I’m setting up a new server and keep running into this problem.
When I try to log into the MySQL database with the root user, I get the error:
ERROR 1698 (28000): Access denied for user ‘root’@’localhost’
It doesn’t matter if I connect through the terminal (SSH), through phpMyAdmin or a MySQL client, e.g., Navicat. They all fail.
I looked in the mysql.user table and get the following:
+------------------+-------------------+
| user | host |
+------------------+-------------------+
| root | % |
| root | 127.0.0.1 |
| amavisd | localhost |
| debian-sys-maint | localhost |
| iredadmin | localhost |
| iredapd | localhost |
| mysql.sys | localhost |
| phpmyadmin | localhost |
| root | localhost |
| roundcube | localhost |
| vmail | localhost |
| vmailadmin | localhost |
| amavisd | test4.folkmann.it |
| iredadmin | test4.folkmann.it |
| iredapd | test4.folkmann.it |
| roundcube | test4.folkmann.it |
| vmail | test4.folkmann.it |
| vmailadmin | test4.folkmann.it |
+------------------+-------------------+
As you can see, user root should have access.
The Server is quite simple, as I have tried to troubleshoot this for a while now.
It’s running Ubuntu 16.04.1 LTS (Xenial Xerus) with Apache, MySQL and PHP, so that it can host websites, and iRedMail 0.9.5-1, so that it can host mail.
Log into the MySQL database works fine before I installed iRedMail. I also tried just installing iRedMail, but then root also doesn’t work.
How can I fix my MySQL login problem or how can I install iRedMail over an existing MySQL install? And yes, I tried the Installation Tips and I can’t find those variables in the configuration files.
Jeff Holt
2,9803 gold badges22 silver badges29 bronze badges
asked Sep 1, 2016 at 22:06
3
On some systems, like Ubuntu, MySQL is using the Unix auth_socket plugin by default.
Basically it means that: db_users using it, will be «authenticated» by the system user credentials. You can see if your root
user is set up like this by doing the following:
sudo mysql -u root # I had to use "sudo" since it was a new installation
mysql> USE mysql;
mysql> SELECT User, Host, plugin FROM mysql.user;
+------------------+-----------------------+
| User | plugin |
+------------------+-----------------------+
| root | auth_socket |
| mysql.sys | mysql_native_password |
| debian-sys-maint | mysql_native_password |
+------------------+-----------------------+
As you can see in the query, the root
user is using the auth_socket
plugin.
There are two ways to solve this:
- You can set the root user to use the
mysql_native_password
plugin - You can create a new
db_user
with yousystem_user
(recommended)
Option 1:
sudo mysql -u root # I had to use "sudo" since it was a new installation
mysql> USE mysql;
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> exit;
sudo service mysql restart
Option 2: (replace YOUR_SYSTEM_USER with the username you have)
sudo mysql -u root # I had to use "sudo" since it was a new installation
mysql> USE mysql;
mysql> CREATE USER 'YOUR_SYSTEM_USER'@'localhost' IDENTIFIED BY 'YOUR_PASSWD';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'YOUR_SYSTEM_USER'@'localhost';
mysql> UPDATE user SET plugin='auth_socket' WHERE User='YOUR_SYSTEM_USER';
mysql> FLUSH PRIVILEGES;
mysql> exit;
sudo service mysql restart
Remember that if you use option #2 you’ll have to connect to MySQL as your system username (mysql -u YOUR_SYSTEM_USER
).
Note: On some systems (e.g., Debian 9 (Stretch)) the ‘auth_socket’ plugin is called ‘unix_socket’, so the corresponding SQL command should be: UPDATE user SET plugin='unix_socket' WHERE User='YOUR_SYSTEM_USER';
From andy’s comment it seems that MySQL 8.x.x updated/replaced the auth_socket
for caching_sha2_password
. I don’t have a system setup with MySQL 8.x.x to test this. However, the steps above should help you to understand the issue. Here’s the reply:
One change as of MySQL 8.0.4 is that the new default authentication plugin is ‘caching_sha2_password’. The new ‘YOUR_SYSTEM_USER’ will have this authentication plugin and you can log in from the Bash shell now with «mysql -u YOUR_SYSTEM_USER -p» and provide the password for this user on the prompt. There isn’t any need for the «UPDATE user SET plugin» step.
For the 8.0.4 default authentication plugin update, see MySQL 8.0.4: New Default Authentication Plugin: caching_sha2_password.
answered Mar 12, 2017 at 1:17
zetacuzetacu
17.1k2 gold badges19 silver badges26 bronze badges
25
A new version of MySQL does it this way
In the new MySQL client, if the password is left empty while installing then, it is based on the auth_socket
plugin.
