server password Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘server password’

How to Set MySQL MariaDB server root user to be able to connect from any host on the Internet / Solution to ‘ ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES) ‘

Tuesday, September 3rd, 2019

In this small article, I'll shortly explain on how I setup a Standard default package MariaDB Database server on Debian 10 Buster Linux and how I configured it to be accessible from any hostname on the Internet in order to make connection from remote Developer PC with MySQL GUI SQL administration tools such as MySQL WorkBench / HeidiSQL / Navicat / dbForge as well as the few set-backs experienced in the process (e.g. what was the reason for ' ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ' error and its solution.

Setting new or changing old MariaDB (MySQL) root server password

I've setup a brand new MariaDB database (The new free OpenSource software fork of MySQL) mariadb-server-10.3 on a Debian 10, right after the OS was installed with the usual apt command:

# apt install mariadb-server

Next tep was to change the root access password which was set to empty pass by default, e.g. connected with mysql CLI locally while logged via SSH on server and run:

MariaDB [(none)]> mysql -u root -p

use mysql;
update user set authentication_string=PASSWORD("MyChosenNewPassword") where User='root';

There was requirement by the customer, that MySQL server is not only accessed locally but be accessed from any IP address from anywhere on the Internet, so next step was to do so.

Allowing access to MySQL server from Anywhere

Allowing access from any host to MariaDB SQL server is a bad security practice but as the customer is the King I've fulfilled this weird wish too, by changing the listener for MariaDB (MySQL) on Debian 10 codenamed Buster
changing the default listener
to be not the default 127.0.0.1 (localhost) but any listener is done by modifying the bind-address directive in conf /etc/mysql/mariadb.conf.d/50-server.cnf:

root@linux:~# vim /etc/mysql/mariadb.conf.d/50-server.cnf

Then comment out

bind-address = 127.0.0.1

and add instead 0.0.0.0 (any listener)

bind-address = 0.0.0.0
root@linux:/etc/mysql/mariadb.conf.d# grep -i bind-address 50-server.cnf
##bind-address = 127.0.0.1
bind-address = 0.0.0.0

Then to make the new change effective restart MariaDB (luckily still using the old systemV init script even though systemd is working.

root@linux:~# /etc/init.d/mysql restart
[ ok ] Restarting mysql (via systemctl): mysql.service.

To make sure it is properly listening on MySQL defaults TCP port 3306, then as usual used netcat.

root@pritchi:~# netstat -etna |grep -i 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 109 1479917

By the way the exact mariadb.cnf used on this middle-sized front-backend server is here – the serveris planned to be a Apache Web server + Database host with MySQL DB of a middle range to be able to serve few thousand of simultaneous unique customers.

To make sure no firewall is preventing MariaDB to be accessed, I've checked for any reject rules iptables and ipset definitions, e.g.:

root@linux:~# iptables -L |gre -i rej
…
root@linux:~# ipset list
…

Then to double make sure the MySQL is allowed to access from anywhere, used simple telnet from my Desktop Laptop PC (that also runs Debian Linux) towards the server .

hipo@jeremiah:~$ telnet 52.88.235.45 3306
Trying 52.88.235.45…
Connected to 52.88.235.45.
Escape character is '^]'.
[
5.5.5-10.3.15-MariaDB-1
rQ}Cs>v\��-��G1[W%O>+Y^OQmysql_native_password
Connection closed by foreign host.

As telnet is not supporting the data encryption after TCP proto connect, in a few seconds time, remote server connection is terminated.

Setting MySQL user to be able to connect to local server MySQL from any remote hostname

I've connected locally to MariaDB server with mysql -u root -p and issued following set of SQL commands to make MySQL root user be able to connect from anywhere:

CREATE USER 'root'@'%' IDENTIFIED BY 'my-secret-pass';
GRANT ALL ON *.* TO 'root'@'localhost';
GRANT ALL ON *.* TO 'root'@'%';

Next step, I've took was to try logging in with root (admin) MariaDB superuser from MySQL CLI (Command Line Interface) on my desktop just to find out, I'm facing a nasty error.

hipo@jeremiah:~$ mysql -u root -H remote-server-hostname.com -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

My first guess was something is wrong with my root user created in MySQL's mysql.user table (In MySQL this is the privileges table that stores, how MySQL user credentials are handled by mysqld local OS running process.

Changing the MySQL root (admin) password no longer possible on Debian 10 Buster?

