1

我正在尝试配置 MySQL 5.1.63,使其仅允许通过 SSL 进行远程连接。我可以确认连接通过 SSL 工作,但是我似乎无法阻止未加密的连接。

我正在遵循 MySQL 文档中的说明,并运行以下命令:

CREATE USER 'a' IDENTIFIED BY 'a';
GRANT ALL ON *.* TO 'a' REQUIRE SSL;
FLUSH PRIVILEGES;

然后,如果“protectme”是运行 MySQL 的计算机,我从远程计算机运行以下命令,

mysql -u a --password=a --host=protectme

它连接!我可以验证我连接的 MySQL 确实是“protectme”上的 MySQL。为了更好地衡量,我尝试重新启动 MySQL,并确认用户已在 mysql.user 表中更新:

mysql> SELECT * FROM mysql.user WHERE User = "a";
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| Host | User | Password                                  | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections |
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| %    | a    | *667F407DE7C6AD07358FA38DAED7828A72014B4E | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | N          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y          | Y            | ANY      |            |             |              |             0 |           0 |               0 |                    0 |
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
1 row in set (0.00 sec)

有谁知道我做错了什么?互联网上似乎没有其他人遇到这个问题,但它对我根本不起作用!非常感谢!

4

1 回答 1

0

matthewnreid 这个答案值得称赞。谢谢!!

密钥和证书在 my.cnf 文件的 mysql-client 部分中提供。正如 matthewnreid 建议的那样,您可以通过查看 ssl_cipher 变量来诊断这一点。

于 2012-08-12T02:35:19.047 回答