The correct way is to log in to MySQL with the sudo
privilege.
sudo mysql -u root -p
And then updating the password using:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'new-password';
Once this is done, stop and start the MySQL server.
sudo service mysql stop
sudo service mysql start
For complete details, you can refer to this link.
answered Sep 14, 2018 at 16:17
NandeshNandesh
4,4362 gold badges20 silver badges26 bronze badges
7
No need of sudo
The database is initialised with 2 all-privilege accounts: the first one is «root» which is inaccessible and the second one with your user name (check with command whoami
).
To enable access to root account, you need to login with your user name
mysql -u $(whoami)
and manually change password for root
use mysql;
set password for 'root'@'localhost' = password('YOUR_ROOT_PASSWORD_HERE');
flush privileges;
quit
Login as ‘root’
mysql -u root -p
answered Jan 10, 2020 at 18:31
4
I was having this issue on an Debian 8 (Jessie) VM that I was interacting with through PuTTY on my Windows 10 desktop.
I tried the various suggestions on here, but nothing quite worked and I am running MariaDB on the Debian host. In the end I found that I couldn’t start the database server in safe mode, but I didn’t need to and the following commands actually worked for me, i.e., allowing a newly created MySQL user to log into the MySQL/MariaDB server:
sudo service mysql restart
sudo mysql # Logs in automatically into MariaDB
use mysql;
update user set plugin='' where user='your_user_name';
flush privileges;
exit;
sudo service mysql restart # Restarts the MySQL service
If the above doesn’t quite work for you, follow the steps outlined in zetacu’s post, and then follow my steps.
Now you should be able to use a remote terminal client and securely log into MySQL using the command:
mysql -u your_user_name -p
*Type in the password when prompted
answered Nov 11, 2017 at 14:03
TrevorTrevor
1,5611 gold badge20 silver badges28 bronze badges
2
Step 1. sudo mysql -u root -p
Step 2. USE mysql;
Step 3. ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'admin';
Here ‘admin’ is your new password, but you can change it.
Step 4. exit
You are done.
answered Dec 1, 2018 at 11:04
After hours of struggling without any solution here, this worked for me. I found a YouTube video where it says the password column is now called authentication_string.
So I was able to change my password as follows:
First get into the MySQL client from the terminal:
sudo mysql
Then inside mysql, type whatever after mysql>
:
mysql> use mysql
mysql> update user set authentication_string=PASSWORD("mypass") where user='root';
mysql> flush privileges;
mysql> quit;
At this point you are out of the MySQL client, back to your normal terminal place. You need to restart the MySQL client for this to take effect. For that type, the following:
sudo service mysql restart
Refer to this video link for a better understanding.
answered Jan 29, 2020 at 17:09
I would suggest to remove the MySQL connection —
This is for MySQL version 5.5. If your version is different, please change the first line accordingly.
sudo apt-get purge mysql-server mysql-client mysql-common mysql-server-core-5.5 mysql-client-core-5.5
sudo rm -rf /etc/mysql /var/lib/mysql
sudo apt-get autoremove
sudo apt-get autoclean
And install again, but this time set a root password yourself.
This will save a lot of effort.
sudo apt-get update
sudo apt-get install mysql-server
answered Mar 10, 2017 at 12:25
Eminem347Eminem347
3874 silver badges11 bronze badges
4
I found my solution after hours of research here.
Stop MySQL
sudo service mysql stop
Make MySQL service directory.
sudo mkdir /var/run/mysqld
Give MySQL user permission to write to the service directory.
sudo chown mysql: /var/run/mysqld
Start MySQL manually, without permission checks or networking.
sudo mysqld_safe --skip-grant-tables --skip-networking &
Log in without a password.
mysql -uroot mysql
Update password
UPDATE mysql.user SET authentication_string=PASSWORD('YOURNEWPASSWORD'), plugin='mysql_native_password' WHERE User='root' AND Host='%';
EXIT;
Turn off MySQL.
sudo mysqladmin -S /var/run/mysqld/mysqld.sock shutdown
Start the MySQL service normally.
sudo service mysql start
answered Sep 3, 2019 at 6:41
Sanjun DevSanjun Dev
5188 silver badges20 bronze badges
0
For the first
sudo mysql -u root -p
SHOW VARIABLES LIKE 'validate_password%';
we will see something like this:
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
We need to change these rows:
- validate_password.length
- validate_password.number_count
- validate_password.policy
- validate_password.special_char_count
SET GLOBAL validate_password.policy=LOW;
SET GLOBAL validate_password.length=4;
SET GLOBAL validate_password.number_count=0;
SET GLOBAL validate_password.special_char_count=0;
SHOW VARIABLES LIKE 'validate_password%';
We will see:
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 4 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 0 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 0 |
+--------------------------------------+-------+
Now exit from the MySQL client:
exit;
sudo mysql -u root -p
And now you can write your password, four or more only letters.
