Avatar of sunhux
sunhux
 asked on

setting ssl_type = Any resulted in denied access for a mySql remote account

Refer to attached.

After setting the ssl_type to 'ANY' as per CIS hardening
benchmark for our mySql, access was denied.

What's missed?

We're running RHEL 7 OS
mySql_appmssl2.jpg
DatabasesOS SecurityMySQL Server

Avatar of undefined
Last Comment
sunhux

8/22/2022 - Mon
arnold

Are you able to use workbench on a workstation and connect to the SQL instance?

try
mysql -u appm -p --ssl



if you want secure, you should tell mysql to use secure through --ssl
sunhux

ASKER
it prompts when connecting from workbench thus it's
indication it's connectable.

--ssl is an invalid option in our case:

[root@u01 ~]# mysql -u appm -p --ssl
mysql: unknown option '--ssl'.
[root@u01 ~]# mysql -u appm -p -ssl
mysql: mysql: unknown option '-l'.
[root@u01 ~]# mysql -u appm -p
Enter password:
ERROR 1045 (28000): Access denied for user 'appm'@'localhost' (using password: YES)
sunhux

ASKER
There's an init file in mysql's home dir, does
this have any impact:

$ whoami
mysql

$ more init-file.txt
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Temp@ssw0rd';
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
arnold

Try mysql --help
mysql --ssl --help
mysql --version

mysql -u root
What happens?
ASKER CERTIFIED SOLUTION
sunhux

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.