远程服务器上的mysqldump使用SSL
1- SSL安全
192.168.0.101-远程服务器
192.168.0.102-本地服务器
Remore服务器
CREATE USER 'backup_remote_2'@'192.168.0.102' IDENTIFIED WITH caching_sha2_password BY '3333333' REQUIRE SSL;
GRANT ALL PRIVILEGES ON *.* TO 'backup_remote_2'@'192.168.0.102';
FLUSH PRIVILEGES;
--
本地服务器
sudo /usr/local/mysql/bin/mysqldump \
--databases test_1 \
--host=192.168.0.101 \
--user=backup_remote_2 \
--password=3333333 \
--master-data \
--set-gtid-purged \
--events \
--triggers \
--routines \
--verbose \
--ssl-mode=REQUIRED \
--result-file=/home/db_1.sql
===================================
2-SSL安全性(REQUIRE X509)
192.168.0.101-远程服务器
192.168.0.102-本地服务器
Remore服务器
CREATE USER 'backup_remote'@'192.168.0.102' IDENTIFIED WITH caching_sha2_password BY '1111111' REQUIRE X509;
GRANT ALL PRIVILEGES ON *.* TO 'backup_remote'@'192.168.0.102';
FLUSH PRIVILEGES;
--
本地服务器
sudo /usr/local/mysql/bin/mysqldump \
--databases test_1 \
--host=192.168.0.101 \
--user=backup_remote \
--password=1111111 \
--events \
--triggers \
--routines \
--verbose \
--ssl-mode=VERIFY_CA \
--ssl-ca=/usr/local/mysql/data/ssl/ca.pem \
--ssl-cert=/usr/local/mysql/data/ssl/client-cert.pem \
--ssl-key=/usr/local/mysql/data/ssl/client-key.pem \
--result-file=/home/db_name.sql
[注意]
在本地服务器上
/ usr / local / mysql / data / ssl /
-rw------- 1 mysql mysql 1.7K Apr 16 22:28 ca-key.pem
-rw-r--r-- 1 mysql mysql 1.1K Apr 16 22:28 ca.pem
-rw-r--r-- 1 mysql mysql 1.1K Apr 16 22:28 client-cert.pem
-rw------- 1 mysql mysql 1.7K Apr 16 22:28 client-key.pem
从(REQUIRE X509)的远程服务器复制此文件,或者如果没有(REQUIRE X509)的SSL则不复制
在远程服务器上
/ usr / local / mysql / data /
-rw------- 1 mysql mysql 1.7K Apr 16 22:28 ca-key.pem
-rw-r--r-- 1 mysql mysql 1.1K Apr 16 22:28 ca.pem
-rw-r--r-- 1 mysql mysql 1.1K Apr 16 22:28 client-cert.pem
-rw------- 1 mysql mysql 1.7K Apr 16 22:28 client-key.pem
-rw------- 1 mysql mysql 1.7K Apr 16 22:28 private_key.pem
-rw-r--r-- 1 mysql mysql 451 Apr 16 22:28 public_key.pem
-rw-r--r-- 1 mysql mysql 1.1K Apr 16 22:28 server-cert.pem
-rw------- 1 mysql mysql 1.7K Apr 16 22:28 server-key.pem
my.cnf
[mysqld]
# SSL
ssl_ca=/usr/local/mysql/data/ca.pem
ssl_cert=/usr/local/mysql/data/server-cert.pem
ssl_key=/usr/local/mysql/data/server-key.pem
提高密码安全性
https://dev.mysql.com/doc/refman/8.0/zh-CN/password-security-user.html