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'new-password';
exit;
sudo mysql -u root -p
Your new password is in the database for user ‘root’;
answered Jan 14, 2021 at 20:16
TaronTaron
1891 silver badge14 bronze badges
I also faced the same issue for the first time.
Now it is fixed:
First, you copy the /etc/mysql/mysql.conf.d/mysqld.cnf
file and paste in to /etc/mysql/my.cnf
.
You can do it by the command:
sudo cp /etc/mysql/mysql.conf.d/mysqld.cnf /etc/mysql/my.cnf
Now let’s reset the password:
Use the following commands in your terminal:
sudo service mysql stop
sudo service mysql start
sudo mysql -u root
Now you are inside the MySQL console.
Then let’s write some queries to reset our root password:
USE mysql
update mysql.user set authentication_string=password('newpass') where user='root' and Host ='localhost';
update user set plugin="mysql_native_password";
flush privileges;
quit
Now we can clean /etc/mysql/my.cng
.
Open the above file in your editor and remove the whole lines inside the file.
After that let’s restart MySQL:
sudo mysql service restart
Now let’s use MySQL with the newly created password:
sudo mysql -u root -p
Finally enter your newly created password.
answered Jul 18, 2019 at 11:42
1
In my case,
mysql -u root -p
Enter password:
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
I am sure my password was correct. Otherwise, the error code would be ERROR 1045 (28000): Access denied for user
So I relogin using sudo,
sudo mysql -u root -p
This time it worked for me. See the documentation.
And then change the root password,
mysql> alter user 'root'@'%' identified with mysql_native_password by 'me123';
Query OK, 0 rows affected (0.14 sec)
mysql>
Then restart the server using sudo /etc/init.d/mysql restart
.
answered Dec 3, 2019 at 13:16
This worked for me:
mysql --user=root mysql
CREATE USER 'some_user'@'%' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON *.* TO 'some_user'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
answered Dec 30, 2018 at 21:19
DoradDorad
3,4212 gold badges44 silver badges71 bronze badges
2
This works for me with MySQL version 8.0.26 and Ubuntu 20.04 (Focal Fossa).
sudo mysql -u root
mysql> USE mysql;
mysql> SELECT User, Host, plugin FROM mysql.user;
+------------------+-----------+-----------------------+
| User | Host | plugin |
+------------------+-----------+-----------------------+
| debian-sys-maint | localhost | caching_sha2_password |
| mysql.infoschema | localhost | caching_sha2_password |
| mysql.session | localhost | caching_sha2_password |
| mysql.sys | localhost | caching_sha2_password |
| root | localhost | auth_socket |
+------------------+-----------+-----------------------+
mysql> UPDATE user SET
plugin='caching_sha2_password' WHERE User='root';
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'you_mysql_password';
mysql> FLUSH PRIVILEGES;
mysql> exit;
sudo service mysql restart
answered Sep 3, 2021 at 9:48
WhileWhile
611 bronze badge
1
OS: Ubuntu 18.04 (Bionic Beaver)
MySQL: 5.7
-
Add the
skip-grant-tables
to the end of file mysqld.cnf -
Copy the my.cnf file
sudo cp /etc/mysql/mysql.conf.d/mysqld.cnf /etc/mysql/my.cnf
-
Reset the password
(base) ➜ ~ sudo service mysql stop (base) ➜ ~ sudo service mysql start (base) ➜ ~ mysql -uroot Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.7.25-0ubuntu0.18.04.2 (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed, 3 warnings mysql> update mysql.user set authentication_string=password('newpass') where user='root' and Host ='localhost'; Query OK, 1 row affected, 1 warning (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 1 mysql> update user set plugin="mysql_native_password"; Query OK, 0 rows affected (0.00 sec) Rows matched: 4 Changed: 0 Warnings: 0 mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye
-
Remove the
skip-grant-tables
from my.cnf(base) ➜ ~ sudo emacs /etc/mysql/mysql.conf.d/mysqld.cnf (base) ➜ ~ sudo emacs /etc/mysql/my.cnf (base) ➜ ~ sudo service mysql restart
-
Open the MySQL client
(base) ➜ ~ mysql -uroot -ppassword mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.25-0ubuntu0.18.04.2 (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
-
Check the password policy
mysql> select @@validate_password_policy; +----------------------------+ | @@validate_password_policy | +----------------------------+ | MEDIUM | +----------------------------+ 1 row in set (0.00 sec) mysql> SHOW VARIABLES LIKE 'validate_password%'; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 6 rows in set (0.08 sec)!
