Skip to main content

Ubuntu MySQL ERROR 1698 (28000)

Ubuntu MySQL ERROR 1698 (28000): Access denied for user 'root'@'localhost'


 This is a quick note about MySQL root access error in Ubuntu even though the password is correct.


TLDR;
use sudo!
sudo mysql 


After installing MySQL in ubuntu (sudo apt install mysql-server), you can run secure installation utility command to set the root password.

sudo mysql_secure_installation utility

I'm not going to explain this in detail since this post is not about the installation but the error.

After setting the root password with the above util, the expectation is to use the below command and log into MySQL as root.

mysql -u root -p

For Ubuntu, this doesn't seem to be working. The reason is, in the new MySQL installation in Ubuntu uses something called Socket Peer-Credential Pluggable Authentication. This authentication mechanism authenticates clients that connect from the local host through the Unix socket file. Basically, it means the MySQL user also requires access to the Unix socket file itself. Unix socket is a file that OS uses to communicate with programs. 

Therefore, if you used sudo, it will grant access to the socket, so as to the MySQL itself. 

Accessing without sudo

To access without using sudo powers, we can create a new MySQL user with the name of the system user.

eg: let's say my system user is thilinaj

1. login to mysql from root (sudo mysql) and select mysql database.

USE mysql;

2. Create user

CREATE USER 'thilinaj'@'localhost' IDENTIFIED WITH auth_socket;

3. Grant permissions

GRANT ALL PRIVILEGES ON *.* TO 'thilinaj'@'localhost' WITH GRANT OPTION;

4. Reload previleges and exit

FLUSH PRIVILEGES;

exit

5. Next time you login, you can just type in mysql and you're in

Ubuntu MySQL CLI



The cool thing about the auth_socket plugin is you don't have to provide the password. That is because the authentication is taken care of by the OS auth socket.


Accessing root user without sudo

To use the root user without the sudo access, we can use the following workaround (not recommended).

1. Log in to mysql using sudo

sudo mysql -u root

2. Once logged in, switch to mysql database

USE mysql;

3. Update the authentication mechanism for root

ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';

4. Reload the privileges and exit.

FLUSH PRIVILEGES;

exit

5. Sometimes you may need to 

Next time when you log in, you wouldn't need to use the sudo keyword. 


Application users

When creating application users, you'll have to use the caching_sha2_password to authenticate.

eg: 


CREATE USER 'appuser'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'apppassword';

CREATE USER 'appuser'@'%' IDENTIFIED WITH caching_sha2_password BY 'apppassword';


Some of the common types of authentication plugins

Following are the types of authentication mechanisms available and a little bit of information about them.

  • auth_socket 
    • Uses OS authentication socket to authenticate the MySQL user. So, the username should be similar to the OS user. The mysql root can be only accessed by the root user of the OS.
  • caching_sha2_password
    • Uses a strong SHA 256 algorithm to hash the password. Also, it supports server-side caching for the passwords, so it has better performance. This is the default authentication plugin after MySQL 8.0.
  • sha256_password
    • Same as caching_sha2_password but without caching.
  • mysql_native_password 
    • Relies on SHA1 algorithm which is relatively weak. Therefore not recommended.
MySQL supports few more authentication plugins. You can find them on this page.

These plugins can be activated and deactivated in the configurations. MySQL documentation would provide more information on this.


Labels:

Comments

Post a Comment

Popular posts from this blog

Java, how to create a list with a single element

 I wanted to create a Java List with a single element. Yet, I wanted to add more elements later. So, I was looking for a couple of ways to do this. So far there are multiple elegant ways to create a list with a single element with a one-liner. Not so much for a modifiable list though. Here's what I gathered so far. Followings are a few ways of creating a list with strictly a single entry. Can't add more elements. 1. Collections.singletonList() This returns an immutable list that cannot be modified or add more elements. // An immutable list containing only the specified object. List<String> oneEntryList = Collections. singletonList ( "one" ) ; oneEntryList.add( "two" ) ; // throws UnsupportedOperationException 2.  Arrays.asList() This returns a fixed-size list consisting of the number of elements provided as arguments. The number of elements provided would be an array hence the size is fixed to the length of the array. // Returns a fixed-size list List...
Post a Comment
Read more

Ubuntu DNS issue fix DNS_PROBE_FINISHED_BAD_CONFIG

Issue  I've been playing with a VPN and somehow it messed up my DNS resolution configurations. Chrome gives  DNS_PROBE_FINISHED_BAD_CONFIG  error and can't ping google. So it seemed to be an issue with the DNS. Of course, restarting didn't fix it. I tried DNS lookup which gave me below. To make sure this is somehting to do with my DNS confgis, I ran the same by providing the google DNS servers.  It works, which means my default DNS is not working for some reason. To make sure this, ran the below command. systemd-resolve --status Output has an entry for DNS Servers, which was  ::1 Fix 1. Edit the file /etc/systemd/resolved.conf. sudo vi /etc/systemd/resolved.conf 2. Add new DNS entries. I added 2 google DNS and the cloudflare DNS sever. [Resolve] DNS=8.8.8.8 8.8.4.4 1.1.1.1 3. Restart the systemd-resolved and check the configuration is persisted in /run/systemd/resolve/resolv.conf file. sudo service systemd-resolved restart cat /run/systemd/resolve/resolv.co...
2 comments
Read more

Install Docker on Windows 11 with WSL Ubuntu 22.04

This is to install Docker within Ubuntu WSL without using the Windows Docker application. Follow the below steps. Install Ubuntu 22.04 WSL 1. Enable Windows Subsystem for Linux and Virtual Machine platform Go to Control Panel -> Programs -> Programs and Features -> Turn Windows features on or off 2. Switch to WSL 2 Open Powershell and type in the below command. wsl --set-default-version 2 If you don't have WSL 2, download the latest WSL 2 package and install it.  3. Install Ubuntu Open Microsoft Store and search for Ubuntu. Select the version you intend to install. I'd use the latest LTS version Ubuntu 22.04. Click on the Get button. It will take a couple of minutes to download and install. 4. Open up the installed Ubuntu version that was installed. If you get an error like the below image, make sure to install the WSL2 Kernel update .  If it's an older Ubuntu version the error message would be something like the image below. Error: WSL 2 requires an update to its ...
1 comment
Read more