Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server
This should be dead simple, but I cannot get it to work for the life of me. I'm just trying to connect remotely to my MySQL server.
Connecting as: mysql -u root -h localhost -p
works fine, but trying: mysql -u root -h 'any ip address here' -p
fails with the error: ERROR 1130 (00000): Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server
In the mysql.user table, there is exactly the same entry for user 'root' with host 'localhost' as another with host '%'.
I'm at my wits' end and have no idea how to proceed. Any ideas are welcome.
Possibly a security precaution. You could try adding a new administrator account:
mysql> CREATE USER 'monty'@'localhost' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
-> WITH GRANT OPTION;
mysql> CREATE USER 'monty'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
-> WITH GRANT OPTION;
Although as Pascal and others have noted it's not a great idea to have a user with this kind of access open to any IP. If you need an administrative user, use root, and leave it on localhost. For any other action specify exactly the privileges you need and limit the accessibility of the user as Pascal has suggest below.
Edit:
From the MySQL FAQ:
If you cannot figure out why you get Access denied, remove from the user table all entries that have Host values containing wildcards (entries that contain '%' or '_' characters). A very common error is to insert a new entry with Host='%' and User='some_user', thinking that this allows you to specify localhost to connect from the same machine. The reason that this does not work is that the default privileges include an entry with Host='localhost' and User=''. Because that entry has a Host value 'localhost' that is more specific than '%', it is used in preference to the new entry when connecting from localhost! The correct procedure is to insert a second entry with Host='localhost' and User='some_user', or to delete the entry with Host='localhost' and User=''. After deleting the entry, remember to issue a FLUSH PRIVILEGES statement to reload the grant tables. See also Section 5.4.4, “Access Control, Stage 1: Connection Verification”.
One has to create a new MySQL User and assign privileges as below in Query prompt via phpMyAdmin or command prompt:
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;
CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
Once done with all four queries, it should connect with username / password
@localhost would make sense if the privileges were different somehow but here they're the same and it's probably going to be more confusing than anything (such as changing passwords on one not realizing the other exists and that your login might be hitting that one).
My error message was similar and said 'Host XXX is not allowed to connect to this MySQL server' even though I was using root. Here's how to make sure that root has the correct permissions.
My setup:
Ubuntu 14.04 LTS
MySQL v5.5.37
Solution
Open up the file under 'etc/mysql/my.cnf' Check for: port (by default this is 'port = 3306') bind-address (by default this is 'bind-address = 127.0.0.1'; if you want to open to all then just comment out this line. For my example, I'll say the actual server is on 10.1.1.7) Now access the MySQL Database on your actual server (say your remote address is 123.123.123.123 at port 3306 as user 'root' and I want to change permissions on database 'dataentry'. Remember to change the IP Address, Port, and database name to your settings) mysql -u root -p
Enter password:
use dataentry line (since most people won't have that database created).
mysql service at the end
FLUSH PRIVILEGES should allow you to not need to restart.
Just perform the following steps:
1a) Connect to mysql (via localhost)
mysql -uroot -p
1b) If the mysql server is running in Kubernetes (K8s) and being accessed via a NodePort
kubectl exec -it [pod-name] -- /bin/bash
mysql -uroot -p
Create user CREATE USER 'user'@'%' IDENTIFIED BY 'password'; Grant permissions GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' WITH GRANT OPTION; Flush privileges FLUSH PRIVILEGES;
You need to grant access to the user from any hostname.
This is how you add new privilege from phpmyadmin
Goto Privileges > Add a new User
https://i.stack.imgur.com/ry1Zl.png
Select Any Host for the desired username
https://i.stack.imgur.com/Q8xJz.png
The message *Host ''xxx.xx.xxx.xxx'' is not allowed to connect to this MySQL server is a reply from the MySQL server to the MySQL client. Notice how its returning the IP address and not the hostname.
If you're trying to connect with mysql -h<hostname> -u<somebody> -p and it returns this message with the IP address, then the MySQL server isn't able to do a reverse lookup on the client. This is critical because thats how it maps the MySQL client to the grants.