-
Change the configuration of the
validate_password
mysql> set global validate_password_policy=0; Query OK, 0 rows affected (0.05 sec) mysql> set global validate_password_mixed_case_count=0; Query OK, 0 rows affected (0.00 sec) mysql> set global validate_password_number_count=3; Query OK, 0 rows affected (0.00 sec) mysql> set global validate_password_special_char_count=0; Query OK, 0 rows affected (0.00 sec) mysql> set global validate_password_length=3; Query OK, 0 rows affected (0.00 sec) mysql> SHOW VARIABLES LIKE 'validate_password%'; +--------------------------------------+-------+ | Variable_name | Value | +--------------------------------------+-------+ | validate_password_dictionary_file | | | validate_password_length | 3 | | validate_password_mixed_case_count | 0 | | validate_password_number_count | 3 | | validate_password_policy | LOW | | validate_password_special_char_count | 0 | +--------------------------------------+-------+ 6 rows in set (0.00 sec)
Note
You should know that you error caused by what? validate_password_policy?
You should have decided to reset the your password to fill the policy or change the policy.
answered Mar 23, 2019 at 4:36
iamcxliamcxl
6971 gold badge7 silver badges15 bronze badges
First step: go to file /etc/phpmyadmin/config.inc.php, and then uncomment lines where you find «AllowNoPassword».
Second step: log in to your MySQL default account
mysql -u root -p
use mysql;
update user set plugin="" where user='root';
flush privileges;
And that’s all!
answered Apr 17, 2018 at 20:00
2
This worked for me on mysql Ver 15.1:
$ sudo mysql
MariaDB [mysql]> use mysql;
MariaDB [mysql]> set password for 'root'@'localhost' = password('YOUR_ROOT_PASSWORD_HERE');
MariaDB [mysql]> flush privileges;
MariaDB [mysql]> quit
Login as ‘root’
mysql -u root -p
Credits to Raoul HATTERER
answered Oct 26, 2022 at 9:26
BlackBlack
18.2k39 gold badges158 silver badges273 bronze badges
the answer given by @zetacu and @peter is very accurate but only part of it worked for me. Adding this here for users who are using
mysql Ver 8.0.30-0ubuntu0.20.04.2 for Linux on x86_64 ((Ubuntu))
So, my user table looked like this:
mysql> SELECT User,Host,plugin FROM mysql.user;
+------------------+-----------+-----------------------+
| User | Host | plugin |
+------------------+-----------+-----------------------+
| debian-sys-maint | localhost | caching_sha2_password |
| mysql.infoschema | localhost | caching_sha2_password |
| mysql.session | localhost | caching_sha2_password |
| mysql.sys | localhost | caching_sha2_password |
| pk | localhost | auth_socket |
| root | localhost | auth_socket |
+------------------+-----------+-----------------------+
6 rows in set (0.00 sec)
So, first I followed the second(recommended) option of replacing YOUR_SYSTEM_USER with the username you have. So, I created a new user with same approach but nothing worked.
Then I tried the first approach to set root user to use my_native_password plugin:
sudo mysql -u root
mysql> USE MySQL;
mysql> UPDATE user SET plugin='mysql_native_password' WHERE
User='root';
mysql> FLUSH PRIVILEGES;
mysql> exit;
sudo service mysql restart
AND IT WORKED!!! SO, just create a new user and make it use my_native_password plugin.
answered Oct 27, 2022 at 12:37
For those installing the latest MariaDB on macOS and following this tutorial in MariaDB’s documentation, run:
sudo mariadb-secure-installation
instead of just the mariadb-secure-installation
command given. Otherwise, no luck, despite the erroneous prompt:
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
Enter current password for root (enter for none):
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
Enter current password for root (enter for none):
Aborting!
answered Jan 28, 2022 at 22:25
Geyser14Geyser14
1,4053 gold badges15 silver badges32 bronze badges
This has happened to me as well. The problem is with the MySQL repository that comes already with the Linux distribution. So when you simply do:
sudo apt install mysql-server
It installs MySQL from their default repository which gives this problem. So to overcome that you need to uninstall that installed MySQL:
sudo apt remove mysql* --purge --auto-remove
Then download the MySQL repository from official MySQL website MySQL APT repository.
Follow their documentation on how to add a repository and
install it. This gives no issue.
Also as answered by zetacu, you can verify that the MySQL root user now indeed uses the mysql_native_password plugin.
answered Jan 13, 2019 at 11:03
sudipsudip
1431 gold badge1 silver badge9 bronze badges
I have done the following steps to get rid of this issue.
Log in into the MySQL in your machine using (sudo mysql -p -u root) and hit the following queries.
-
CREATE USER ‘jack’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘<>’;
-
GRANT ALL PRIVILEGES ON . TO ‘jack’@’localhost’;
-
SELECT user,plugin,host FROM mysql.user WHERE user = ‘root’;
+------+-------------+-----------+ | user | plugin | host | +------+-------------+-----------+ | root | auth_socket | localhost | +------+-------------+-----------+
-
ALTER USER ‘root’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘<>’;
-
FLUSH PRIVILEGES;
Please try it once if you are still getting the error. I hope this code will help you a lot!!
answered Dec 31, 2020 at 5:20
For anyone that tried the solution here and nothing works, make sure you are using the correct command, sudo sudo mysql -u root -p
and not mysql mysql -u root -p
.
