# MariaDB and telnet



## lucas1 (Oct 8, 2021)

Good afternoon. 
There is a server mysql MariaDB104.
bind-address - commented out.

But for some reason with telnet from remote computers on port 3306:

Host hostname.com is not allowed to connect to this MariaDB server

With a similar other server on Fedora33 telnet on port 3306 all OK.

With a similar other server on FreeBSD, but with MySql 5.7.33, telnet on port 3306 all OK.


----------



## eternal_noob (Oct 8, 2021)

telnet? TELNET?


> Experts in computer security, such as SANS Institute, recommend that the use of Telnet for remote logins should be discontinued under all normal circumstances











						Telnet - Wikipedia
					






					en.wikipedia.org
				




How about to `ssh` into the box and use the `mysql` command?


----------



## lucas1 (Oct 8, 2021)

I didn't ask about security.
And about ssh too.


----------



## SirDice (Oct 8, 2021)

I don't think the OP is using telnet(1) to connect to his remote system, he's just using telnet(1) to test if he can connect to port 3306 of MariaDB/MySQL.

But don't use telnet(1) for this, use nc(1). Telnet spews a bunch of telnet related codes when it connects to a remote system, nc(1) doesn't.


----------



## eternal_noob (Oct 8, 2021)

lucas1 said:


> I didn't ask about security.
> And about ssh too.


That doesn't matter. If i see someting stupid, i name it.



SirDice said:


> he's just using telnet(1) to test if he can connect to port 3306 of MariaDB/MySQL


He wrote about "remote computers".


----------



## lucas1 (Oct 8, 2021)

test if he can connect to port 3306 of MariaDB/MySQL  - exactly.


----------



## SirDice (Oct 8, 2021)

eternal_noob said:


> He wrote about "remote computers".


Yes, to test if port 3306 is accessible from a _remote_ computer.

I think there is a difference in the way various versions of MySQL and MariaDB handle a situation when `bind-address` isn't configured. Some might default to listening on 0.0.0.0 (and thus default to opening a remotely accessible port), while others default to binding to 127.0.0.1 or only a file socket. Check the default configurations, different versions and different implementations have different default configurations. Also Fedora and FreeBSD might have a different default my.cnf.


----------



## lucas1 (Oct 8, 2021)

eternal_noob said:


> That doesn't matter. If i see someting stupid, i name it.
> 
> 
> He wrote about "remote computers".


you write something on the question, not stupid.


----------



## eternal_noob (Oct 8, 2021)

Sorry, i thought you wanted to connect to a remote compute via telnet. I apologize.


----------



## Alain De Vos (Oct 8, 2021)

nc 127.0.0.1 3306 
or 
telnet 127.0.0.1 3306


----------



## sko (Oct 8, 2021)

SirDice said:


> I think there is a difference in the way various versions of MySQL and MariaDB handle a situation when `bind-address` isn't configured. Some might default to listening on 0.0.0.0 (and thus default to opening a remotely accessible port), while others default to binding to 127.0.0.1 or only a file socket. Check the default configurations, different versions and different implementations have different default configurations. Also Fedora and FreeBSD might have a different default my.cnf.



IIRC mariadb listens only on a socket if no `bind-address` is set and `bind-addres *` refers to only the loopback address (127.0.0.1). a quick `sockstat | grep mariadbd` will show where it is actually listening. Usually you don't want your DB to be accessible from the outside world, so these defaults are perfectly reasonable.

Manpages and documentation for mariadb/mysql are horribly incomplete or non-existent (i.e. no manpage for my.cnf), so you have to find most information somewhere else. That's one of the reasons why I usually try to avoid mysql/mariadb like the plague and use postgresql if I absolutely have to use a DB...


----------



## covacat (Oct 8, 2021)

mariadb might be compiled with tcpwrappers so you may need to edit hosts.allow


----------



## richardtoohey2 (Oct 10, 2021)

I think it might be a permissions issue - you need to grant privileges to that_user@that_host or that_user@that_ip.


----------



## SirDice (Oct 11, 2021)

richardtoohey2 said:


> I think it might be a permissions issue - you need to grant privileges to that_user@that_host or that_user@that_ip.


User grants aren't going to stop you from connecting to the network socket. You won't be able to login if the host filter doesn't match but you're still able to make a network connection to the port.


----------