Make sure you can do an nslookup <mysqlclient> FROM the MySQL server. If that doesn't work, then there's no entry in the DNS server. Alternatively, you can put an entry in the MySQL server's HOSTS file (<ipaddress> <fullyqualifiedhostname> <hostname> <- The order here might matter).
An entry in my server's host file allowing a reverse lookup of the MySQL client solved this very problem.
Simple way:
Grant All Privileges ON *.* to 'USER_NAME'@'%' Identified By 'YOUR_PASSWORD';
then
FLUSH PRIVILEGES;
done!
WHERE CustomerName LIKE 'a%' - Finds any values that start with "a"
This working for any future remote mysql connection !
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Navigate to the line that begins with the bind-address directive. It should look like this:
bind-address = 0.0.0.0
Login to your mysql as root terminal
mysql -u root -p
-- root password
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;
CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
finally Grant that machine exclusive permission to connect to the database remotely with the following command.
sudo ufw allow from remote_IP_address to any port 3306
If you modify the grant tables manually (using INSERT, UPDATE, etc.), you should execute a FLUSH PRIVILEGES statement to tell the server to reload the grant tables.
PS: I wouldn't recommend to allow any host to connect for any user (especially not the root use). If you are using mysql for a client/server application, prefer a subnet address. If you are using mysql with a web server or application server, use specific IPs.
Just use the interface provided by MySql's GUI Tool (SQLyog):
https://i.stack.imgur.com/uJJM3.png
Now, if you want to grant access FOR ANY OTHER REMOTE PC, just make sure that, just like in the underneath picture, the Host field value is % (which is the wildcard)
https://i.stack.imgur.com/L1xhf.png
Most of the answers here show you creating users with two host values: one for localhost, and one for %.
Please note that except for a built-in localhost user like root, you don't need to do this. If you simply want to make a new user that can log in from anywhere, you can use
CREATE USER 'myuser'@'%' IDENTIFIED BY 'mypassword';
GRANT <whatever privileges are appropriate> ON <relevant tables> TO myuser;
and it will work just fine. (As others have mentioned, it's a terrible idea to grant administrative privileges to a user from any domain.)
If you are using MySQL WorkBench, you can achieve this easily:
From the menu, select Server -> Users And Privileges On the lower left, click on "Add account" Fill the form with username, host matching (% means every host) and the password Click on "Apply" on the lower right
After this you are good to go. Then, if you want to refine your configuration, you can use the "Administrative Roles" tab to set the command that can be used by the user (SELECT, ALTER etc etc) and the "Schema privileges" tab to restrict the user interaction to specific schemas.
simple way is to login to phpmyadmin with root account , there goto mysql database and select user table , there edit root account and in host field add % wild card . and then through ssh flush privileges
FLUSH PRIVILEGES;
Well, nothing of the above answer worked for me. After a lot of research, I found a solution. Though I may be late this may help others in future.
Login to your SQL server from a terminal
mysql -u root -p
-- root password
GRANT ALL ON *.* to root@'XX.XXX.XXX.XX' IDENTIFIED BY 'password';
This should solve the permission issue.
https://i.stack.imgur.com/llOUT.png
https://i.stack.imgur.com/bcLqP.png
Happy coding!!
If this is a recent mysql install, then before changing anything else, try simply to execute this command and then try again:
flush privileges;
This alone fixes the issue for me on Ubuntu 16.04, mysql 5.7.20. YMMV.
Just find a better way to do that from your hosting control panel (I'm using DirectAdmin here)
https://i.stack.imgur.com/th2uR.jpg
I guess there is a similar option on other C.panels like plesk, etc..
I'm hope it was helpful to you too.
If you happen to be running on Windows; A simple solution is to run the MySQL server instance configuration wizard. It is in your MYSQL group in the start menu. On the second from last screen click the box that says "allow root access from remote machines".
https://i.stack.imgur.com/3LI6u.png
I was also facing same issue, It resolved in 2 min for me i just white list ip through cpanel
Suppose you are trying to connect database of server B from server A. Go to Server B Cpanel->Remote MySQL-> enter Server A IP Address and That's it.
