We help IT Professionals succeed at work.

setting ssl_type = Any resulted in denied access for a mySql remote account

High Priority
79 Views
Last Modified: 2020-02-22
Refer to attached.

After setting the ssl_type to 'ANY' as per CIS hardening
benchmark for our mySql, access was denied.

What's missed?

We're running RHEL 7 OS
mySql_appmssl2.jpg
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Are you able to use workbench on a workstation and connect to the SQL instance?

try
mysql -u appm -p --ssl



if you want secure, you should tell mysql to use secure through --ssl

Author

Commented:
it prompts when connecting from workbench thus it's
indication it's connectable.

--ssl is an invalid option in our case:

[root@u01 ~]# mysql -u appm -p --ssl
mysql: unknown option '--ssl'.
[root@u01 ~]# mysql -u appm -p -ssl
mysql: mysql: unknown option '-l'.
[root@u01 ~]# mysql -u appm -p
Enter password:
ERROR 1045 (28000): Access denied for user 'appm'@'localhost' (using password: YES)

Author

Commented:
There's an init file in mysql's home dir, does
this have any impact:

$ whoami
mysql

$ more init-file.txt
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Temp@ssw0rd';
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Try mysql --help
mysql --ssl --help
mysql --version

mysql -u root
What happens?
Commented:
Colleague found that the appm account is local
& there's no remote account accessing it, thus
won't need to enable ssl_type