How to Fix MySQL Error 1045: Access Denied for User ‘root’@’host-ip-address’


3 views

When attempting remote MySQL access, you might encounter:

ERROR 1045 (28000): Access denied for user 'root'@'x.x.x.x' (using password: YES)

This typically occurs when:

  • The user lacks remote access privileges
  • MySQL's bind-address restricts connections
  • Firewall rules block the port (default 3306)

First, check if MySQL is configured to accept remote connections:

SELECT Host, User FROM mysql.user;

If 'root' only shows 'localhost' in the Host column, you'll need to grant remote access:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;

1. MySQL Configuration File (typically my.cnf or my.ini):

[mysqld]
bind-address = 0.0.0.0  # Listen on all interfaces
skip-networking = OFF

2. Firewall Rules:

sudo ufw allow 3306/tcp
sudo iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

Test basic connectivity with:

telnet x.x.x.x 3306

If this fails, verify:

  • The MySQL service is running: sudo systemctl status mysql
  • Port 3306 is listening: sudo netstat -tulnp | grep 3306

For production environments, consider using SSH tunneling instead of direct remote access:

ssh -L 3306:localhost:3306 user@remote-server

Then connect locally:

mysql -u root -h 127.0.0.1 -p

When enabling remote root access:

  • Always use strong passwords
  • Consider creating application-specific users with limited privileges
  • Implement IP whitelisting where possible
CREATE USER 'app_user'@'client_ip' IDENTIFIED BY 'complex_password';
GRANT SELECT, INSERT, UPDATE ON database.* TO 'app_user'@'client_ip';

When attempting to connect to a MySQL server remotely, you might encounter the frustrating error:

ERROR 1045 (28000): Access denied for user 'root'@'x.x.x.x' (using password: YES)

This typically occurs when MySQL's authentication system rejects your connection attempt, but it's not necessarily a simple case of incorrect credentials.

The MySQL server automatically appends the client's hostname or IP address to the username when authenticating. This means 'root'@'localhost' and 'root'@'192.168.1.100' are treated as distinct users in MySQL's privilege system.

Key reasons for this error include:
- No explicit grant for the user@your_ip combination
- Bind address restrictions
- Password authentication failures
- MySQL privilege system limitations

First, check existing privileges from the MySQL server itself:

mysql> SELECT user, host FROM mysql.user;
mysql> SHOW GRANTS FOR 'root'@'%';

If your IP isn't listed, create appropriate privileges:

mysql> CREATE USER 'root'@'x.x.x.x' IDENTIFIED BY 'your_password';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'x.x.x.x' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;

Edit your MySQL configuration file (typically my.cnf or my.ini):

# Comment out bind-address or set to 0.0.0.0
# bind-address = 127.0.0.1
bind-address = 0.0.0.0

Restart MySQL after making changes.

If direct root access isn't working, try these alternatives:

# Connect via SSH tunnel
ssh -L 3306:localhost:3306 user@remote_server

# Then connect locally:
mysql -u root -h 127.0.0.1 -p

Verify network connectivity and MySQL port access:

telnet x.x.x.x 3306
# Or with newer systems:
nc -zv x.x.x.x 3306

Check your firewall rules on both client and server sides.

Before implementing these solutions in production, consider:
- Using non-root users for remote connections
- Implementing SSH tunneling
- Restricting access to specific IPs
- Using strong passwords
- Regularly auditing user privileges