我正在尝试配置MySQL 5.1.63,以便它只允许通过SSL进行远程连接。我可以确认连接是通过SSL工作的,但我似乎无法阻止未加密的连接。
我按照MySQL文档中的说明操作,并运行以下命令:
CREATE USER 'a' IDENTIFIED BY 'a';
GRANT ALL ON *.* TO 'a' REQUIRE SSL;
FLUSH PRIVILEGES;
然后,如果“protectme”是运行MySQL的计算机,我从远程计算机运行以下程序,
mysql -u a --password=a --host=protectme
它连接!我可以验证我连接的MySQL确实是“protectme”上的MySQL。为了更好的衡量,我尝试重新启动MySQL,并确认用户已在mysql.user表中更新:
mysql> SELECT * FROM mysql.user WHERE User = "a";
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections |
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| % | a | *667F407DE7C6AD07358FA38DAED7828A72014B4E | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | N | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | ANY | | | | 0 | 0 | 0 | 0 |
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
1 row in set (0.00 sec)
有谁知道我做错了什么?互联网上没有其他人似乎有这个问题,但它对我来说根本不起作用!非常感谢!
答案 0 :(得分:0)
matthewnreid值得称赞这个答案。谢谢!!
密钥和证书是在my.cnf文件的mysql-client部分提供的。您可以通过查看ssl_cipher变量来诊断这一点,如matthewnreid建议的那样。