I'm trying to follow the Multi-Server setup instructions as I want redesign things so that all of the eggs arent on the same basket. I have all 5 servers set with the base OS stuff, steps 1-6 just as the instructions say. Then I start the Web Server installation. However, the instructions say install the "mysql-client" and "mysql-server" and says to give it a root password when prompted during the install. Well, it never asks for a password during the install. So after the install I log into mysql with "mysql -u root -p" and simply press enter for the password and it lets me in. I change/set the password for root to a new password. However, when I exit mysql and then log back in, I can still get in with an empty password. Not only that, I can get in with the new password too. When I do the single all-in-one server, when mysql or mariadb is installed, it always asks for a password during the install. Why is it not asking for one now? And how is it that it's saying it changed the password for 'root'@'localhost' but it's still able to use the empty password??? Im trying this on Ubuntu 18.04.03. Any thoughts??
execute "mysql_secure_installation" as root for a new installations on a modern system. This is a script that will set a password for the root account, remove the anonymous user, restrict root user access to the local machine and remove the test database.
I actually did that and I was still able to log in with the password I set and an empty password. This is why Im confused as to why it never asked for a password during the install because it asks for one when I follow the Perfect Server document for Ubuntu 18.04 when installing everything on the same server. The main thing Im concerned about is the empty password. Cant have a webserver accessible from the internet with an empty mysql password. Makes it too vulnerable.
The new default is no password for root access from within the server itself. I don't think you can access with no password remotely. Just do what the tutorial and @Steini86 said, and your server should be fine.
It's the default behaviour in MySQL 5.7 to autologin in without password. Check step 3 here to change this
Yes, I actually figured out Step 3 on my own last night, as when I couldnt get into phpMyAdmin with root, I created another account. When I got in it, I saw that "root" said "No" under the password column. So it appeared that setting the password in the mysql cli didnt take, even though it said it did, and so I reset it again and changed the auth_socket to the mysql_native_password and now Im able to get into phpMyAdmin as root and when I go into the mysql cli with "mysql -u root -p" the empty password thing doesnt work anymore and it requires the password. This must have changed just recently as I moved/rebuilt my standalone server just a few weeks ago on ESXi and didnt have this issue when MySql was installed. thanks.
