clickhouse 开启认证

配置文件说明

默认路径:/etc/clickhouse-server/users.xml

密码存储类型

明文密码(不推荐)

<password>qwerty</password>  <!-- 直接明文存储 -->

SHA256 哈希

<password_sha256_hex>5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8</password_sha256_hex>
# 生成随机密码并计算 SHA256 哈希
PASSWORD=$(base64 < /dev/urandom | head -c8); echo "密码: $PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'

双 SHA1 哈希(兼容 MySQL 客户端)

<password_double_sha1_hex>2470c0c06dee42fd1618bb99005adca2ec9d1e19</password_double_sha1_hex>
# 生成随机密码并计算双 SHA1 哈希
PASSWORD=$(base64 < /dev/urandom | head -c8); echo "密码: $PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'

创建账号

<users>
    <!-- 示例:用户 "default" 使用 SHA256 密码 -->
    <default>
        <password_sha256_hex>5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8</password_sha256_hex>
        <networks>
            <ip>::/0</ip> <!-- 允许所有 IP 访问 -->
        </networks>
        <profile>default</profile>
        <quota>default</quota>
    </default>

    <!-- 示例:用户 "admin" 使用双 SHA1 哈希 -->
    <admin>
        <password_double_sha1_hex>2470c0c06dee42fd1618bb99005adca2ec9d1e19</password_double_sha1_hex>
        <access_management>1</access_management> <!-- 允许管理权限 -->
    </admin>
</users>

安全配置

限制 IP 访问

<networks>
    <ip>192.168.1.0/24</ip> <!-- 允许局域网访问 -->
    <ip>127.0.0.1</ip>      <!-- 允许本地访问 -->
</networks>

启用 SSL 加密(增强安全性)

<openSSL>
    <server>
        <certificateFile>/path/to/server.crt</certificateFile>
        <privateKeyFile>/path/to/server.key</privateKeyFile>
        <caConfig>/path/to/ca.crt</caConfig>
    </server>
</openSSL>

clickhouse-client 测试认证

基本连接命令

# 指定用户和密码连接
clickhouse-client --user <用户名> --password <密码>

测试 default 示例

clickhouse-client --host 192.168.174.144  --port 19000 --user admin --password password
ClickHouse client version 25.2.1.3085 (official build).
Connecting to 192.168.174.144:19000 as user admin.
Connected to ClickHouse server version 25.2.1.

cluster_3s2r node 1 :)

查看当前用户

SELECT currentUser();

验证权限

show databases;

 

MySQL 客户端测试认证

连接测试

mysql   -h 192.168.174.144  -P 9004 -u admin -ppassword
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 0
Server version: 25.2.1.3085-ClickHouse 

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

验证权限

posted @ 2025-03-14 19:12  小吉猫  阅读(93)  评论(0)    收藏  举报