Changing MySQL port

Forum Moderators: open

Message Too Old, No Replies

Changing MySQL port

csdude55

9:16 pm on May 17, 2021 (gmt 0)

I feel like I did this on my old server several years ago... is it as simple as adding this to /etc/my.cnf?

port = some-random-4-digit-number

and then making sure that port is open in the firewall, then restarting MySQL? Or, in my case, MariaDB 10.x.

I ask in advance because I don't want to accidentally lock myself out or break something... I've had a bad enough weekend, I don't need to extend it to the rest of the week! LOL

graeme_p

6:57 am on May 18, 2021 (gmt 0)

The config looks right and should be easy to reverse.

On the other hand, do you really need remote access to the DB? If so, have you considered ssh tunnelling to it instead? Less convenient but keeping fewer ports open is always good (I am assuming you have ssh running, of course).

lammert

7:52 am on May 18, 2021 (gmt 0)

Opening a MySQL/MariaDB port to the outside is as dangerous as it sounds, even if you change the port. Port scanners will quite easily find the port because the response of the server will give away it is there. Basically it responds with "Host XXX is not allowed to connect to this MariaDB server". Once a hacker has determined a MariaDB server is answering on that port, the fun begins.

Tunneling the connection is a much better idea as @graeme_p suggests. If the tunnel fails there is no open connection to the database and all communication is encrypted. Even a man in the middle attack will have no idea what kind of traffic is exchanged over the tunnel.