Not signed in (Sign In)

Slice Setup: Remote MySQL Connection Not Working

Bottom of Page

1 to 6 of 6

  1.  
    • CommentAuthorjwynacht
    • CommentTimeFeb 9th 2010
     permalink
    Hi,

    I'm in the process of moving MySQL off my web server and onto a separate slice.

    I set the new server up per the Slicehost Debian instructions and then set up MySQL per these instructions:

    http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html

    However, I'm not able to log in. Telnet won't even work.

    I'm thinking that the changes I've made to sshd_config based on these instructions:

    http://articles.slicehost.com/2009/3/31/debian-lenny-setup-page-1

    are what is causing the issue, particulary "PasswordAuthentication no".

    Any ideas? Advice? Hazings?

    Thanks,

    Jon
    • CommentAuthordiazona
    • CommentTimeFeb 9th 2010
     permalink
    If by "telnet won't even work" you mean that the telnet connection test in step 7 fails to connect to the server, I suspect that either you didn't properly configure the firewall (step 6), or that the MySQL server isn't running. You need to start it - or if it's already running, you need to restart it after you make any configuration changes.

    (If you're using telnet for some other purpose... just keep in mind that it is completely insecure. I actually prefer netcat for these things.)

    Your SSH configuration should not have any effect on whatever may be going on with the MySQL server. They're completely separate programs. There is no way that setting PasswordAuthentication to "no" in sshd_config could be causing your problem.

    :) David
    • CommentAuthorjwynacht
    • CommentTimeFeb 9th 2010
     permalink
    Hi David,

    Thanks for the pointers. The MySQL server is running and I've been looking at the firewall setup. An "iptables -L" gives me:

    ACCEPT tcp -- MY.WEB.SERVER.IP anywhere tcp dpt:mysql

    and this is my entry from my rules:

    -A INPUT -i eth1 -s MY.WEB.SERVER.IP -p tcp --destination-port 3306 -j ACCEPT

    I have it using eth1 as that's the interface my internal IP is using. I'm using internal IPs for all this.

    Yeah, only installed telnet just to test and then will remove telnet. I'll check out netcat though.

    Thanks,

    Jon
    • CommentAuthorjwynacht
    • CommentTimeFeb 9th 2010
     permalink
    Ah...it's working now ;-) Looks like I forgot to reload ssh when I made the firewall changes. Ah well, that'll teach me to work late ;-)
    • CommentAuthordiazona
    • CommentTimeFeb 9th 2010
     permalink
    Hey, late night is when the secret internet parties break out!

    oh wait - whoops, that was supposed to be private ;-)

    I wouldn't have thought you'd need to reload ssh after changing the firewall, but I guess it generally never hurts to restart things when in doubt.

    Telnet (in the old days) or netcat (modern equivalent) is actually a pretty good tool to have on your development machine, e.g. your home computer, and maybe even on your slice as well. When you run into network problems, you'll want to have the tools available to deal with them. For what it's worth: ping, traceroute, dig, nmap, and tcpdump (or Wireshark if you can use a GUI), among others, are pretty standard.

    :) David
    • CommentAuthorjwynacht
    • CommentTimeFeb 9th 2010
     permalink
    Good to know...thanks again! And mum's the word on the secret internet parties...

1 to 6 of 6

  1.