You’ll need to enter two passwords, the one of the current user and the root one.
answered May 21, 2021 at 1:47
1
You want to access MySQL with root user but you’re not providing root’s correct password.
If you need to set a new password for root, MySQL’s site has great documentation on how to do it: B.3.3.2 How to Reset the Root Password
I’ll not show the process in here, because MySQL’s documentation on the above link is clear and concise.
answered Sep 2, 2016 at 0:36
3
Are you getting the following error when trying to login to the MySQL root on an Ubuntu system or other Linux distribution? We’ll show you how to clear it up in a matter of seconds.
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
Explanation: This error is caused by the auth_socket plugin. The simplest solution is to just disable the plugin which we will show you how to do below.
Follow the corresponding section below, depending on whether you’re running MySQL Server or MariaDB Server, as both implementations require a different solution to fix the root login problem.
MySQL Server
In this section, we will fix the ERROR 1698
for a MySQL Server installation:
Step 1. Log in to MySQL as root (using sudo
will bypass MySQL’s password prompt):
$ sudo mysql -u root
Step 2. Change to the mysql
database and set the plugin to mysql_native_password
for the root user:
mysql> USE mysql; mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='root'; mysql> FLUSH PRIVILEGES;
Step 3. You have to change the root password for this to work. Even just specifying the current password is fine too, but this command must be executed:
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password_here'; mysql> exit;
Step 4. Lastly, restart MySQL for the changes to take effect:
$ sudo systemctl restart mysql
Step 5. You can now log in to MySQL root as normal, and will no longer encounter the error:
$ mysql -u root -p
MariaDB Server
In this section, we will fix the ERROR 1698
for a MariaDB Server installation:
Step 1. The solution for MariaDB is different. Users need to run through initial setup by executing:
$ sudo mysql_secure_installation
Step 2. Press enter when prompted for root password:
Enter current password for root (enter for none):
Step 3. Answer N when asked to enable unix_socket
authentication:
Switch to unix_socket authentication [Y/n] n
Step 4. Answer Y when asked if you’d like to change the root password, then supply a new password:
Change the root password? [Y/n] y New password: Re-enter new password:
Step 5. Go through the next few questions, eventually ending by answering Y to reload table privileges:
Reload privilege tables now? [Y/n] y
Step 6. You can now log in to MariaDB root as normal, and will no longer encounter the error:
$ mysql -u root -p
Did this work for you? Let us know in the comments below! Include your system information for help with troubleshooting.
When I try to login to MySQL database, I get some error message like “error 1698 (28000)”. Please help!
That was a recent support ticket received at our Server Support department where we resolve support queries for web hosts.
Website owners often face this error when they access the MySQL database as root user.
So, what’s the reason behind this? And, how to resolve this?
Today, we’ll discuss the reason for this error and how our Server Supported Engineers fix it.
‘error 1698’ MySQL error – What this means?
Before we move on to the reasons, let’s first get an idea of MySQL error ‘error 1698′.
Website owners face this error when MySQL disallows the root user to access the database.
For instance, users see the complete error message like this:
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
In addition to that, website owners will not be able to connect to the database via a terminal, PHPmyadmin or MySQL client.
In our experience managing websites, majority of such complaints are raised by customers on a Ubuntu machine.
‘error 1698’ Mysql error – Causes and solutions
First, let’s see the main cause of this error identified by our Support Engineers during our debugging process.
Some systems like Ubuntu don’t use root password, instead Mysql root account is configured to use the auth_socket or unix_socket plugin for authentication.
mysql> USE mysql;
mysql> SELECT User, Host, plugin FROM mysql.user;
+------------------+-----------------------+
| User | plugin |
+------------------+-----------------------+
| root | auth_socket |
+------------------+-----------------------+
This plugin allows the user to use Operating System credentials when connecting to the database.
In other words, this plugin doesn’t care for password. It checks if the user is connecting via UNIX socket and then compares the username.
For example, a user authenticate to the Ubuntu system as test, so MySQL won’t trust the user when he login as root user, because this user is different from the system user test.
Result is ‘error 1698‘ Mysql error.
How we fix?
Now, let’s see how our Support Engineers fix this error.
1) Set root user to use ‘mysql_native_password‘ plugin
‘mysql_native_password’ implements authentication against mysql.user table using the native password authentication method.
So, the first solution our Hosting Engineers use, is to update the root user password and change the root user’s authentication plugin to ‘mysql_native_password’.
