配置文件说明
默认路径:/etc/clickhouse-server/users.xml密码存储类型
明文密码(不推荐)
<password>qwerty</password> <!-- 直接明文存储 -->SHA256 哈希
<password_sha256_hex>5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8</password_sha256_hex># 生成随机密码并计算 SHA256 哈希
PASSWORD=$(base64 < /dev/urandom | head -c8); echo "密码: $PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'双 SHA1 哈希(兼容 MySQL 客户端)
<password_double_sha1_hex>2470c0c06dee42fd1618bb99005adca2ec9d1e19</password_double_sha1_hex># 生成随机密码并计算双 SHA1 哈希
PASSWORD=$(base64 < /dev/urandom | head -c8); echo "密码: $PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'创建账号
<users><!-- 示例:用户 "default" 使用 SHA256 密码 --><default><password_sha256_hex>5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8</password_sha256_hex><networks><ip>::/0</ip> <!-- 允许所有 IP 访问 --></networks><profile>default</profile><quota>default</quota></default><!-- 示例:用户 "admin" 使用双 SHA1 哈希 --><admin><password_double_sha1_hex>2470c0c06dee42fd1618bb99005adca2ec9d1e19</password_double_sha1_hex><access_management>1</access_management> <!-- 允许管理权限 --></admin>
</users>安全配置
限制 IP 访问
<networks><ip>192.168.1.0/24</ip> <!-- 允许局域网访问 --><ip>127.0.0.1</ip> <!-- 允许本地访问 -->
</networks>启用 SSL 加密(增强安全性)
<openSSL><server><certificateFile>/path/to/server.crt</certificateFile><privateKeyFile>/path/to/server.key</privateKeyFile><caConfig>/path/to/ca.crt</caConfig></server>
</openSSL>clickhouse-client 测试认证
基本连接命令
# 指定用户和密码连接
clickhouse-client --user <用户名> --password <密码>测试 default 示例
clickhouse-client --host 192.168.174.144 --port 19000 --user admin --password passwordClickHouse client version 25.2.1.3085 (official build).
Connecting to 192.168.174.144:19000 as user admin.
Connected to ClickHouse server version 25.2.1.cluster_3s2r node 1 :) 查看当前用户
SELECT currentUser();
验证权限
show databases; 
MySQL 客户端测试认证
连接测试
mysql -h 192.168.174.144 -P 9004 -u admin -ppasswordmysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 0
Server version: 25.2.1.3085-ClickHouse Copyright (c) 2000, 2023, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> 验证权限
