snippetsqlMinor
How do you disable anonymous login?
Viewed 0 times
youanonymousdisableloginhow
Problem
According to the MySQL documentation, you can harden a MySQL server by adding passwords, or removing the anonymous accounts.
If you want to prevent clients from connecting as anonymous users
without a password, you should either assign a password to each
anonymous account or else remove the accounts.
Before hardening, my users table looked like this.
I've remove all anonymous accounts, so that the user table now looks like this.
(I'm using puppet to manage the users, but puppet effectively performs a
```
mysql> select user,host,password from mysql.user;
+------------------+-----------+-------------------------------------------+
| user | host | password |
+------------------+-----------+-------------------------------------------+
| root | localhost | *F3A2A51A9B0F2BE246XXXXXXXXXXXXXXXXXXXXXX |
| debian-sys-maint | localhost | *95C1BF709B26A5BAXXXXXXXXXXXXXXXXXXXXXXXX |
| myuser | localhost | *6
If you want to prevent clients from connecting as anonymous users
without a password, you should either assign a password to each
anonymous account or else remove the accounts.
Before hardening, my users table looked like this.
mysql> select user,host,password from mysql.user;
+------------------+-----------+-------------------------------------------+
| user | host | password |
+------------------+-----------+-------------------------------------------+
| root | localhost | *F3A2A51A9B0F2BE246XXXXXXXXXXXXXXXXXXXXXX |
| root | gitlab | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | gitlab | |
| debian-sys-maint | localhost | *95C1BF709B26A5BAXXXXXXXXXXXXXXXXXXXXXXXX |
| myuser | localhost | *6C8989366EAF75BB6XXXXXXXXXXXXXXXXXXXXXXX |
+------------------+-----------+-------------------------------------------+I've remove all anonymous accounts, so that the user table now looks like this.
(I'm using puppet to manage the users, but puppet effectively performs a
DROP USER command). ```
mysql> select user,host,password from mysql.user;
+------------------+-----------+-------------------------------------------+
| user | host | password |
+------------------+-----------+-------------------------------------------+
| root | localhost | *F3A2A51A9B0F2BE246XXXXXXXXXXXXXXXXXXXXXX |
| debian-sys-maint | localhost | *95C1BF709B26A5BAXXXXXXXXXXXXXXXXXXXXXXXX |
| myuser | localhost | *6
Solution
I figured it out. While /etc/mysql/my.cnf didn't have a password keypair stored, there was a password stored in /root/.my.cnf.
As soon as I commented out the password in /root/.my.cnf, I was not allowed to log in without a password (which is what I expected).
As soon as I commented out the password in /root/.my.cnf, I was not allowed to log in without a password (which is what I expected).
Context
StackExchange Database Administrators Q#51452, answer score: 6
Revisions (0)
No revisions yet.