For example, we use the following command to change the root user’s authentication plugin to mysql_native_password.
user mysql;
update user set plugin='mysql_native_password' where User = 'root';
And, in order for the changes to reflect, and the privileges to be saved, we use the below command.
FLUSH PRIVILEGES;
[Need assistance in fixing MySQL errors in your website? Our MySQL experts can assist you. We are available 24/7.]
2) Add the system user to the MySQL ‘user’ table
Basically, mysql_native_password is the traditional method of authentication, but it isn’t secure, because it uses just a hash of the password.
So, the safe option that our Security Engineers always recommend is to add the system user to the MySQL user table with auth_socket plugin enabled.
For example, we use the following command to add the system user testing to the MySQL user table with the auth_socket plugin.
USE mysql;
CREATE USER 'testing'@'localhost' IDENTIFIED BY '';+
UPDATE user SET plugin='auth_socket' WHERE User='testing';
After that, we grant all privileges to this user, and flush the privileges for the changes to take effect.
Now, the user can login to MySQL with this system user.
3) Disable UNIX_socket authentication
Another simple solution to this problem is to disable UNIX socket authentication.
Our Hosting Engineers disable unix_socket authentication for root user using the following command.
use mysql;
update user set plugin='' where User='root';
Now, the root user can login with standard password authentication.
We’ve discussed 3 different ways to resolve this error.
Considering the security aspect, our MySQL experts always suggest server owners to follow the second step.
Because, it’s always good practice to create a new user and leave the root user there.
[Need a Mysql expert to look at this error? Our Dedicated Support Engineers can fix this for you within minutes.]
Conclusion
In short, ‘error 1698‘ Mysql error occurs due to the incorrect authentication plugin enabled for the root user. Today, we’ve discussed the 3 easy methods to solve this error and the most reliable solution suggested by our Server Support Engineers.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
SEE SERVER ADMIN PLANS
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
With our easy steps, you can easily solve error 1698 (28000) Access denied for the user.
This error is very common when you try to log in to your MySQL for the first time.
Personally, I too faced this issue multiple times, maybe because we were not following the right way to install MySQL, or we forgot to set a password, or else we didn’t get the options to set a password.
Similarly, there may be many other reasons for the above error, but the solution to this error is pretty simple and easy. In this article, you will find a way to resolve 1698 (28000) Access denied for user ‘root’@’localhost’.
There are two ways to resolve this error.
First, you will see a simple and less time-consuming method. If the first method didn’t work in your case, then go to the second one.
Method 1: The Easiest Way to Fix Error 1698 (28000): Access Denied for User
One of the easiest ways to resolve this error is to invoke “mysql_secure_installation”, which will ask you to set a password for your MySQL root user.
$ sudo mysql_secure_installation
You need to enter a new password and, for confirmation, re-type that password.
If the password is less than 25 characters, you will be prompted to confirm whether you want to continue or not. If you don’t want to set password characters more than 25, simply type “n”.
In my case, it didn’t work and threw me an error on-screen:
“Failed! Error: SET PASSWORD has no significance for user ‘root’@’localhost’ as the authentication method used doesn’t store authentication data in the MySQL server.
Please consider using ALTER USER instead if you want to change authentication parameters.”
If the same thing happens with you too, then close the terminal and follow the second set of steps, which worked in my case to solve error 1698 (28000) Access denied for user.
Method 2: Fix Error 1698 (28000): Access Denied for User using Alter
When you install MySQL for the first time, there is a chance you will not find the option to set a password because of the new method of authenticating users.
If it is like that, then you need to login to MySQL as a root user.
Most of the time, users may try to log in to MySQL as “mysql -u user” or “mysql -u root”, but it won’t work because “user@localhost” has not yet been created on your system, and root cannot be accessed without sudo privileges.
And when you try to log in as the root user with “mysql -u root@localhost”, you will get the below error.
Check the Authorization Mechanism
To resolve this, you must log into MySQL as a sudo on the new installation because the account that is linked with MySQL is the “root” account, not the “user” account.
Run the below command in your terminal:
$ sudo mysql -u root
Once you are logged in, you will find the MySQL console looking like the below-shown image.
Now you can access your MySQL account with the above command, but there is a small problem with this: you cannot log in to MySQL without sudo privileges.
To fix that, you can create a new user and grant the necessary privileges, or else change the password authentication mechanism of the root account.
There are different types of password mechanisms supported by MySQL by default you will find “auth_socket” for your root account to make it robust you can choose conventional “mysql_native_password” or the latest “caching_sha2_password“ on later version 8.0.0
If you want to learn more about authentication plugins, then do check out MySQL authentication documentation.
Before moving to the next step, you should check what password mechanism or plugin is attached to your root account.
