1. AOMEI Cyber Backup >
  2. Enterprise Backup Solutions >
  3. How to Fix Public Retrieval is Not Allowed [4 Methods]

How to Fix Public Retrieval is Not Allowed [4 Methods]

Public Key Retrieval Not Allowed errors can cause problems, especially when connecting to MySQL 8.0+ databases. For example, authentication failures, disruptions in applications and services, and deployment and integration issues. so resolving the issue as soon as possible is what we need to do.

Amelia

By Amelia / Updated on March 17, 2025

Share this: instagram reddit
Table of Contents

Don't panic when you encounter a public key retrieval error in your database, especially when connecting your application to MySQL or other databases; this is a common error. When using MySQL's cache_sha2_password authentication method and the client tries to retrieve the public key dynamically, a message that public key retrieval is not allowed usually appears. In this article, you will be provided with the reason for this error and how to resolve it.

public key retrieval is not allowed

What Causes the Public Key Retrieval is Not Allowed Error

This error occurs when a MySQL client or application attempts to authenticate with a user account that uses cache_sha2_password (the default authentication method for MySQL 8.0+.) The MySQL client needs the public key to encrypt the password before sending it to the server, and if the public key is not available, the client requests its use. However, for security reasons, MySQL does not automatically retrieve the public key unless explicitly permitted.

The following are some common situations that may cause the error.

  • Connecting to a remote MySQL server using JDBC (Java Database Connectivity).
  • Using an authentication plug-in that requires a public key but restricts retrieval.
  • Client- or server-side security settings are misconfigured.

Solutions to Public Key Retrieval is Not Allowed

There are several ways to work around the fact that public key retrieval is not allowed, and the choice depends specifically on the server's security policy and access rights.

Method 1. Allow Public Key Retrieval in JDBC Connection String

If you are using a JDBC connection, you can enable public key retrieval by adding the parameter allowPublicKeyRetrieval=true to the connection URL:

String url = "jdbc:mysql://your-database-url:3306/db_name?user=root&password=yourpassword&allowPublicKeyRetrieval=true&useSSL=false";
Connection conn = DriverManager.getConnection(url);

Method 2. Using Secure SSL Connections

Instead of relying on public key retrieval, you can use SSL/TLS encryption to secure the connection:

1. Ensure the MySQL server is configured with SSL (require_secure_transport=ON).

2. Modify the JDBC connection URL to use SSL:

String url = "jdbc:mysql://your-database-url:3306/db_name?useSSL=true&requireSSL=true";

Method 3. Manually Retrieve and Specify the Public Key

A more secure approach is to manually download and specify the public key in the JDBC connection.

  • Retrieve the public key from the MySQL server:
SHOW VARIABLES LIKE 'caching_sha2_password_public_key';
  • Save the key to a file, e.g., public_key.pem.
  • Modify the JDBC connection to use the key:
String url = "jdbc:mysql://your-database-url:3306/db_name?user=root&password=yourpassword&serverPublicKey=path/to/public_key.pem";

Method 4. Change the Authentication Method

If your MySQL server allows it, switching from caching_sha2_password to mysql_native_password can eliminate the need for public key retrieval.

1. Log in to MySQL as an administrator:

ALTER USER 'your_user'@'%' IDENTIFIED WITH mysql_native_password BY 'yourpassword';
FLUSH PRIVILEGES;

2. Restart the MySQL server if necessary.

Backup Your Data In Case an Error Occurs and Data Loss

If you suffer an error or experience another disaster, you may be at risk of data loss. Therefore, to ensure the safety of your data, you can adopt a regular backup strategy. AOMEI Cyber Backup is an easy-to-use backup software that provides backup solutions for SQL databases, virtual machines, system backups, and more.

You can enjoy the following features when using AOMEI Cyber Backup:

Remote Backup Database within LAN: It allows you to remotely back up single or multiple databases while monitoring the network speed and available disk space of these computers to avoid failures.

Easy to Restore: Restore SQL databases to another computer through an intuitive interface without complicated backup procedures.

Role-Assignment: It allows one administrator to create subaccounts with limited privilege, effectively reducing administration costs and manual errors.

Agentless Backup: It can perform backups without installing any agents on your VMs, reducing system overhead and simplifying the backup process.

Download FreewareMicrosoft SQL Server 2005-2022
Centralized and Secure SQL Backup

Conclusion

The public key retrieval disallow error is a MySQL security feature used to prevent unauthorized access to public keys. The article provides four methods to help you resolve public key retrieval is not allowed, and you can choose one that meets the requirements. For example, allowPublicKeyRetrieval=true solves the problem quickly but is not recommended for production use; SSL encryption, manually specifying the public key, or changing the authentication method can provide a more secure alternative.

Amelia
Amelia · Editor
Amelia is an editor from AOMEI. Trained in professional systems, she specializes in solving problems in enterprise databases, virtual machines, and physical environments. With a high sense of responsibility, she is dedicated to protecting business data and security.

Related Articles

How to Backup and Restore PostgreSQL Database [A Comprehensive Guide]

Backup and restore PostgreSQL database can help users and business to protect data security, and make easy to restore when facing disaster. So, it is essential to configure backup and restore PostgreSQL database.

[Step-by-Step Guide] Restore SQL Server 2016 Backup to 2019

Having a SQL Server upgrade can enjoy a better experience of using SQL Server, you need to restore the SQL Server to the new server after a successful upgrade. We need to ensure a secure transfer to keep the data safe during this time.

How to Truncate and Shrink SQL Server Transaction Log

Truncating transaction logs can ensure better performance, easier management, and a more reliable recovery strategy for SQL Server database. This article provides you detailed steps to truncate transaction log in SQL Server, and some factor that can delay log truncate, also has a brief introduction to shrink transaction log.

How to Configure SQL Server Point-in-Time Recovery

SQL Server Point-in-Time recovery can help you minimize data loss, provides granular recovery options, and reduces downtime. After configuring point-in-time recovery and following the best practices, you can have a better experience while using point-in-time recovery.