MySQL: SSL remote login bitsCN.com
MySQL: SSL remote login
Environment: linux mint 15
Install openssl:
1
Sudo apt-get install openssl
Check whether mysql ssl is enabled (in the mysql command line ):
1
Show variables like '% ssl % ';
If not, the values of the 'have _ openssl 'and 'Have _ ssl' options are DISABLED.
Generate a certificate (under the mysql server host ):
We recommend that you create the certs directory in/etc/mysql:
1
# Cd/etc/mysql/
2
# Mkdir certs
3
# Cd certs
4
# Openssl genrsa 2048> ca-key.pem
5
# Openssl req-new-x509-nodes-days 1095-key ca-key.pem-out ca-cert.pem
6
# Openssl req-newkey rsa: 2048-days 1095-nodes-keyout server-key.pem-out server-req.pem
7
# Openssl rsa-in server-key.pem-out server-key.pem
8
# Openssl x509-req-in server-req.pem-days 1095-CA ca-cert.pem-CAkey ca-key.pem-set_serial 01-out server-cert.pem
Note that if 'sudo openssl genrsa 2048> ca-key.pem 'is prompted.
Then modify the configuration file under the mysql server host:
1
# Vim/etc/mysql/my. cnf
After '[mysqld]', add:
1
Ssl
2
Ssl-cipher = DHE-RSA-AES256-SHA
3
Ssl-ca =/etc/mysql/certs/ca-cert.pem
4
Ssl-cert =/etc/mysql/certs/server-cert.pem
5
Ssl-key =/etc/mysql/certs/server-key.pem
Restart mysql and enter the mysql command line 'show variables like '% ssl %'; 'to see:
01
+ --------------- + ---------------------------------- +
02
| Variable_name | Value |
03
+ --------------- + ---------------------------------- +
04
| Have_openssl | YES |
05
| Have_ssl | YES |
06
| Ssl_ca |/etc/mysql/certs/ca-cert.pem |
07
| Ssl_capath |
08
| Ssl_cert |/etc/mysql/certs/server-cert.pem |
09
| Ssl_cipher | DHE-RSA-AES256-SHA |
10
| Ssl_key |/etc/mysql/certs/server-key.pem |
11
+ --------------- + ---------------------------------- +
Configure mysql client:
Copy the ca-cert.pem to the/etc/mysql/certs directory under the mysql client host, open my. cnf under the client, and add:
1
Ssl
2
Ssl-cipher = DHE-RSA-AES256-SHA
3
Ssl-ca =/etc/mysql/certs/ca-cert.pem
Restart mysql under the client.
Start remote logon:
Create a new user for mysql on the server host:
1
Grant all on *. * TO 'SSL-user' @ '%' identified by '000000' REQUIRE ssl;
2
Flush privileges;
Then log on to the client:
1
Mysql-h -U ssl-user-p
2
Mysql>/s
3
Mysql> status
The/s and status functions the same. we should see:
1
SSL: Cipher in use is DHE-RSA-AES256-SHA
If my. cnf of the client is not configured, ssl-user users cannot be used to log on to the server.
Use navicat
The general method will not be mentioned.
1. Use SSH
Note that on the "General" tab, the host name or IP address is localhost and the connection name is customized. the user name and password are the user of mysql server and the corresponding password.
On the "SSH" tab, the host name is the ip address of the mysql server, and the user name is the user name of the host where the mysql server is located. The ssh service must be enabled on the host where the mysql server is located.
2. use SSL
On the "General" tab, change the ip address to the server ip address. the user name must have the "require ssl" attribute.
On the "SSL" tab, select "use SSL". do not forget to deselect SSH. The connection can be established normally at this time, but if you select "use verification" and add the corresponding ca, the connection will not be connected (not discussed ).
3. use HTTP
Copy ntunnel_mysql.php under the navicat directory to the php-supported website directory (such as/var/www) on the mysql server host ). The channel address is the network url of the PHP file. The user and password are the database user and password.
BitsCN.com