Comments on: Automating MySQL access with expect and bash scripting http://mysqlpreacher.com/wordpress/2010/02/automating-mysql-access-with-expect-and-bash-scripting/ A MySQL blog, from a MySQL DBA Sat, 24 Jul 2010 03:49:07 -0700 http://wordpress.org/?v=2.9.2 hourly 1 By: Darren Cassar http://mysqlpreacher.com/wordpress/2010/02/automating-mysql-access-with-expect-and-bash-scripting/comment-page-1/#comment-148 Darren Cassar Thu, 04 Mar 2010 15:49:23 +0000 http://mysqlpreacher.com/wordpress/?p=327#comment-148 SSH keys is indeed a more secure option and is easily integrated in the scripts above but as regards having a password in my.cnf, it's something I always considered unsafe as incorrect permissions on the my.cnf file can open up mysql access. Also, anyone with root access would be able to cat the file as root and extract any passwords. It's not difficult to harvest for such entries where a "grep -i pass `find / -name *` 2> /dev/null". A one liner which would yield a whole list of password entries like the one you mentioned! SSH keys is indeed a more secure option and is easily integrated in the scripts above but as regards having a password in my.cnf, it’s something I always considered unsafe as incorrect permissions on the my.cnf file can open up mysql access. Also, anyone with root access would be able to cat the file as root and extract any passwords. It’s not difficult to harvest for such entries where a “grep -i pass `find / -name *` 2> /dev/null”. A one liner which would yield a whole list of password entries like the one you mentioned!

]]> By: ahes http://mysqlpreacher.com/wordpress/2010/02/automating-mysql-access-with-expect-and-bash-scripting/comment-page-1/#comment-147 ahes Sat, 27 Feb 2010 14:44:42 +0000 http://mysqlpreacher.com/wordpress/?p=327#comment-147 You open doors with a shotgun. Much better way to do this is to create pair of ssh RSA keys with empty passphrase and put public key on every server in ~/.ssh/authorized_keys file. Now, to not use login and password to log in into mysql you can create on every machine file ~/.my.cnf with content: [client] user = mysql_user_login password = here_goes_password host = localhost After that you after command 'mysql' you will be authenticated automagically. To perform actions in parallel you can use 'pssh' package - can be found at http://www.theether.org/pssh/ or in Debian repository. If you are afraid login via ssh without password you can create a key with passphrase and configure ssh-agent to put the right passphrase on every login. Alternatively to perform parallel actions you can use cluster ssh software (cssh). It is written in tcl/tk and you can see several terminals at once and run commands simultaneously. In MS Windows environment there is an excellent Putty Connection Manager. You can define several putty connections and run it in the grid. Then as in cssh you can use built-in multi command sender. You open doors with a shotgun. Much better way to do this is to create pair of ssh RSA keys with empty passphrase and put public key on every server in ~/.ssh/authorized_keys file.

Now, to not use login and password to log in into mysql you can create on every machine file ~/.my.cnf with content:

[client]
user = mysql_user_login
password = here_goes_password
host = localhost

After that you after command ‘mysql’ you will be authenticated automagically.

To perform actions in parallel you can use ‘pssh’ package – can be found at http://www.theether.org/pssh/ or in Debian repository.

If you are afraid login via ssh without password you can create a key with passphrase and configure ssh-agent to put the right passphrase on every login.

Alternatively to perform parallel actions you can use cluster ssh software (cssh). It is written in tcl/tk and you can see several terminals at once and run commands simultaneously.

In MS Windows environment there is an excellent Putty Connection Manager. You can define several putty connections and run it in the grid. Then as in cssh you can use built-in multi command sender.

]]>