作者: GangShen 原文来源: https://tidb.net/blog/6794a34b
在命令行中连接TiDB的过程中,为了保护密码不被明文获取,可以使用非明文密码连接。本文记录了几种非明文连接 TiDB 的方式。
方式一:命令行输入方式
[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86ERROR 1045 (28000): Access denied for user 'root'@'10.0.0.83' (using password: NO)[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86 -pEnter password:Welcome to the MariaDB monitor. Commands end with ; or \g.Your MySQL connection id is 691323Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatibleCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MySQL [(none)]>
正常方式下需要通过 -p 输入密码的方式连接 TiDB。
方式二:环境变量方式
[root@iZuf6d7xln13sovvijl68rZ ~]# export MYSQL_PWD=passw0RD[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86Welcome to the MariaDB monitor. Commands end with ; or \g.Your MySQL connection id is 691477Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatibleCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MySQL [(none)]>
通过设定 MYSQL_PWD 环境变量方式,可以直接在命令行连接时传入密码,不需要指定 -p 选项。
取消 MYSQL_PWD 环境变量设置的步骤如下:
[root@iZuf6d7xln13sovvijl68rZ ~]# export MYSQL_PWD=[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86ERROR 1045 (28000): Access denied for user 'root'@'10.0.0.83' (using password: NO)
方式三:配置文件方式
在 /etc/my.cnf 配置下添加 [mysql] 对应的配置
[root@iZuf6d7xln13sovvijl68rZ ~]# head -n2 /etc/my.cnf[mysql]password=passw0RD[root@iZuf6d7xln13sovvijl68rZ ~]# mysql -uroot -P4000 -h10.0.0.86Welcome to the MariaDB monitor. Commands end with ; or \g.Your MySQL connection id is 691787Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatibleCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MySQL [(none)]>
取消设置只需要将 my.cnf 中的配置文件删除即可。
方式四:mysql_config_editor 方式
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor print --all[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor set --login-path=test --user=root --host=10.0.0.83 --port=3000 --passwordEnter password:[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor print --all[test]user = rootpassword = *****host = 10.0.0.83port = 3000[root@iZuf6d7xln13sovvijl68rZ ~]# cat /root/.mylogin.cnf��2"��?��│�Ũ�ٹ De����6ɡ⎽�_ �▒ȍ ;]��┐�↑ �/F?;d��J⎻[⎼⎺⎺├@☃Z┤°6d7│┌┼13⎽⎺┴┴☃┘┌68⎼Z ·]#[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql --login-path=testWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 753Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatibleCopyright (c) 2000, 2022, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> \q
取消设置按照如下步骤:
[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor remove --login-path=test[root@iZuf6d7xln13sovvijl68rZ ~]# ./mysql_config_editor print --all[root@iZuf6d7xln13sovvijl68rZ ~]#
方式五:Socket 方式连接
Socket 方式只能本地连接
[root@iZuf6d7xln13sovvijl68rZ scripts]# cd /tidb-deploy/tidb-3000/scripts[root@iZuf6d7xln13sovvijl68rZ scripts]# cat run_tidb.sh#!/bin/bashset -e# WARNING: This file was auto-generated. Do not edit!# All your edit might be overwritten!DEPLOY_DIR=/tidb-deploy/tidb-3000cd "${DEPLOY_DIR}" || exit 1exec env GODEBUG=madvdontneed=1 bin/tidb-server \-P 3000 \--status="10080" \--host="0.0.0.0" \--advertise-address="10.0.0.83" \--store="tikv" \--initialize-insecure \--path="10.0.1.185:2379,10.0.2.29:2379,10.0.0.88:2379" \--log-slow-query="/tidb-deploy/tidb-3000/log/tidb_slow_query.log" \--config=conf/tidb.toml \--socket="/tidb-deploy/tidb-3000/tidb.sock" \--log-file="/tidb-deploy/tidb-3000/log/tidb.log" 2>> "/tidb-deploy/tidb-3000/log/tidb_stderr.log"[root@iZuf6d7xln13sovvijl68rZ scripts]# tiup cluster restart tidb-prod -N 10.0.0.83:3000[root@iZuf6d7xln13sovvijl68rZ scripts]# ps -ef | grep tidb-serverroot 15153 1 4 17:25 ? 00:00:00 bin/tidb-server -P 3000 --status=10080 --host=0.0.0.0 --advertise-address=10.0.0.83 --store=tikv --initialize-insecure --path=10.0.1.185:2379,10.0.2.29:2379,10.0.0.88:2379 --log-slow-query=/tidb-deploy/tidb-3000/log/tidb_slow_query.log --config=conf/tidb.toml --socket=/tidb-deploy/tidb-3000/tidb.sock --log-file=/tidb-deploy/tidb-3000/log/tidb.logroot 15292 12885 0 17:26 pts/9 00:00:00 grep --color=auto tidb-server[root@iZuf6d7xln13sovvijl68rZ scripts]# ll /tidb-deploy/tidb-3000/tidb.socksrwxr-xr-x 1 root root 0 5月 5 17:25 /tidb-deploy/tidb-3000/tidb.sock[root@iZuf6d7xln13sovvijl68rZ scripts]# mysql -uroot -hlocalhost -S /tidb-deploy/tidb-3000/tidb.sockWelcome to the MariaDB monitor. Commands end with ; or \g.Your MySQL connection id is 403Server version: 5.7.25-TiDB-v6.1.0-alpha TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatibleCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MySQL [(none)]> show processlist;+------+------+-----------+------+---------+------+------------+------------------+| Id | User | Host | db | Command | Time | State | Info |+------+------+-----------+------+---------+------+------------+------------------+| 403 | root | localhost | NULL | Query | 0 | autocommit | show processlist |+------+------+-----------+------+---------+------+------------+------------------+1 row in set (0.00 sec)
)
)
— 配置文件yolov5s.yaml)
)