- 更新系统包索引
bash
sudo apt update
sudo apt upgrade -y- 安装MySQL
bash
sudo apt install mysql-server -y检查MySQL服务状态
bash
sudo systemctl status mysql运行MySQL安全配置脚本
bash
sudo mysql_secure_installation
bash
设置root密码
删除匿名用户
容许root远程登录
删除测试数据库
重新加载权限表
bash
sudo mysql_secure_installation
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No:
Skipping password set for root as authentication with auth_socket is used by default.
If you would like to use password authentication instead, this can be done with the "ALTER_USER" command.
See https://dev.mysql.com/doc/refman/8.0/en/alter-user.html#alter-user-password-management for more information.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) :
... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done!1. 设置root用户密码
登录到MySQL:
bash
sudo mysql
bash
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '新密码';
FLUSH PRIVILEGES;2. 允许root用户从任何主机连接
MySQL 8.0中,需要创建一个新的root用户条目,允许从任何主机连接:
bash
CREATE USER 'root'@'%' IDENTIFIED BY '新密码';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;3. 配置MySQL监听所有网络接口
bash
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
bash
#bind-address = 127.0.0.1
bind-address = 0.0.0.0
#mysqlx-bind-address = 127.0.0.1
mysqlx-bind-address = 0.0.0.04. 重启MySQL服务
bash
sudo systemctl restart mysql5. 配置防火墙允许MySQL连接
bash
sudo ufw allow mysql
sudo ufw allow 3306/tcp6. 查询用户表以查看认证插件信息
bash
mysql> SELECT user, host, plugin FROM mysql.user WHERE user='root';
+------+-----------+-----------------------+
| user | host | plugin |
+------+-----------+-----------------------+
| root | % | caching_sha2_password |
| root | localhost | mysql_native_password |
+------+-----------+-----------------------+
2 rows in set (0.00 sec)将远程root用户的认证插件更改为 mysql_native_password
bash
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '密码';
FLUSH PRIVILEGES;
bash
systemctl restart mysql7. 测试远程连接
bash
mysql -h 服务器IP地址 -P 3306 -u root -p8. 修改MySQL端口
bash
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
bash
port = 36009. 重启MySQL服务以应用更改
bash
sudo systemctl restart mysql10. 验证MySQL是否在新端口上监听
bash
sudo netstat -tlnp | grep mysql
sudo ss -tlnp | grep mysql
bash
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.01 sec)
mysql>