To find out, you can run the following queries on the MySQL console:
mysql> SELECT User, plugin from mysql.user ;
The behavior of the above command is shown below:
Set a password on the root account
Now you can set or update your password by following the below snippet. Make sure to replace [ENTER-NEW-PASSWORD] with your password and, prior to that, select the MySQL database.
mysql> use mysql;
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH 'caching_sha2_password' BY '[ENTER-NEW-PASSWORD]';
Output:
I’m using “caching_sha2_password”.
If you want to use “mysql_native_password” on > MySQL 5.7 version, type the below queries on your MySQL console.
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' BY '[ENTER-NEW-PASSWORD]';
Once the changes have been implemented, restart the MySQL service.
$ sudo systemctl restart mysql.service
And once the service is restarted, type the below code in your terminal and enter the password which you have set above.
$ mysql -u root -p
Output:
Wrapping Up
That’s all to resolve error 1698 (28000) Access denied for user on MySQL.
I’m sure after following the above steps you will be able to resolve the issue, but if you are still having any issues, then do let me know in the comment section.
If you are interested in learning about how to change the MySQL port number, then check out this article.
See you later in the next article.
A man with a tech effusive who has explored some of the amazing technology stuff and is exploring more. While moving towards, I had a chance to work on Android development, Linux, AWS, and DevOps with several open-source tools.
The error 1698 (28000): access denied for user ‘root’@’localhost’ is a common error that occurs when you do not have permission to access the database. This article covers all the details of how this error arises and what you can do to resolve it. Let’s begin!
Contents
- Why Does the Error 1698: Mysql Error Message Occurs?
- – Incorrect Credentials
- – Insufficient Privileges
- – Missing Grant Privileges
- – Firewall or Network Issues
- – Incorrect MySQL Configuration
- – Syntax Errors
- How To Resolve the Error 1698: Mysql Error Message?
- – Reset the Root Password
- – Grant Privileges to the Root User
- – Check the MySQL/MariaDB Configuration
- – Check the Firewall
- – Use a Different User Account
- – Grant MySQL Access
- – Correct Typo Mistake
- Conclusion
Why Does the Error 1698: Mysql Error Message Occurs?
The error 1698 (28000): access denied for user ‘root’@’localhost’ occurs when the root user tries to perform an action requiring higher privileges than those granted. This happens when the root user’s password is incorrect or has been restricted from accessing certain databases or tables.
Additionally, this error will occur if the root user has been removed from the list of authorized users. It can also occur if there is a conflict between the user’s permissions and the privileges required by the action being performed.
- Missing grant privileges.
- Firewall or Network issues.
- Incorrect MySQL configuration.
- Syntax errors.
– Incorrect Credentials
The most common reason for this error is an incorrect username or password for the ‘root’ user. Ensure that you are using the correct username and password to log in to the MySQL server.
– Insufficient Privileges
If you have recently created a new user, it may not have sufficient privileges to access the MySQL server. Ensure that you have granted the necessary permissions to the user to access the server.
– Missing Grant Privileges
Sometimes, the user may have the necessary privileges to access the server, but the grant privileges are missing. Grant privileges are the ones that allow a user to perform specific operations on a specific database. Ensure that you have granted the necessary grant privileges to the user.
– Firewall or Network Issues
The server may not be reachable due to network or firewall issues. Ensure your network and firewall settings are correctly configured to allow MySQL server connections.
– Incorrect MySQL Configuration
Sometimes, the MySQL server configuration may be incorrect, which can cause the ‘Access Denied’ error. Check the configuration files to ensure that the server is correctly configured.
– Syntax Errors
Syntax errors are another reason why this error occurs. Sometimes, coders accidentally make a typo mistake or use the wrong operands and functions with the wrong brackets.
Such issues cause error messages to arise, such as:
- Error 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: yes).
- Access denied for user ‘root’@’localhost’ (using password: no).
- Error 1045 mysql 28000: access denied for user’ root’@’localhost centos.
- Error 1045 (28000): Access denied for user cacti localhost’ (using password: yes).
How To Resolve the Error 1698: Mysql Error Message?
To solve error 1698 (28000): Access denied for user ‘root’@’localhost’ error, you can grant administrative privileges to the user or create a new user with administrative access. Create a new user with administrative access by running “CREATE USER ‘new_user’@’localhost’ IDENTIFIED BY ‘password’;” and grant them administrative access.
– Reset the Root Password
If you cannot log in to the MySQL or MariaDB database using the root account, you can reset the root password. To do this, stop the MySQL/MariaDB server and restart it with the –skip-grant-tables option. This will let you log in to the database server without a password. Once you are logged in, you can reset the root password using the following command:
UPDATE mysql.user SET authentication_string = PASSWORD(‘new_password’) WHERE User = ‘root’ AND Host = ‘localhost’;
After resetting the password, restart the MySQL/MariaDB server without the –skip-grant-tables option.