Well what you can do is just open mysql.cfg file and you have to change Bind-address to this
bind-address = 127.0.0.1
and then Restart mysql and you will able to connect that server to this.
Look this you can have idea form that.
This answer might help someone...
All these answers didnt help, then I realised I forgot to check one crucial thing.. The port :)
I have mysql running in a docker container running on a different port. I was pointing to my host machine on port 3306, which I have a mysql server running on. My container exposes the server on port 33060. So all this time, i was looking at the wrong server! doh!
This working for DirectAdmin;
Go to your DirectAdmin. Go to your MySQL Management. Select your database. Under your Accesse Host tab, there is a field. You should fill this field by xxx.xx.xxx.xx. Click on Add Host.
Finished. Now you can access to this DB by your your_database_username & your_database_password.
So Simple!
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
this error because no password to the root , and this Maybe occurred with you when you trying to connect from outside .
CPANEL solution
Go to Cpanel, look for Remote MySQL. Add the the IP in the input field:
Host (% wildcard is allowed)
Comment to remember what IP that is. That was it for me.
1. From a terminal, connect you to your MySQL running container
docker exec -it your_container_name_or_id bash
2. In your container, connect you to the MySQL database
mysql -u your_user -p
enter your password to connect to database.
3. execute this SQL script to list all existing database users:
SELECT host, user FROM mysql.user;
The result will be some thing like below:
host user 127.0.0.1 root ::1 root localhost mysql.sys localhost root
you should add a new row:
host user % root
CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;
Problem: root@localhost is unable to connect to a fresh installation of mysql-community-server on openSUSE 42.2-1.150.x86_64. Mysql refuses connections - period.
Solution:
$ ls -l /var/lib/mysql/mysql/user.*
-rw-rw---- 1 mysql mysql 0 Apr 29 19:44 /var/lib/mysql/mysql/user.MYD
-rw-rw---- 1 mysql mysql 1024 Apr 29 19:44 /var/lib/mysql/mysql/user.MYI
-rw-rw---- 1 mysql mysql 10684 Apr 29 19:44 /var/lib/mysql/mysql/user.frm
File user.MYD has 0 size (really ?!). I copied all 3 files from another working system.
$ /usr/sbin/rcmysql stop
$ cd /var/lib/mysql/mysql/
$ scp root@othersytem:/var/lib/mysql/mysql/user.* ./
$ /usr/sbin/rcmysql start
$ cd -
$ mysql -u root -p
I was able to log in. Then, it was just a matter of re-applying all schema privileges. Also, if you disabled IPv6, re-enable it temporary so that root@::1 account can also work.
if you are trying to execute mysql query withouth defining connectionstring, you will get this error.
Probably you forgat to define connection string before execution. have you check this out? (sorry for bad english)
All of the answers here didn't work in my case so I guest this may help other users in the future. This can also be a problem in our code, not just in MySQL alone.
If you are using VB.NET
Instead of this code:
Dim server As String = My.Settings.DB_Server
Dim username As String = My.Settings.DB_Username
Dim password As String = My.Settings.DB_Password
Dim database As String = My.Settings.DB_Database
MysqlConn.ConnectionString = "server=" & server & ";" _
& "user id=" & username & ";" _
& "password=" & password & ";" _
& "database=" & database
MysqlConn = New MySqlConnection()
You need to move MysqlConn = New MySqlConnection() on the first line. So it would be like this
MysqlConn = New MySqlConnection()
Dim server As String = My.Settings.DB_Server
Dim username As String = My.Settings.DB_Username
Dim password As String = My.Settings.DB_Password
Dim database As String = My.Settings.DB_Database
MysqlConn.ConnectionString = "server=" & server & ";" _
& "user id=" & username & ";" _
& "password=" & password & ";" _
& "database=" & database
Follow WeChat
Success story sharing
