- 更新系统包索引
sudo apt update
sudo apt upgrade -y
- 安装MySQL
sudo apt install mysql-server -y
检查MySQL服务状态
sudo systemctl status mysql
运行MySQL安全配置脚本
sudo mysql_secure_installation
设置root密码
删除匿名用户
容许root远程登录
删除测试数据库
重新加载权限表
sudo mysql_secure_installation
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No:
Skipping password set for root as authentication with auth_socket is used by default.
If you would like to use password authentication instead, this can be done with the "ALTER_USER" command.
See https://dev.mysql.com/doc/refman/8.0/en/alter-user.html#alter-user-password-management for more information.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) :
... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done!
1. 设置root用户密码
登录到MySQL:
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '新密码';
FLUSH PRIVILEGES;
2. 允许root用户从任何主机连接
MySQL 8.0中,需要创建一个新的root用户条目,允许从任何主机连接:
CREATE USER 'root'@'%' IDENTIFIED BY '新密码';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
3. 配置MySQL监听所有网络接口
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
#bind-address = 127.0.0.1
bind-address = 0.0.0.0
#mysqlx-bind-address = 127.0.0.1
mysqlx-bind-address = 0.0.0.0
4. 重启MySQL服务
sudo systemctl restart mysql
5. 配置防火墙允许MySQL连接
sudo ufw allow mysql
sudo ufw allow 3306/tcp
6. 查询用户表以查看认证插件信息
mysql> SELECT user, host, plugin FROM mysql.user WHERE user='root';
+------+-----------+-----------------------+
| user | host | plugin |
+------+-----------+-----------------------+
| root | % | caching_sha2_password |
| root | localhost | mysql_native_password |
+------+-----------+-----------------------+
2 rows in set (0.00 sec)
将远程root用户的认证插件更改为 mysql_native_password
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '密码';
FLUSH PRIVILEGES;
systemctl restart mysql
7. 测试远程连接
mysql -h 服务器IP地址 -P 3306 -u root -p
8. 修改MySQL端口
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
port = 3600
9. 重启MySQL服务以应用更改
sudo systemctl restart mysql
10. 验证MySQL是否在新端口上监听
sudo netstat -tlnp | grep mysql
sudo ss -tlnp | grep mysql
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.01 sec)
mysql>