How to Allow Remote Connections to MySQL

Without exposing yourself to being hacked

If you’re working with aMySQL database, then you’re already aware of the challenges you face in keeping your database secure. From database hacking attempts using SQL injections to brute force attacks, it’s difficult to keep your data safe, especially if you’re working with a database remotely.

There are ways to configure an SQL server to allow remote connections, but you need to be careful, as allowing remote connections on a MySQL server can make your database an easy target for hackers. If you want to allow secure, remote connections to a MySQL database, here’s what you’ll need to know.

Before You Begin

Before you make any changes to your MySQL database, it’s important that youbackup your database, especially if you’re working on a production server (a server in active use). Any changes you make to your database, or the server hosting it, could result in serious data loss if something goes wrong.

You may also find that changes to your server’s connections may prevent you from accessing it afterward. If this happens, you may need to consult with a server administrator for further support. A good idea is to trial any changes on a locally-run MySQL server to check if your changes work before trying them remotely.

It’s also likely that if you’re making changes to a remote server, you’ll need a safe way to connect and make changes.SSH (Secure Shell)is often the best way to do this, as it allows you to connect to your remote server. You can also use SSH to connect to servers on your local network, such as thosehosted on a Raspberry Pi.

This guide will lead you through the steps to configuring MySQL to allow remote connections, but you’ll need to ensure you have direct or remote access to the server hosting your MySQL server first.

Suppose you don’t have remote access to your server via SSH (for example). In that case, you won’t be able to configure your MySQL database to allow remote connections directly unless your root mySQL account already allows remote connections. So, you will need to establish this connection first before you can proceed.

Editing Your MySQL Configuration File

The first step in configuring MySQL to allow remote connections is to edit your MySQL configuration file. By this stage, this guide will assume you have already connected to the server, PC, or Mac hosting your mySQL database remotely and have console access.

Alternatively, you can configure a local MySQL server using an open terminal on Mac or Linux or a text editor on Windows.

The locations referenced above are the default locations for MySQL configuration files. If these commands don’t work, you’ll need to search for the relevant files (my.cnf,mysqld.cnf, ormy.ini) manually to locate the relevant file path.

If you’re unsure of the correct service name on Windows, typenet startto find it.If you can’t reload your configuration, restart your server and reload MySQL manually (if necessary) instead.

Configuring Your Firewalls

At this stage, your MySQL database should allow remote connections from devices using the IP address you set as thebind-addressvalue in your MySQL configuration file (or from all devices if you set this value to0.0.0.0instead). However, connections will still be blocked by yourdevice or network firewall.

Most servers and PCs use a firewall to block connections unless access to a specific port is granted. The steps to configure this will vary, depending on whether you’re running MySQL on Windows or Linux. Mac firewalls are disabled by default, so you shouldn’t need to complete any additional steps here.

Many Linux servers useiptablesas the default firewall utility. You can configure it by following the steps below.

If iptables isn’t the default firewall tool for your Linux distribution, you’ll need to consult your distribution’s user manual for more information. If certain packages (such asnetfilter-persistent) are unavailable, use your distribution’s software repository tool to install it (eg.sudo apt install netfilter-persistent).

If you’re using a Windows PC or server to host your database, you can configure your firewall using these steps:

If you have trouble connecting, repeat these steps above, making sure to create a newoutbound rulein your firewall settings using the same details (port 3306, etc). You may also need to configure your local network router toopen the necessary blocked portsto allow inbound and outbound connections to your database.

Connecting to a Remote Server Using MySQL

After configuring your MySQL database to allow remote connections, you’ll need to actually establish a connection to it. You can do this using themysqlcommand (mysql.exeon Windows) from a terminal or PowerShell window.

If you’re running Windows, you will need to make sure thatMySQL is installed locallybefore you begin. Mac users can install MySQL using homebrew from the terminal (brew install mysql), while Linux users can use their local app repository (eg.sudo apt install mysql) to install the necessary packages.

If this doesn’t work, connect to the server or PC hosting your MySQL server using SSH (or access it directly) using these steps and using the-h localhostargument. You can then create a suitable user account by following the steps below.

Allowing Remote User Access to a MySQL Database

By this point, you should be able to connect to your MySQL server remotely using your server’s root user account or another user account with elevated privileges. As this level of access is unsafe, you may prefer to create a more restricted account for accessing your MySQL database.

This account will have limited access to your MySQL server, allowing it to interact with only selected databases. It won’t be able to make more serious changes, such as accessing other database data, creating new user accounts, etc.

You’ll need to have the ability to sign into your MySQL server remotely. If you can’t use your root account remotely, you’ll need to access your server’s shell using themysqlcommand via a remote SSH connection or by directly accessing the PC or server hosting the server.

With access granted, use the steps in the section above to connect to your server remotely using your new account (eg.mysql -u username -h X.X.X.X:XXXX -p).

Securing Your Database Data

Whether you’re working with MySQL or another type of SQL database, it’s important to keep your connections secure to maintain your data security. A good way to do this is togenerate SSH keys for remote accessto your server, rather than relying on outdated (and easily guessable) passwords.

If you’re worried about data loss, you can easilyback up your databaseonline. Most databases are run using Linux servers—you canautomate a Linux file backup easily. If you’re running MySQL on Windows, you can set up a similarautomatic backup system for Windows, allowing you to restore your data in an emergency.

Ben Stockton is a freelance technology writer based in the United Kingdom. In a past life, Ben was a college lecturer in the UK, training teens and adults. Since leaving the classroom, Ben has taken his teaching experience and applied it to writing tech how-to guides and tutorials, specialising in Linux, Windows, and Android. He has a degree in History and a postgraduate qualification in Computing.Read Ben’s Full Bio

Welcome to Help Desk Geek- a blog full of tech tips from trusted tech experts. We have thousands of articles and guides to help you troubleshoot any issue. Our articles have been read over 150 million times since we launched in 2008.

HomeAbout UsEditorial StandardsContact UsTerms of Use

How to Allow Remote Connections to MySQL#

Before You Begin#

Editing Your MySQL Configuration File#

Configuring Your Firewalls#

Connecting to a Remote Server Using MySQL#

Allowing Remote User Access to a MySQL Database#

Securing Your Database Data#