碼上快樂

相關內容    簡體    繁體

mysql以SSL加密的方式登錄

本文轉載自   查看原文   2021-09-15 16:42   165    mysql

默認加密設置

1.MySQL服務器是否以--ssl選項啟動,YES表示當前服務器支持SSL加密

mysql> show variables like 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl      | YES   |
+---------------+-------+
1 row in set (0.00 sec)

2.檢查MySQL服務器require_secure_transport系統變量,如果為ON啟用此變量后,服務器僅允許使用TLS/SSL加密的TCP/IP連接。

mysql> show variables like 'require_secure_transport';
+--------------------------+-------+
| Variable_name            | Value |
+--------------------------+-------+
| require_secure_transport | OFF   |
+--------------------------+-------+
1 row in set (0.00 sec)

**強制客戶端使用SSL加密連接**

方法1:修改my.cnf並重啟mysql

require_secure_transport=ON

方法2.配置系統環境變量(推薦)

mysql> set global require_secure_transport=ON;
Query OK, 0 rows affected (0.00 sec)

mysql> show variables like '%require_secure_transport%';
+--------------------------+-------+
| Variable_name            | Value |
+--------------------------+-------+
| require_secure_transport | ON   |
+--------------------------+-------+
1 row in set (0.00 sec)

3.以ssl方式登錄root用戶

mysql -uroot -p --ssl-mode=require

4.使用\s命令查看(SSL:Cipher in use is ECDHE-RSA-AES128-GCM-SHA256)

mysql> \s
--------------

mysql  Ver 14.14 Distrib 5.7.33, for el7 (x86_64) using  EditLine wrapper

Connection id:          206
Current database:
Current user:           root@localhost
SSL:                    Cipher in use is ECDHE-RSA-AES128-GCM-SHA256
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.7.33-log MySQL Community Server (GPL)
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /tmp/mysql.sock
Uptime:                 27 min 59 sec

Threads: 7  Questions: 544  Slow queries: 2  Opens: 134  Flush tables: 1  Open tables: 127  Queries per second avg: 0.324
--------------

創建kht用戶並測試
create user 'kht' identified by 'kht123' require SSL;(優先級高,即使全局關閉,也必須以加密的方式登錄)
create user 'kht1' identified by 'kht123' require NONE;

mysql> create user 'kht' identified by 'kht123' require SSL;
Query OK, 0 rows affected (0.05 sec)

mysql> grant all on *.* to 'kht';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
此時,僅使用 mysql -u kht -p無法登錄
[root@kht130 ~]# mysql -u kht -p
Enter password:
ERROR 1045 (28000): Access denied for user 'kht'@'localhost' (using password: YES)
[root@kht130 ~]# ^C
[root@kht130 ~]# mysql -u kht -p --ssl-mode=require
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 274
Server version: 5.7.33-log MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
You are enforcing ssl conection via unix socket. Please consider
switching ssl off as it does not make connection via unix socket
any more secure.


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 MySQL開啟SSL加密 MySQL(MariaDB)的 SSL 加密復制 MySQL8開啟ssl加密 MySQL 5.7 的SSL加密方法 Java Mail 發送郵件(SSL加密方式,TSL加密方式) 主要注意ssl協議加密方式 Mysql-開啟 SSL加密 mysql_ssl_rsa_setup MySQL加密方式 MySQL:密碼加密方式 Mysql密碼加密方式
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM