MySQL, the world’s most popular open source relational database management system is not available in the default Debian’s repositories. MariaDB is the default database system in Debian 10.

This tutorial, explains how to install and secure MySQL on Debian 10 from the MySQL Apt Repository.

Configuring MySQL Repository

To add the MySQL APT repository to your system go to the repository download page and download the latest release package using the following wget command:

wget http://repo.mysql.com/mysql-apt-config_0.8.13-1_all.deb

Once the download is completed install the release package as a user with sudo privileges:

sudo apt install ./mysql-apt-config_0.8.13-1_all.deb

You will be presented with the configuration menu from where you can select the MySQL version you want to install.

MySQL 8.0 is pre-selected, if you want to install MySQL 5.7, select MySQL Server & Cluster (Currently selected: mysql-8.0) and choose your preferred MySQL version

We’re going to install MySQL version 8.0. Select OK by pressing Tab and hit Enter (as shown in the image above).

If you are not sure which version to choose, consult the documentation of the application you’re going to deploy on your server.

Installing MySQL

Update the package list with and install the MySQL server package by running:

sudo apt updatesudo apt install mysql-server

The installer will ask you to set the MySQL root password. Do not set the password now (leave it blank), we will do that in the next section.

Next, you will be presented with a message informing you about the new MySQL 8 authentication. Before selecting the default MySQL 8 authentication plugin make sure it is supported by your application.

Once the installation is completed, the MySQL service will start automatically, you can verify it by typing:

sudo systemctl status mysql
● mysql.service - MySQL Community Server
   Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: en
   Active: active (running) since Fri 2019-07-26 13:23:25 PDT; 37s ago
   ...

Securing MySQL

Run the mysql_secure_installation command to set the root password and to improve the security of the MySQL installation:

sudo mysql_secure_installation
Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No:

You will be asked to configure the VALIDATE PASSWORD PLUGIN which is used to test the strength of the MySQL users passwords. There are three levels of password validation policy, low, medium and strong. Press ENTER if you don’t want to set up the validate password plugin.

Please set the password for root here.

New password:

Re-enter new password:

On the next prompt, you will be asked to set a password for the MySQL root user.

By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Once you set the root password the script will also ask you to remove the anonymous user, restrict root user access to the local machine and remove the test database. You should answer “Y” (yes) to all questions.

Connecting to the MySQL Server

To interact with MySQL through the terminal, use the mysql client which is installed as a dependency of the MySQL server package.

If you selected the default authentication method to log in to the MySQL server as the root user type:

sudo mysql

Otherwise, if you selected the legacy authentication method to log in type:

mysql -u root -p

You will be prompted to enter the root password you have previously set when the mysql_secure_installation script was run. Once you enter the password you will be presented with the MySQL shell as shown below:

Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 10
Server version: 8.0.17 MySQL Community Server - GPL
...

Conclusion

In this tutorial, you’ve learned how to install and secure a MySQL server on a Debian 10 server. We have also shown you how to connect to the MySQL shell.

If your application does not have any specific requirements, you should stick with MariaDB, the default database system in Debian 10.