mysql -u -p -h -P
在我们部署数据库的时候,我们会经常出现这样那样的错误:“连接到MySQL,但遇到了1045错误”,大多数时候它都伴随着“……但我确信我的用户和密码是可以的”。因此,根据日常使用总结可能出现此错误的其他原因。
MySQL 1045 可能的原因有:
1) 连接到错误的主机:
| 1 2 3 | [engineer@percona]# mysql -u root -psekret mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) |
如果没有指定要连接的主机(带有-h标志),MySQL客户端将尝试连接到localhost实例,而您可能正在尝试连接到另一个主机/端口实例
修复方法: 仔细检查您是否试图连接到localhost,或者如果不是localhost,请确保指定主机和端口
| 1 | [engineer@percona]# mysql -u root -psekret -h <IP> -P 3306 |
2) 用户不存在:
| 1 2 3 | [engineer@percona]# mysql -u nonexistant -psekret -h localhost mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'nonexistant'@'localhost' (using password: YES) |
修复方法: 确保连接使用的用户账号存在。
| 1 2 | mysql> SELECT User FROM mysql.user WHERE User='nonexistant'; Empty set (0.00 sec) |
如果用户不存在,则创建一个用户账号
| 1 2 | mysql> CREATE USER 'nonexistant'@'localhost' IDENTIFIED BY 'sekret'; Query OK, 0 rows affected (0.00 sec) |
3) 用户存在,但客户端主机没有连接权限:
| 1 2 3 | [engineer@percona]# mysql -u nonexistant -psekret mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'nonexistant'@'localhost' (using password: YES) |
修复方法: 您可以通过以下查询查看哪个主机用户/主机MySQL允许连接:
| 1 2 3 4 5 6 7 | mysql> SELECT Host, User FROM mysql.user WHERE User='nonexistant'; +-------------+-------------+ | Host | User | +-------------+-------------+ | 192.168.0.1 | nonexistant | +-------------+-------------+ 1 row in set (0.00 sec) |
如果您需要检查客户端连接的IP,可以使用以下Linux命令作为服务器IP:
| 1 2 3 | [engineer@percona]# ip address | grep inet | grep -v inet6 inet 127.0.0.1/8 scope host lo inet 192.168.0.20/24 brd 192.168.0.255 scope global dynamic wlp58s0 |
或者域名ip:
| 1 2 | [engineer@percona]# dig +short myip.opendns.com @resolver1.opendns.com 177.128.214.181 |
然后,您可以创建一个具有正确主机(客户端IP)或“%”(通配符)的用户,以匹配任何可能的IP:
| 1 2 | mysql> CREATE USER 'nonexistant'@'%' IDENTIFIED BY 'sekret'; Query OK, 0 rows affected (0.00 sec) |
4) 密码错误,或者用户忘记了密码:
| 1 2 3 | [engineer@percona]# mysql -u nonexistant -pforgotten mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'nonexistant'@'localhost' (using password: YES) |
修复方法: 检查和/或重置密码,您无法从MySQL中以明文读取用户密码,因为密码哈希用于身份验证,但您可以将哈希字符串与“password”函数进行比较:
| 1 2 3 4 5 6 7 8 | mysql> SELECT Host, User, authentication_string, PASSWORD('forgotten') FROM mysql.user WHERE User='nonexistant'; +-------------+-------------+-------------------------------------------+-------------------------------------------+ | Host | User | authentication_string | PASSWORD('forgotten') | +-------------+-------------+-------------------------------------------+-------------------------------------------+ | 192.168.0.1 | nonexistant | *AF9E01EA8519CE58E3739F4034EFD3D6B4CA6324 | *70F9DD10B4688C7F12E8ED6C26C6ABBD9D9C7A41 | | % | nonexistant | *AF9E01EA8519CE58E3739F4034EFD3D6B4CA6324 | *70F9DD10B4688C7F12E8ED6C26C6ABBD9D9C7A41 | +-------------+-------------+-------------------------------------------+-------------------------------------------+ 2 rows in set, 1 warning (0.00 sec) |
我们可以看到,PASSWORD('argotten')哈希与authentication_string列不匹配,这意味着密码字符串='rgotten'不是正确的登录密码。此外,如果用户有多个主机(使用不同的密码),他可能试图使用错误主机的密码进行连接。
如果需要重写密码,可以执行以下查询:
| 1 2 | mysql> set password for 'nonexistant'@'%' = 'hello$!world'; Empty set (0.00 sec) |
5) 正在转换的密码中的特殊字符:
| 1 2 3 | [engineer@percona]# mysql -u nonexistant -phello$!world mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'nonexistant'@'localhost' (using password: YES) |
修复方法: 通过将密码用单引号括起来防止bash解释特殊字符:
| 1 2 3 4 | [engineer@percona]# mysql -u nonexistant -p'hello$!world' mysql: [Warning] Using a password on the command line interface can be insecure ... mysql> |
6) SSL是必需的,但客户端没有使用它:
| 1 2 3 4 5 6 7 8 9 | mysql> create user 'ssluser'@'%' identified by 'sekret'; Query OK, 0 rows affected (0.00 sec) mysql> alter user 'ssluser'@'%' require ssl; Query OK, 0 rows affected (0.00 sec) ... [engineer@percona]# mysql -u ssluser -psekret mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'ssluser'@'localhost' (using password: YES) |
修复方法: Adding –ssl-mode flag (–ssl flag is deprecated but can be used too)
| 1 2 3 | [engineer@percona]# mysql -u ssluser -psekret --ssl-mode=REQUIRED ... mysql> |
您可以在关于“设置MySQL SSL和安全连接”和“5.6和5.7中的SSL”的博客文章中更深入地阅读如何在MySQL中配置SSL.
7) PAM后端不工作:
| 1 2 3 4 5 6 | mysql> CREATE USER 'ap_user'@'%' IDENTIFIED WITH auth_pam; Query OK, 0 rows affected (0.00 sec) ... [engineer@percona]# mysql -u ap_user -pap_user_pass mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'ap_user'@'localhost' (using password: YES) |
修复方法: 仔细检查用户/密码是否正确,以便用户使用当前正在使用的PAM进行身份验证。
在我的示例中,我使用Linux影子文件进行身份验证。为了检查用户是否存在:
| 1 2 | [engineer@percona]# cat /etc/passwd | grep ap_user ap_user:x:1000:1000::/home/ap_user:/bin/bash |
重置密码:
| 1 2 3 | [engineer@percona]# sudo passwd ap_user Changing password for user ap_user. New password: |
8) 如果您忘记密码或者密码已过期无法登录
您可以在my.cnf配置文件中设置skip-grant-tables skip-networking忽略密码的参数,从新启动mysql服务,登录mysql,修改为你想要的密码。