Skip to main content

How to Install MySQL 8.4 in Debian 13 - Complete Guide

In this guide, we will see how to install MySQL 8.4 in Debian 13 Trixie with apt, the default package manager.

This is very common in our professional Linux consulting and support work, as it is the basis for LAMP (Linux, Apache, MySQL, PHP), LEMP (NginX), and various other stacks required for web apps, CMS, and e-commerce.

Official MySQL Repository Configuration

As a first step, to install MySQL 8.4 in Debian 13 Trixie, we download the configuration package from the official MySQL repository

sudo apt update && sudo apt install wget
sudo wget https://dev.mysql.com/get/mysql-apt-config_0.8.36-1_all.deb

Install the downloaded package.

sudo apt install ./mysql-apt-config_0.8.36-1_all.deb

During configuration, we can select the desired version by displaying one of these screens

  │ Which MySQL product do you wish to configure?                           │ 
  │                                                                         │ 
  │         MySQL Server & Cluster (Currently selected: mysql-8.4-lts)      │ 
  │         MySQL Connectors (Currently selected: Enabled)                  │
Configuring mysql-apt-config
----------------------------
The MySQL APT Repository features MySQL Server along with a variety of components. You may select the desired
products to install and update from the official MySQL Repository, and also select the associated version series.
Select "Ok" to save the configuration, and then execute "apt update" to load the selected package list. This
configuration can be updated later, depending on your needs.
 1. MySQL Server & Cluster (Currently selected: mysql-8.4-lts)  3. Ok
 2. MySQL Connectors (Currently selected: Enabled)
Which MySQL product do you wish to configure? 3

If you prefer MySQL 8.0, change the selection to mysql-8.0 and follow our guide "Installing MySQL 8.0 in Debian 12 Bookworm" instead

Install MySQL 8.4 in Debian 13

Update the list of available packages

sudo apt update

We will notice new lines containing the new MySQL 8.4 repository for Debian 13 Trixie

Get:5 http://repo.mysql.com/apt/debian trixie/mysql-8.4-lts Sources [951 B]
Get:6 http://repo.mysql.com/apt/debian trixie/mysql-apt-config amd64 Packages [566 B]
Get:7 http://repo.mysql.com/apt/debian trixie/mysql-8.4-lts amd64 Packages [16.9 kB]
Get:8 http://repo.mysql.com/apt/debian trixie/mysql-tools amd64 Packages [4129 B]

Let's proceed to install MySQL with this command

sudo apt install mysql-server

The process will ask us to enter a password. In this case, I left it blank, so authentication will take place via Socket, only locally. We will configure it later

Check status and restart MySQL

We have successfully installed MySQL 8.4 in Debian 13 Trixie. The server should already be running. Let's check if the process is active

sudo service mysql status

If it is not active, we can restart MySQL and repeat the check

sudo service mysql restart
* Stopping MySQL database server mysqld                         [ OK ]
* Starting MySQL database server mysqld                         [ OK ]

Let's check the default MySQL port, 3306 TCP, which should now be listening

sudo apt install net-tools
sudo netstat -tnplu |grep 3306

The command should return the following output, showing port 3306 listening locally

tcp    0      0 127.0.0.1:3306      0.0.0.0:*   LISTEN      -
tcp6   0      0 :::33060            :::*        LISTEN      -

Configure MySQL 8.4

The server is active. For a new installation, the default configurations are used, and security is poor. At this point, it is vital to run the MySQL configuration script to set up authentication and remove anonymous access, a process we often deal with in our DevOps and Automation Consulting projects to ensure consistent security standards.

sudo mysql_secure_installation

The script will guide us through the configuration of the server's security options

First, we enable password checking for users and select strong passwords, with a dictionary search for common passwords.

Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: Y
There are three levels of password validation policy:
LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
Please set the password for root here.
Skipping password set for root as authentication with auth_socket is used by default.
If you would like to use password authentication instead, this can be done with the "ALTER_USER" command.
See https://dev.mysql.com/doc/refman/8.4/en/alter-user.html#alter-user-password-management for more information.

We remove anonymous users to increase security

By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y

We configure local user authentication root, which will take place via socket, only on the local machine

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y

We remove the test databases

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y

We reload the privilege tables so that our changes are applied immediately.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : 

Accessing MySQL from the console

We have finished installing MySQL 8.4 in Debian 13 Trixie. We can log in with the user root from our server console and, for example, list the existing databases

sudo mysql -u root

When connecting to the database, MySQL 8.4 may display an error due to the lack of a plugin:

ERROR 1524 (HY000): Plugin 'mysql_native_password' is not loaded

MySQL 8.4 and above implement mysql_native_password. If you see this error, follow our guide to enable the mysql_native_password authentication plugin

Once we have done this in MySQL, we list the databases present

show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)

The output shows us the databases present. We have successfully installed MySQL in Debian 13 Trixie. We can use our MySQL with the usual syntax and connect our Web Apps and CMS

MySQL root user password

To access remotely, you will need to set the MySQL password root . We can use this command, but we recommend using a "strong" password with numbers, upper and lower case letters, and special characters.

ALTER USER 'root'@'localhost' IDENTIFIED BY 'my_secure_password';

Accessing remote MySQL

To access a remote MySQL, we recommend using an SSH tunnel, redirecting the remote port 3306 of our server, which only listens on localhost, to our local port 33006 local

ssh root@IP-or-DNS -L 33006:localhost:3306

Thanks to the tunnel, we can connect directly to our port 33006 in localhost with the credentials root created earlier

Access with MySQL Workbench

MySQL Workbench is an excellent tool for MySQL DBAs and Operations, allowing you to create databases, manage server configuration, administer users, perform backups, and much more. It already incorporates the SSH tunnel described above.

  1. Let's create a new connection
  2. Select "Standard TCP/IP over SSH."
  3. Enter the SSH configurations for your server
    1. SSH Host name
    2. SSH User name
    3. Password or SSH key
  4. MySQL database configurations
    1. Host name
    2. Server port
    3. Username
    4. Password
  5. Testing the connection
Secure your database: rely on a Linux system administrator

A default MySQL installation is not ready for production. If you need to manage sensitive data, configure automatic backups, or optimize queries to handle high traffic loads, our team is at your disposal.

Request a Free Analysis (30 min.)

Add new comment

Comment

  • Allowed HTML tags: <br> <p> <code class="language-*"> <pre>
  • Lines and paragraphs break automatically.
  • Only images hosted on this site may be used in <img> tags.