mysql5.7版本之后，與mariadb不同，在安裝之后，在啟動之時，會進行自動隨機密碼的設定，所以在systemctl start mysqld之后，會出現mysql -uroot -p無法登陸的情況

mysql root原始密碼查看

實際上mysqld在啟動時，會自動設定root密碼的，可以在其相關日志里面查看到，如下:

[root@bogon ~]# grep password /var/log/mysqld.log
2017-07-31T10:31:57.368883Z 1 [Note] A temporary password is generated for root@localhost: TjcrBm.j,7eU
2017-07-31T10:32:30.201882Z 3 [Note] Access denied for user 'root'@'localhost' (using password: NO)
2017-07-31T10:34:40.233539Z 0 [Note] Shutting down plugin 'validate_password'
2017-07-31T10:34:41.483983Z 0 [Note] Shutting down plugin 'sha256_password'
2017-07-31T10:34:41.483990Z 0 [Note] Shutting down plugin 'mysql_native_password'

mysql root的初始密碼為TjcrBm.j,7eU(每人情況不一樣，具體值在mysql日志中查看)

mysql密碼重置

當然有些人可能是root密碼真忘記了，那樣可以通過mysql免密碼登陸

在其配置文件/etc/my.cnf中加入skip-grant-tables=1即可

[root@bogon ~]# grep -v ^# /etc/my.cnf | grep -v ^$
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
skip-grant-tables=1

然后重啟mysql，使用mysql命令即可進入

[root@bogon ~]# systemctl restart mysqld
[root@bogon ~]# ss -tnl
State      Recv-Q Send-Q             Local Address:Port                            Peer Address:Port              
LISTEN     0      128                    127.0.0.1:9000                                       *:*                  
LISTEN     0      128                            *:111                                        *:*                  
LISTEN     0      128                            *:80                                         *:*                  
LISTEN     0      128                            *:22                                         *:*                  
LISTEN     0      100                    127.0.0.1:25                                         *:*                  
LISTEN     0      80                            :::3306                                      :::*                  
LISTEN     0      128                           :::111                                       :::*                  
LISTEN     0      128                           :::22                                        :::*                  
LISTEN     0      100                          ::1:25                                        :::*  
[root@bogon ~]# mysql
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.19

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
  

修改mysql root密碼

mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> update user set authentication_string = password("123456") where user="root";
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 1

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

然后將/etc/my.cnf中的skip-grant-tables=1注釋掉，重啟mysql服務即可。

在此要注意的是，之前版本密碼修改字段為password，在5.7版本之后字段為authentication_string

mysql密碼難度修改

mysql密碼修改為123456之后，有人發現使用123456能進入mysql，但是卻不能使用mysql的任何功能。會出現如下情況:

[root@bogon ~]# mysql -uroot -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.19

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

實際上，在初始更改root密碼時，并不能直接使用update來更改，需要使用alter user命令來更改

mysql> alter user 'root'@'localhost' identified by '123456';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
## mysql在5.7版本中加了密碼安全等級，弱密碼不能使用

mysql> alter user 'root'@'localhost' identified by 'QWEqwe123!@#';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql 安全策略以及root密碼清空

在上述修改密碼之后，可查看mysql的密碼安全策略

[root@bogon ~]# mysql -uroot -p'QWEqwe123!@#'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.19 MySQL Community Server (GPL)

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show variables like '%password%';
+---------------------------------------+--------+
| Variable_name                         | Value  |
+---------------------------------------+--------+
| default_password_lifetime             | 0      |
| disconnect_on_expired_password        | ON     |
| log_builtin_as_identified_by_password | OFF    |
| mysql_native_password_proxy_users     | OFF    |
| old_passwords                         | 0      |
| report_password                       |        |
| sha256_password_proxy_users           | OFF    |
| validate_password_check_user_name     | OFF    |
| validate_password_dictionary_file     |        |
| validate_password_length              | 8      |
| validate_password_mixed_case_count    | 1      |
| validate_password_number_count        | 1      |
| validate_password_policy              | MEDIUM |
| validate_password_special_char_count  | 1      |
+---------------------------------------+--------+
14 rows in set (0.00 sec)

其中可以看到validate有很多參數

validate_password_dictionary_file：插件用于驗證密碼強度的字典文件路徑。

validate_password_length：密碼最小長度。

validate_password_mixed_case_count：密碼至少要包含的小寫字母個數和大寫字母個數。

validate_password_number_count：密碼至少要包含的數字個數。

validate_password_policy：密碼強度檢查等級，0/LOW、1/MEDIUM、2/STRONG。

validate_password_special_char_count：密碼至少要包含的特殊字符數。

其中，關于validate_password_policy-密碼強度檢查等級：

0/LOW：只檢查長度。

1/MEDIUM：檢查長度、數字、大小寫、特殊字符。

2/STRONG：檢查長度、數字、大小寫、特殊字符字典文件。

可以直接在mysql中進行參數的修改

mysql> set global validate_password_policy=0;
Query OK, 0 rows affected (0.00 sec)

mysql> set global validate_password_special_char_count=0;
Query OK, 0 rows affected (0.00 sec)

mysql> set global validate_password_number_count=0;
Query OK, 0 rows affected (0.00 sec)

mysql> set global validate_password_mixed_case_count=0;
Query OK, 0 rows affected (0.00 sec)

mysql> set global validate_password_length=0;
Query OK, 0 rows affected (0.00 sec)

mysql> show variables like '%password%';
+---------------------------------------+-------+
| Variable_name                         | Value |
+---------------------------------------+-------+
| default_password_lifetime             | 0     |
| disconnect_on_expired_password        | ON    |
| log_builtin_as_identified_by_password | OFF   |
| mysql_native_password_proxy_users     | OFF   |
| old_passwords                         | 0     |
| report_password                       |       |
| sha256_password_proxy_users           | OFF   |
| validate_password_check_user_name     | OFF   |
| validate_password_dictionary_file     |       |
| validate_password_length              | 0     |
| validate_password_mixed_case_count    | 0     |
| validate_password_number_count        | 0     |
| validate_password_policy              | LOW   |
| validate_password_special_char_count  | 0     |
+---------------------------------------+-------+
14 rows in set (0.00 sec)

當然，此種變更，只能在當前環境下生效，重啟mysql后會失效

想要長期生效，需要將更改寫入配置文件中才可永久生效

也可以直接在配置文件中進行修改禁用validate-password功能

編輯my.cnf配置文件，在mysqld下面加入“validate-password=0”,然后重啟mysql即可。

[root@bogon ~]# grep -v ^# /etc/my.cnf  | grep -v ^$
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
validate-password=0
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

將mysql的密碼安全等級降低之后，可以將root密碼修改回來

mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> update user set authentication_string = password("") where user="root";
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit

以上密碼root即清除為空了。使用mysql即可直接進入mysql。當然生產環境中不推薦此種做法