MySQL Forums
Forum List  »  Security

MySQL allowing anonymous logins over SSH
Posted by: Mark Knecht
Date: December 19, 2013 02:05PM

I'm just a home user getting started with MySQL. The book I purchased doesn't seem to cover this issue very well, or I'm not understanding it. Basically, it seems that I can ssh into my system as a user who isn't in the mysql.user list and still use MySQL.

My user list:

mysql> SELECT host,user,password FROM mysql.user;
+-----------+------+-------------------------------------------+
| host | user | password |
+-----------+------+-------------------------------------------+
| localhost | root | *A294441C38B03BE12E32771ADDF7976B0DDB8164 |
| c2RAID6 | root | *A294441C38B03BE12E32771ADDF7976B0DDB8164 |
| 127.0.0.1 | root | *A294441C38B03BE12E32771ADDF7976B0DDB8164 |
| localhost | | |
| c2RAID6 | | |
| localhost | mark | *E8F1FB8D711EFE40BEE77B5E9EC940D7C1740E15 |
+-----------+------+-------------------------------------------+
6 rows in set (0.00 sec)

mysql>


MySQL says there's no account for 'evelyn', which is correct, but still allows evelyn access if she comes into the machine over ssh:


mark@c2RAID6 ~ $ mysql -u evelyn
ERROR 1045 (28000): Access denied for user 'evelyn'@'localhost' (using password: YES)
mark@c2RAID6 ~ $ ssh evelyn@localhost
Password:
evelyn@c2RAID6 ~ $ mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 176
Server version: 5.1.70-log Gentoo Linux mysql-5.1.70

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>


How can I lock this down so that no one gets access unless they are in the user table?

Thanks!

Options: ReplyQuote


Subject
Views
Written By
Posted
MySQL allowing anonymous logins over SSH
3484
December 19, 2013 02:05PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.