– Grant Privileges to the Root User
When the root user doesn’t have the necessary privileges to access the database server, you can grant them using the given command:
GRANT ALL PRIVILEGES ON *.* TO ‘root’@’localhost’ IDENTIFIED BY ‘password’ WITH GRANT OPTION;
Replace ‘password’ with the root user’s password.
– Check the MySQL/MariaDB Configuration
To troubleshoot this error, you should check the MySQL/MariaDB configuration settings to ensure that the ‘root’ user has permission to access the database. Here are some steps you can take:
- Check the authentication method: MySQL/MariaDB supports several authentication methods, including the traditional password-based authentication method and the more secure plugin-based authentication method. Check your MySQL/MariaDB configuration file to ensure the authentication method is correctly set up and the ‘root’ user has a valid password or authentication plugin.
- Check the user permissions: Make sure that the ‘root’ user has the permissions to access the database. You can verify this by running the below command:
SELECT user, host, plugin FROM mysql.user WHERE user = ‘root’;
This will show you the authentication plugin being used by the ‘root’ user and the hostnames from which the ‘root’ user can connect to the database.
- Check the database permissions: Verify that the ‘root’ user has the permissions to access the specified database you’re trying to connect to. You can do this by running the following command:
SHOW GRANTS FOR ‘root’@’localhost’;
This will show you the privileges assigned to the ‘root’ user on the ‘localhost’ host.
- Restart the MySQL/MariaDB server: If all else fails, try restarting the MySQL/MariaDB server. Sometimes, configuration changes do not take effect until the server is restarted.
– Check the Firewall
If you are connecting to the MySQL/MariaDB server from a remote machine, make sure that the server’s firewall is not blocking the connection. To resolve this error, you can follow these steps:
- Check your Firewall settings: Ensure your firewall is not blocking the MySQL port (the default port number is 3306). You can check this by opening your Firewall settings and verifying that port 3306 is open.
- Check MySQL privileges: You can check the privileges of the user ‘root’@’localhost’ by logging in as another user with administrative permissions and running the following command:
SHOW GRANTS FOR ‘root’@’localhost’;
This will display a list of privileges granted to the ‘root’ user. If the user does not have enough privileges, you can grant them by running the following command:
GRANT ALL PRIVILEGES ON *.* TO ‘root’@’localhost’ WITH GRANT OPTION;
- Restart MySQL service: After making any changes to the MySQL privileges, you should restart the MySQL service to ensure that the changes take effect.
Sudo systemctl restart mysql
- Test MySQL access: After completing the above steps, you can test whether the ‘root’ user has access to MySQL by logging in with the following command:
If you can log in without any errors, it means that the issue has been resolved.
– Use a Different User Account
Try logging in with a separate user account that has the privileges to access the database server. You can make a new account by using the following command:
GRANT ALL PRIVILEGES ON *.* TO ‘username’@’localhost’ WITH GRANT OPTION;
– Grant MySQL Access
MySQL Access refers to the ability to interact with a MySQL database using various means, such as through the command line, graphical user interfaces (GUIs), or application programming interfaces (APIs). Granting access will resolve your error message issue.
MySQL Access generally allows users to perform various operations on a MySQL database, such as creating and modifying tables, inserting and updating data, querying data, and managing users and permissions. MySQL Access can be granted to different users with different levels of privileges, depending on their roles and responsibilities.
MySQL Access can be performed using various tools, such as the MySQL command line client, phpMyAdmin, MySQL Workbench, and many other third-party applications and libraries.
– Correct Typo Mistake
If the user makes a typo or a syntax mistake, they can face this error message. Therefore, it is important to find all the syntax and typo mistakes to correct them. You can also get rid of other error messages, such as:
- Error 1045 (28000): Access denied for user ‘zabbix’@’localhost’ (using password: yes)
- db.utils.operationalerror: (1698, denied
- Error 1045 (28000): Access denied for user nextcloud localhost’ (using password: yes)
- Mysql root error 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: yes)
Conclusion
After reading the guide completely, you can understand how this error arises and what you can do to resolve it by using the various methods discussed here. Let’s see some major takeaways from this article.
- This error arises when the user does not have the necessary privileges to access or modify the database.
- It is important to note that the root user has full privileges in MySQL, and it is recommended to create a new user with restricted privileges for security purposes.
- To resolve the error, the user can either grant the necessary privileges to the root user or create a new user with the appropriate privileges.
- Ensure that the correct username and password are being used to access the MySQL database.
- In some cases, the error may be caused by other factors, like incorrect configuration settings or firewall restrictions.
You can resolve this issue on your own by using this article as a guide. Thank you for reading!
- Author
- Recent Posts
Your Go-To Resource for Learn & Build: CSS,JavaScript,HTML,PHP,C++ and MYSQL. Meet The Team