How to Install MySQL on Ubuntu 26.04 LTS: A Complete Guide

In this comprehensive step-by-step guide, we’ll show you how to install MySQL 8.4 on Ubuntu 26.04 LTS (Resolute Raccoon) using apt, the default package manager for Debian-based distributions.

Whether you’re a developer, a CTO, or a web agency, properly configuring a relational database management system (DBMS) is a critical step. MySQL forms the foundation for the LAMP (Linux, Apache, MySQL, PHP) and LEMP (Nginx) stacks, which are essential for securely scaling enterprise web apps, complex CMSs, and high-traffic e-commerce sites.

Is your business growth being slowed down by database bottlenecks or fragile, complex architectures? Optimizing queries isn’t enough if the underlying infrastructure isn’t solid. We design highly scalable IT infrastructures: discover how our Ubuntu Server Support for high-performance infrastructures and DB optimization can resolve latency issues and ensure maximum stability in production.

Guide Highlights

• Updates and Installation: Safe use of apt official packages.
• Security (Hardening): Configuration of mysql_secure_installation for production environments.
• Remote Access: Secure setup via SSH tunnel without exposing port 3306 to the web.
• Management Tools: Advanced connection via MySQL Workbench.

Installing MySQL on Ubuntu 26.04

If you’re starting a new project and looking for a reliable European cloud provider to host your Ubuntu server with guaranteed performance, we recommend checking out the VPS and cloud solutions from our partner Ionos.

As the first step in installing MySQL on Ubuntu 26.04, let’s update the list of packages available in the official repositories (ensuring we have the latest security patches) with:

sudo apt update

Let’s proceed to install the MySQL server on Ubuntu with this command:

sudo apt install mysql-server

Once the installation is complete, the server daemon should start automatically. Let’s check if the process is active and running:

sudo service mysql status

● mysql.service - MySQL Community Server
     Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
     Active: active (running) since Mon 2026-04-27 07:33:33 UTC; 2s ago
 Invocation: 345f00cd028f4e6fb70288ee2b82f14e
    Process: 2059 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
   Main PID: 2069 (mysqld)
     Status: "Server is operational"
      Tasks: 35 (limit: 3828)
     Memory: 478M (peak: 478.1M)
        CPU: 761ms
     CGroup: /system.slice/mysql.service
             └─2069 /usr/sbin/mysqld

If it is not active, we can restart MySQL and check again:

sudo service mysql restart

Now let’s check the default MySQL port, 3306 TCP, which should now be listening. To do this, use network tools:

sudo apt install net-tools
sudo netstat -tnplu | grep 3306

The command should return the following output, confirming that port 3306 is listening (LISTEN) strictly on the localhost (127.0.0.1), an essential security practice:

tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN      2191/mysqld         
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      2191/mysqld         

Configuring and Securing MySQL (Hardening)

The server is active, but for a new installation, the configurations applied are basic and security is minimal. In enterprise scenarios or with a view to hardening the infrastructure, it is highly recommended to run the built-in security script to set password policies and remove known vulnerabilities (such as anonymous users).

sudo mysql_secure_installation

The script will guide us through the configuration. First, we enable the component VALIDATE PASSWORD and set a strong security level (2 = STRONG) to prevent brute-force or dictionary attacks:

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

There are three levels of password validation policy:
LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2

The script will ask to remove anonymous users. We respond affirmatively to increase security in the production environment:

Skipping password set for root as authentication with auth_socket is used by default.
If you would like to use password authentication instead, this can be done with the "ALTER_USER" command.
See https://dev.mysql.com/doc/refman/8.0/en/alter-user.html#alter-user-password-management for more information.

By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y

Disable remote login for the user root. The connection must occur via UNIX sockets only from the local machine, preventing attacks from outside:

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y

Let’s remove the test database (often used as a vector for vulnerability scanning):

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y

Finally, we flush (reload) the privilege tables to immediately apply all the security rules we’ve set:

 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y

If you want to learn more about these configurations, you can find the official MySQL documentation here

Accessing MySQL from the console and the Root password

The installation is complete. We can log in as the user root directly from the CLI (Command Line Interface) of our Ubuntu server:

sudo mysql -u root

Let’s verify that everything is working by viewing the system databases generated by the installation:

SHOW DATABASES;

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)

You have successfully installed the MySQL server on Ubuntu 26.04! You can now proceed to connect your web apps (for example, by completing the LAMP stack configuration).

Setting or changing the root password in MySQL

By default in Ubuntu, the root user uses authentication via `auth_socket` (does not require a password but requires system sudo privileges). If your architecture requires a standard password-based login (for example, to access via an external tool), use this query, taking care to generate a cryptographically strong password:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'secure_password';
FLUSH PRIVILEGES;

Accessing Remote MySQL via SSH Tunnel

Exposing the port 3306 publicly on the internet is considered a very serious security vulnerability. To access a remote MySQL server, the best practice in SysAdmin is to create an SSH Tunnel.

This forwards traffic in an encrypted manner from port 3306 on the remote server to port 33006 of your local development machine:

ssh user@SERVER-IP -L 33006:localhost:3306

With the tunnel active, you can connect your local MySQL client to the remote production server by simply querying your localhost:

mysql -h 127.0.0.1 -P 33006 -u root -p

Accessing with MySQL Workbench

If you prefer a visual approach, MySQL Workbench is the industry standard for DBAs (Database Administrators) and DevOps developers. It allows you to create complex queries, generate EER diagrams, and manage indexes with ease, natively integrating the SSH tunneling feature described above.

1. Open MySQL Workbench and create a New Connection.
2. In the Connection Method field, select Standard TCP/IP over SSH.
3. Fill in the SSH settings:
   • SSH Hostname: Ubuntu server IP address:22
   • SSH Username: Your Linux username
   • SSH Password: Your SSH private key (recommended) or password.
4. Fill in the MySQL settings:
   • MySQL Hostname: localhost (or 127.0.0.1)
   • MySQL Server Port: 3306
   • Username: root or the specific DB user you created
   • Password: Click "Store in Vault" to save the DB password.
5. Click Test Connection to verify the secure connection.

FAQ: Frequently Asked Questions about installing MySQL on Ubuntu

Where is the configuration file my.cnf in Ubuntu 26.04?

The main MySQL configuration file on Debian/Ubuntu distributions is usually located in /etc/mysql/mysql.conf.d/mysqld.cnf. Any changes made to this file will require restarting the daemon service (sudo systemctl restart mysql) to take effect.

How do I completely uninstall MySQL from Ubuntu?

If you need to remove the server and purge all configuration data, run: sudo apt purge mysql-server* mysql-client* mysql-common* then remove the data directory with sudo rm -rf /var/lib/mysql/ (Warning: the data will be irreversibly lost).

What is the default root password in MySQL?

In recent versions installed via apt on Ubuntu, the database root account does not have a traditional password. It uses the auth_socket, allowing the system superuser (root) to log in to the database using the command sudo mysql without a password prompt.