MySQL root-login with SSH private key?

mysql security authentication root ssh-agent
11,757

You can certainly use the normal SSH key authentication to log on to your shell account and then use a ~/.my.cnf file with your password inside. This will be used by default by the mysql command line client.

Its content should be:

[client]
user=the_user_name
password=the_password

Beware that whoever can read this file will be able to use those credentials. Protect it so that only the owner can read it (and lock your terminal if you go away from your keyboard).

If you want direct key-based authentication, you could also use SSL client-certificate authentication. You could create your own small CA and issue yourself with these client-certificates. A number of tools support this if you require direct remote access.

Share:
11,757
hhh
Author by

hhh

Updated on June 25, 2022

Comments

  • hhh
    hhh almost 2 years

    Suppose Mysql -dbs and an admin with a bad habbit to forget the passwords (or paranoid enough wanting more creative authentication, not just password). Is it possible to access Mysql -root shell for example in a way that the Ssh-agent stores the private keys and then I could just login by "mysql -u root" (without typing the passwords or a combination of private-key and a password)?

  • hhh
    hhh almost 12 years
    ..precisely, thanks! Besides them, I have some ideas such as setting up ssh-fs things with gpg, have to think how to protect the file carefully (I am on shared system) -- perhaps using many ways of authentication so not really mattering if losing the password, ideas? Perhaps overengineering now, investigating.
  • Bruno
    Bruno almost 12 years
    That's not necessarily going to work with ssh-fs. This file will be used by the mysql client if running on the actual machine (and only in non-encrypted form). (You could of course mount the remote home directory with ssh-fs and then specify this config file with your local mysql client, but this seems convoluted). Keep the mysql root password in this file in the root account if you need. For remote access, client-certs might be a better option (although it's more involved in terms of management).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Allow linux root user mysql root access without password
Should we disable the root user?
SQLSTATE[HY000] [1698] Access denied for user 'root'@'localhost'
php not redirecting and logging in
WCF transport security with no authentication
How can I calculate the Failed Acceptance Rate and False Recognition Rate?
How to connect Power BI Desktop to remote MySql server that requires authentication
ASP.Net Authentication using <credentials> in web.config
ASP.NET Core using custom authenticationhandler with cookieauthentication
password limitations in SQL Server and MySql