第一步:安装 mysql-server 包

# 1. 更新软件仓库索引
$ sudo apt update
# 2. 安装软件
$ sudo apt install mysql-server

第二步:初始化 mysql 安全配置

按上述步骤安装好 mysql-server 包后,我们有一些安全相关的配置需要设定好,这个时候可以使用 mysql_secure_installation 这个脚本命令来实现向导式的配置。

$ mysql_secure_installation
Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

# 是否启用 VALIDATE PASSWORD 这个插件,它会检查密码的强度,
# 在用户尝试设置弱密码的时候,拒绝执行密码设置操作
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: 

# 请设置 root 用户的密码
Please set the password for root here.

New password: 

Re-enter new password: 

# 是否移除匿名用户 (如果是生产环境请选择移除)
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

# 是否禁止 root 用户远程登录
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : n

# 是否删除 'test' 数据库 (如果是生产环境请删除)
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

# 是否立刻重新载入用户权限设置
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done! 

第三步:改成使用用户名和密码的方式来登陆 MySQL

有些朋友在按照上述步骤安装好 MySQL 后,发现直接输入 mysql 命令会报错:

$ mysql
ERROR 1045 (28000): Access denied for user '你的用户名'@'localhost' (using password: NO)

此时有朋友会想,我刚刚设置过 root 用户的密码,是否通过mysql -u root -p 来连接 MySQL 服务器呢:

$ mysql -u root -p
Enter password: 
ERROR 1698 (28000): Access denied for user 'root'@'localhost'

结果还是碰壁了,只有使用 sudo mysql 才能成功的连接上服务器。

这其实是因为,MySQL 5.7 (或之后的版本)默认不是使用密码的方式实现用户的鉴权,而是使用 auth_socket 插件来实现的鉴权。这能使得 MySQL 更加安全,但是这样一来,一些需要使用用户名/密码机制访问数据库的外部程序(比如你自己写的程序,或者一些数据库管理工具)就没法连接上数据库了,因为你没法通过用户名+密码的方式来连接上 MySQL 服务器。

要把 MySQL 改回使用用户名+密码方式鉴权也很简单,首先,我们先看看当前 root 用户是不是在用 auth_socket 插件来实现鉴权:

# 连接上服务器
$ sudo mysql
# 列出用户使用的 plugin
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
+------------------+-----------------------+-----------+
| user             | plugin                | host      |
+------------------+-----------------------+-----------+
| root             | auth_socket           | localhost |
| mysql.session    | mysql_native_password | localhost |
| mysql.sys        | mysql_native_password | localhost |
| debian-sys-maint | mysql_native_password | localhost |
+------------------+-----------------------+-----------+
4 rows in set (0.00 sec)

可以看得 root 使用了 auth_socket 插件,我们可以这样来把 MySQL 改回使用用户名+密码方式鉴权:

mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '设置的密码';

其中需要注意 设置的密码 不能是弱密码,然后运行 FLUSH PRIVILEGES 语句使得设置生效:

mysql> FLUSH PRIVILEGES;

之后,你就可以在 shell 中通过:

$ mysql -u root -p

来连接服务器了。