在命令行中连接TiDB的过程中,为了保护密码不被明文获取,可以使用非明文密码连接。本文记录了几种非明文连接 TiDB 的方式。
方式一:命令行输入方式
[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86
ERROR 1045 (28000): Access denied for user 'root'@'10.0.0.83' (using password: NO)
[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 691323
Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
正常方式下需要通过 -p 输入密码的方式连接 TiDB。
方式二:环境变量方式
[root@iZuf6d7xln13sovvijl68rZ ~]# export MYSQL_PWD=passw0RD
[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 691477
Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
通过设定 MYSQL_PWD 环境变量方式,可以直接在命令行连接时传入密码,不需要指定 -p 选项。
取消 MYSQL_PWD 环境变量设置的步骤如下:
[root@iZuf6d7xln13sovvijl68rZ ~]# export MYSQL_PWD=
[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86
ERROR 1045 (28000): Access denied for user 'root'@'10.0.0.83' (using password: NO)
方式三:配置文件方式
在 /etc/my.cnf 配置下添加 [mysql] 对应的配置
[root@iZuf6d7xln13sovvijl68rZ ~]# head -n2 /etc/my.cnf
[mysql]
password=passw0RD
[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 691787
Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
取消设置只需要将 my.cnf 中的配置文件删除即可。
方式四:mysql_config_editor 方式
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor print --all
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor set --login-path=test --user=root --host=10.0.0.83 --port=3000 --password
Enter password:
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor print --all
[test]
user = root
password = *****
host = 10.0.0.83
port = 3000
[root@iZuf6d7xln13sovvijl68rZ ~]# cat /root/.mylogin.cnf
��2"�
�?��│�Ũ�ٹ De����6ɡ⎽�_ �▒ȍ ;
]��┐�
↑ �/F?;d��J
⎻[⎼⎺⎺├@☃Z┤°6d7│┌┼13⎽⎺┴┴☃┘┌68⎼Z ·]#
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql --login-path=test
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 753
Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \q
取消设置按照如下步骤:
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor remove --login-path=test
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor print --all
[root@iZuf6d7xln13sovvijl68rZ ~]#
方式五:Socket 方式连接
Socket 方式只能本地连接
[root@iZuf6d7xln13sovvijl68rZ scripts]# cd /tidb-deploy/tidb-3000/scripts
[root@iZuf6d7xln13sovvijl68rZ scripts]# cat run_tidb.sh
#!/bin/bash
set -e
# WARNING: This file was auto-generated. Do not edit!
# All your edit might be overwritten!
DEPLOY_DIR=/tidb-deploy/tidb-3000
cd "${DEPLOY_DIR}" || exit 1
exec env GODEBUG=madvdontneed=1 bin/tidb-server \
-P 3000 \
--status="10080" \
--host="0.0.0.0" \
--advertise-address="10.0.0.83" \
--store="tikv" \
--initialize-insecure \
--path="10.0.1.185:2379,10.0.2.29:2379,10.0.0.88:2379" \
--log-slow-query="/tidb-deploy/tidb-3000/log/tidb_slow_query.log" \
--config=conf/tidb.toml \
--socket="/tidb-deploy/tidb-3000/tidb.sock" \
--log-file="/tidb-deploy/tidb-3000/log/tidb.log" 2>> "/tidb-deploy/tidb-3000/log/tidb_stderr.log"
[root@iZuf6d7xln13sovvijl68rZ scripts]# tiup cluster restart tidb-prod -N 10.0.0.83:3000
[root@iZuf6d7xln13sovvijl68rZ scripts]# ps -ef | grep tidb-server
root 15153 1 4 17:25 ? 00:00:00 bin/tidb-server -P 3000 --status=10080 --host=0.0.0.0 --advertise-address=10.0.0.83 --store=tikv --initialize-insecure --path=10.0.1.185:2379,10.0.2.29:2379,10.0.0.88:2379 --log-slow-query=/tidb-deploy/tidb-3000/log/tidb_slow_query.log --config=conf/tidb.toml --socket=/tidb-deploy/tidb-3000/tidb.sock --log-file=/tidb-deploy/tidb-3000/log/tidb.log
root 15292 12885 0 17:26 pts/9 00:00:00 grep --color=auto tidb-server
[root@iZuf6d7xln13sovvijl68rZ scripts]# ll /tidb-deploy/tidb-3000/tidb.sock
srwxr-xr-x 1 root root 0 5月 5 17:25 /tidb-deploy/tidb-3000/tidb.sock
[root@iZuf6d7xln13sovvijl68rZ scripts]# mysql -uroot -hlocalhost -S /tidb-deploy/tidb-3000/tidb.sock
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 403
Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> show processlist;
+------+------+-----------+------+---------+------+------------+------------------+
| Id | User | Host | db | Command | Time | State | Info |
+------+------+-----------+------+---------+------+------------+------------------+
| 403 | root | localhost | NULL | Query | 0 | autocommit | show processlist |
+------+------+-----------+------+---------+------+------------+------------------+
1 row in set (0.00 sec)