Question

Mysql is accepting any (or no) password for root user on fresh LAMP install (18.04)

Posted June 3, 2020 365 views
MySQLUbuntu 18.04

Title pretty much says it all - I have tried installing LAMP on 18.04 from the marketplace several times today. On SSH login I am able to log in as root, even if putting in a garbage (or blank) password.

I’ve never had this happen before! Anyone else have ideas?

1 comment
  • Sorry, I do my best proofreading AFTER I hit ‘post’ - let me clarify that I am talking about MySQL logins via SSH. I can log in with any pass or no pass into the MySQL shell.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi @GreymanIndustries,

Have you ran the security script for MySQL? If you haven’t, ssh to your droplet and follow these steps:

sudo mysql_secure_installation

This will take you through a series of prompts where you can make some changes to your MySQL installation’s security options. The first prompt will ask whether you’d like to set up the Validate Password Plugin, which can be used to test the strength of your MySQL password. Regardless of your choice, the next prompt will be to set a password for the MySQL root user. Enter and then confirm a secure password of your choice.

From there, you can press Y and then ENTER to accept the defaults for all the subsequent questions. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MySQL immediately respects the changes you have made.

Please try the above and let me know if it works as requested.

Regards,
KDSys

  • Thanks for the reply, KDSys.

    Yes, I did do this, but I still get the strange behavior. I am wondering if it might have something to do with the root user not using mysqlnativepassword. I added another user via

    CREATE USER 'user2'@'localhost'IDENTIFIED WITH mysql_native_password BY 'password';
    

    and it behaves as expected… but the root user still is not asking for a pass on login.

Submit an Answer