grant remote access of MySQL database from any IP address
TO 'user'@'%'
% is a wildcard - you can also do '%.domain.com'
or '%.123.123.123'
and things like that if you need.
Enable Remote Access (Grant) Home / Tutorials / Mysql / Enable Remote Access (Grant) If you try to connect to your mysql server from remote machine, and run into error like below, this article is for you.
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this MySQL server
Change mysql config
Start with editing mysql config file
vim /etc/mysql/my.cnf
Comment out following lines.
#bind-address = 127.0.0.1
#skip-networking
If you do not find skip-networking line, add it and comment out it.
Restart mysql server.
~ /etc/init.d/mysql restart
Change GRANT privilege
You may be surprised to see even after above change you are not getting remote access or getting access but not able to all databases.
By default, mysql username and password you are using is allowed to access mysql-server locally. So need to update privilege. (if you want to create a separate user for that purpose, you can use CREATE USER 'USERNAME'@'localhost' IDENTIFIED BY 'PASSWORD';
)
Run a command like below to access from all machines. (Replace USERNAME
and PASSWORD
by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Run a command like below to give access from specific IP. (Replace USERNAME
and PASSWORD
by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
You can replace 1.2.3.4 with your IP. You can run above command many times to GRANT access from multiple IPs.
You can also specify a separate USERNAME
& PASSWORD
for remote access.
You can check final outcome by:
SELECT * from information_schema.user_privileges where grantee like "'USERNAME'%";
Finally, you may also need to run:
mysql> FLUSH PRIVILEGES;
Test Connection
From terminal/command-line:
mysql -h HOST -u USERNAME -pPASSWORD
If you get a mysql shell, don’t forget to run show databases; to check if you have right privileges from remote machines.
Bonus-Tip: Revoke Access
If you accidentally grant access to a user, then better have revoking option handy.
Following will revoke all options for USERNAME from all machines:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'@'%';
Following will revoke all options for USERNAME from particular IP:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'@'1.2.3.4';
Its better to check information_schema.user_privileges table after running REVOKE command.
If you see USAGE privilege after running REVOKE command, its fine. It is as good as no privilege at all. I am not sure if it can be revoked.
Assuming that the above step is completed and MySql port 3306 is free to be accessed remotely; Don't forget to bind the public ip address in the mysql config file.
For example on my ubuntu server:
#nano /etc/mysql/my.cnf
In the file, search for the [mysqld] section block and add the new bind address, in this example it is 192.168.0.116. It would look something like this
......
.....
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
bind-address = 192.168.0.116
.....
......
you can remove th localhost(127.0.0.1) binding if you choose, but then you have to specifically give an IP address to access the server on the local machine.
Then the last step is to restart the MySql server (on ubuntu)
stop mysql
start mysql
or #/etc/init.d/mysql restart
for other systems
Now the MySQL database can be accessed remotely by:
mysql -u username -h 192.168.0.116 -p
To be able to connect with your user from any IP address, do the following:
Allow mysql server to accept remote connections. For this open mysqld.conf file:
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf
Search for the line starting with "bind-address" and set it's value to 0.0.0.0
bind-address = 0.0.0.0
and finally save the file.
Note: If you’re running MySQL 8+, the bind-address
directive will not be in the mysqld.cnf
file by default. In this case, add the directive to the bottom of the file /etc/mysql/mysql.conf.d/mysqld.cnf
.
Now restart the mysql server, either with systemd
or use the older service
command. This depends on your operating system:
sudo systemctl restart mysql # for ubuntu
sudo systemctl restart mysqld.service # for debian
Finally, mysql server is now able to accept remote connections.
Now we need to create a user and grant it permission, so we can be able to login with this user remotely.
Connect to MySQL database as root, or any other user with root privilege.
mysql -u root -p
now create desired user in both localhost and '%' wildcard and grant permissions on all DB's as such .
CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'myuser'@'%' IDENTIFIED BY 'mypass';
Then,
GRANT ALL ON *.* TO 'myuser'@'localhost';
GRANT ALL ON *.* TO 'myuser'@'%';
And finally don't forget to flush privileges
FLUSH PRIVILEGES;
Note: If you’ve configured a firewall on your database server, you will also need to open port 3306
MySQL’s default port to allow traffic to MySQL.
Hope this helps ;)