2010 4:11 am 
Offline
Senior Newbie

Joined: Thu Nov 25, 2010 5:22 am
Posts: 8
goliatone wrote:
So, by commenting the localhost ip from the config file, it is listening to all?
I will try to use localhost in the config file and check if i can still connect.

I did bind to 127.0.0.1 in my.conf and everything still works fine.

So, that leaves me with the impression that I was having issues with putty and tunneling rather than with mysql itself.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group