The standard way ot change the MySQL root password well known via a simple dpkg-reconfigure (provided by Debian's debconf is no longer working so below command produces empty output instead of triggering the good old Ncurses text based interface well-known over the years …

root@linux:~# /usr/sbin/dpkg-reconfigure mariadb-server-10.3
…

Viewing MariaDB (MySQL) username / password set-up from the CLI

To list how this set-privileges looked like I've used following command:

MariaDB [mysql]> select * from mysql.user where User = 'root';
+———–+——+——————————————-+————-+————-+————-+————-+————-+———–+————-+—————+————–+———–+————+—————–+————+————+————–+————+———————–+——————+————–+—————–+——————+——————+—————-+———————+——————–+——————+————+————–+————————+———————+———-+————+————-+————–+—————+————-+—————–+———————-+———————–+———————–+——————+———+————–+——————–+
| Host      | User | Password                                  | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | Delete_history_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin                | authentication_string | password_expired | is_role | default_role | max_statement_time |
+———–+——+——————————————-+————-+————-+————-+————-+————-+———–+————-+—————+————–+———–+————+—————–+————+————+————–+————+———————–+——————+————–+—————–+——————+——————+—————-+———————+——————–+——————+————+————–+————————+———————+———-+————+————-+————–+—————+————-+—————–+———————-+———————–+———————–+——————+———+————–+——————–+
| localhost | root | *E6D338325F50177F2F6A15EDZE932D68C88B8C4F | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y          | Y            | Y                      | Y                   |          |            |             |              |             0 |           0 |               0 |                    0 | mysql_native_password |                       | N                | N       |              |           0.000000 |
| %         | root | *E6D338325F50177F2F6A15EDZE932D68C88B8C4F | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | N          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y          | Y            | Y                      | Y                   |          |            |             |              |             0 |           0 |               0 |                    0 |                       |                       | N                | N       |              |           0.000000 |
+———–+——+——————————————-+————-+————-+————-+————-+————-+———–+————-+—————+————–+———–+————+—————–+————+————+————–+————+———————–+——————+————–+—————–+——————+——————+—————-+———————+——————–+——————+————+————–+————————+———————+———-+————+————-+————–+—————+————-+—————–+———————-+———————–+———————–+——————+———+————–+——————–+

The hashed (encrypted) password string is being changed from the one on the server, so please don't try to hack me (decrypt it) 🙂
As it is visible from below output the Host field for root has the '%' string which means, any hostname is authorized to be able to connect and login to the MySQL server, so this was not the problem.

After quite some time on reading on what causes
' ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ',
I've spend some time reading various forum discussions online on the err such as the one on StackOverflow here SuperUser.com's how to fix access denied for user 'root'@'localhost' and one on askubuntu.com's – ERROR 1045(28000) : Access denied for user 'root@localhost' (using password: no ) and after a while finally got it, thanks to a cool IRC.FREENODE.NET guy nicknamed, hedenface who pointed me I'm that, I'm trying to use the -H flag (Prodice HTML) instead of -h (host_name), it seems somehow I ended up with the wrong memory that the -H stands for hostname, by simply using -h I could again login Hooray!!!

root@linux:~$ mysql -u root -h remote-server-host.com -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.15-MariaDB-1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

I've further asked the customer to confirm, he can connect also from his Microsoft Windows 10 PC situated on a different LAN network and got his confirmation. Few notes to make here is I've also installed phpmyadmin on the server using phpmyadmin php source code latest version, as in Debian 10 it seems the good old PHP is no longer available (as this crazy developers again made a mess and there is no phpmyadmin .deb package in Debian Buster – but that's a different story I'll perhaps try to document in some small article in future.

Tags: based, created, credentials, find, good, guess, Internet Solution, logging, mysqld, root user, server password, something
Posted in MySQL, Remote System Administration | No Comments »

How to execute ssh command on multiple Linux servers with native ssh client and a bash loop – Changing shell terminal to multiple servers from ksh to bash

Monday, February 16th, 2015

how-to-execute-ssh-command-on-multiple-linux-servers-with-native-ssh-client-and-bash-loop-changing-default-shell-terminal-to-bash-for-mass-many-multiple-linux-unix-servers
I've been working for a customer that has about 450 hundred servers running all kind of different Web Applications / Mail services / FTP / Web Statistics etc.. I have a single user / password access to all of the servers (using LDAP authentication) – just like many of my colleagues and by default most of servers shell set is Korn Shell (/bin/ksh) is automatically run on ssh login time ( as it is set as the default shell ). I have nothing personally against Korn Shell but as mainly script in Bash Shell last 10+ years and I'm used to Bash's terminal behavior so much, each time I login to the servers I had to run manually run :

/bin/bash

This becomes really annoying, because I have to login to so many servers daily and do various stuff, so I got pissed off at the end and I wanted to change default shell set (only for my current) user to BASH, since there are other users that work on servers and its not a good idea to change globally servers global shell to bash, because such action could hurt some poor colleague love for KSH 🙂

A note to make here is the servers are primary running SuSE SLES / CentOS and Debian and RHEL Linux, but this bash one liner would be working on any other Linux release which has a bash >=2.0, I've tested it exactly on bash 3.2.25.

