MariaDB 10.3.27.
Debian 10 Buster.
I've followed the instructions to grant remote access to a user to my remote MariaDB server:
-
Edited
/etc/mysql/my.cnf:[mysqld] #skip-networking #bind-address = <some ip-address> skip-networking=0 skip-bind-address -
Created a user:
CREATE USER 'theuser'@'%' IDENTIFIED BY 'mypass'; GRANT ALL PRIVILEGES ON *.* TO 'theuser'@'%' IDENTIFIED BY 'mypass' WITH GRANT OPTION; FLUSH PRIVILEGES; SELECT User, Host FROM mysql.user WHERE Host <> 'localhost'; +---------+------+ | User | Host | +---------+------+ | theuser | % | +---------+------+ -
Restarted MariaDB:
$ sudo systemctl restart mariadb $ systemctl status mariadb ● mariadb.service - MariaDB 10.3.27 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2021-05-17 01:00:59 -03; 20min ago -
Opened the 3306 port:
$ sudo ufw allow 3306/tcp $ sudo ufw status | grep 3306 3306 ALLOW Anywhere 3306/tcp ALLOW Anywhere -
Checked open port locally:
$ nmap -p3306 remote_ip PORT STATE SERVICE 3306/tcp open mysql
But when I try to access from my local machine to the remote server:
$ mysql -utheuser -pmypass -hremote_ip
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'theuser'@'my_ip' (using password: YES)
I'm missing something or there are some errors I can't see?
Best Answer
The problem was simple, the password in the command line has a special character, the dollar sign
$which is not escaped by the shell unless in single quotes. So the proper command is:Nonetheless, security issues are arises when exposing the password in the shell: