MySQL多种连接方式

1.1 Socket

前提: 必须创建和授权localhost相关用户

mysql> create user user2@'localhost' identified by '123';

Query OK, 0 rows affected (0.01 sec)

mysql> grant all on *.* to user2@'localhost' with grant option;

[root@localhost ~]# mysql -uuser2 -p123 -S /tmp/mysql.sock

1.2 TCP/IP

前提: 必须创建和授权远程网段相关用户

mysql> grant all on *.* to user2@'10.0.0.%' with grant option;

[root@localhost ~]# mysql -uuser2 -p123 -h 10.0.0.61 -P3306

1.3 客户端工具

使用工具连接时，如果加密方式不是mysql_native_password会连接不上

1.4 基于SSL的安全连接

MySQL5.7版本的

修改配置文件

[root@localhost ~]# cat /etc/my.cnf

[mysqld]

user=mysql

datadir=/data/mysql/data_3306

socket=/tmp/mysql.sock

#basedir=/usr/local/mysql57

basedir=/usr/local/mysql8

server_id=6

log_bin=/data/mysql/binlog_3306

port=3306

ssl             #开启ssl

[mysql]

socket=/tmp/mysql.sock

auto-rehash

mysql> show variables like '%ssl%';

+--------------------+-----------------+

| Variable_name      | Value           |

+--------------------+-----------------+

| have_openssl       | YES             |

| have_ssl           | YES             |

| mysqlx_ssl_ca      |                 |

| mysqlx_ssl_capath  |                 |

| mysqlx_ssl_cert    |                 |

| mysqlx_ssl_cipher  |                 |

| mysqlx_ssl_crl     |                 |

| mysqlx_ssl_crlpath |                 |

| mysqlx_ssl_key     |                 |

| ssl_ca             | ca.pem          |

| ssl_capath         |                 |

| ssl_cert           | server-cert.pem |

| ssl_cipher         |                 |

| ssl_crl            |                 |

| ssl_crlpath        |                 |

| ssl_fips_mode      | OFF             |

| ssl_key            | server-key.pem  |

+--------------------+-----------------+

17 rows in set (0.12 sec)

生成证书

[root@localhost ~]# mysql_ssl_rsa_setup

连接

[root@localhost ~]# mysql -uuser2 -p123 -h 10.0.0.61 -P3306 --ssl-cert=/data/mysql/data_3306/client-cert.pem --ssl-key=/data/mysql/data_3306/client-key.pem