I have dump of all server hostnames / IPs in a plain text (.txt) file called all_servers_list.txt and since the servers are not accessible between each other but only through a special HOP station running Windows I couldn't install and use sshpass for mass deploy of new $SHELL variable configuration into home directory's $HOME/.profile ( ~/.profile ) . Thus I was forced to use a standard SSH client and a MobaXTERM inistallation which comes with integrated CygWin bash (for windows) and thus I can run normal Linux bash code inside the MobaXTerm Terminal on the Windows 2012R2 (jump host) .. 🙂

while read line; do ssh my-user@$line 'echo "export SHELL=/bin/bash ; exec /bin/bash" >> /home/my-user/.profile' < /dev/null; done < all_servers_list.txt

Since SSH client doesn't have a non-interactive way to pass on password from command line (for security reasons), to make above bash one liner loop to deploy bash as a default shell (mass) on all servers I have to paste (my Sotred in Memory Copied password) the SSH remote login server password 450 times each time I',m prompted by SSH to input password manually (this takes about 20) minutes but it is a worthy time, since from then on /bin/bash runs automatically on server login time. One important note to make is the </dev/null here is necessery because otherwise ssh is having troubles with reading the host in the loop. If you try running above cmd without </dev/null you, the loop is about to end after first login attempt. Changing default shell to multiple servers is not done only to servers with default ksh, but for any servers with default csh shell or any other obscure shell to bash (if bash is installed) is achieved by above command.

As you can guess above while bash loop, can easily be modified to run any other command to a bunch of hundred or thousand servers of your choise, the only inconvenience you will have is you have to paste the password for each server part of loop to which ssh is creating connection.
This example works on Linux but should work fine on any other platform that have /bin/bash (or /usr/local/bin/bash) installed if on FreeBSD / NetBSD, it should work on HP-UX and SunOS / Solaris hosts which have bash installed too.

Once you've launched the loop and added /bin/bash to run on login to check on next login where you're really running bash shell there is the:

echo $SHELL
/bin/bash

If you want keep / grep output of shell variable $SHELL:

MYSHELL=`ps -hp $$|awk '{echo $5}'`

Anyhow on some Linux hosts this variable might show bash and still you might be running old shell ksh / csh, the better way to check your SHELL is with ps -p $$ command (nowdays not known by many admins)

ps -p $$
PID TTY TIME CMD
866 pts/0 00:00:00 bash

Now I can happily use bash on all the servers every time I login. Cheers and Thanks God ! 🙂

Tags: bash shell, bin, current user, default shell, How to, KSH, liner, loop, multiple, server login, server password, servers, ssh client, ssh command
Posted in Curious Facts, Everyday Life, Programming, Remote System Administration, System Administration, Various | 1 Comment »

How to set password on a mysql server with no password via mysql command line interface

Monday, March 28th, 2011

Many Linux distributions’s offered MySQL server comes without a set default password, in practice you can freely login to the mysql server on a plain mysql server installation on Debian, Ubuntu or Fedora by simply issuing:

linux:~# mysql -u root Enter password:

Pressing enter will straight let you in the mysql server. The same kind of behaviour is also probably true on BSD based and many other Unixes which have pre-installed or the option to install a new mysql server.

I remember in my past that I’ve even seen a productive mysql servers on a servers running CMS based websites which doesn’t have a root password set.

Some administrators doesn’t take the time to think about the implications of the no password mysql installation and therefore being in a hurry simply let the server without an administrator password.
This is very common for the most lame and uneducated ones. Many novice system administrators think that by installing a phpmyadmin and configuring a password on it’s web interface is equal to setting up the mysql server (daemon) a password.

Thus for all this the uneducated ones and for all those who already have noticed that their newly installed mysql server doesn’t have a password set I’ve decided to give an example how a new mysql server password can be set or how an existing mysql server pass can be changed to a new one

To make any password manipulations usually the mysql-client package does provide a very handy instrument called mysqladmin , mysqladmin has many possibilities among which is creating a new mysql server admin (root) password or changing a previously set mysql server password to a new one

1. Here is how you can set a new MySQL server password:

mysqladmin -u root 'password' YOURasddsaPASSWORDjqweHERE

2. If you need to change an already existing mysql password you need to provide just one more argument to mysqladmin:

mysqladmin -u root 'password' YOURasdfdsaNEWasddsaPASSWORD_HERE -pEnter password:

Whether the Enter password: field appears you will be required to fill in the original mysql server root password after which the password will be changed to the above string passed in to the mysqladmin command line ‘YOURasdfdsaNEWasddsaPASSWORD_HERE’

That’s all now you have either set a new password for the mysql server or have already changed your previous one.

Tags: administrator password, fedora, handy instrument, How to set password on a mysql server without a password via mysql command line interface, hurry, linux distributions, manipulations, mysql client, mysql servers, novice, phpmyadmin, server admin, server password, system administrators, web interface
Posted in MySQL, System Administration | No Comments »

☩ Walking in Light with Christ – Faith, Computing, Diary

Posts Tagged ‘server password’

How to Set MySQL MariaDB server root user to be able to connect from any host on the Internet / Solution to ‘ ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES) ‘

Setting new or changing old MariaDB (MySQL) root server password

Allowing access to MySQL server from Anywhere

Setting MySQL user to be able to connect to local server MySQL from any remote hostname

Changing the MySQL root (admin) password no longer possible on Debian 10 Buster?

Viewing MariaDB (MySQL) username / password set-up from the CLI

How to set password on a mysql server with no password via mysql command line interface

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites