How to Reset MySQL Root Password on Linux (MySQL 8 & MariaDB)

Overview

Losing MySQL root access is one of those problems that feels catastrophic but is usually fixable in under ten minutes. A MySQL password reset is needed when you’ve inherited a server without credentials, migrated to a new VPS, or simply haven’t logged in for months and can’t remember what you set. It’s also common after restoring a snapshot or provisioning a new Host & Tech VPS SSD Hosting instance where the MySQL root password was never explicitly set.

The process differs slightly between MySQL 8.0+ and MariaDB 10.x, and it differs again depending on whether your distribution uses socket-based authentication for root — which Ubuntu 20.04, 22.04, and 24.04 do by default. If you skip that detail, the reset appears to work but you still can’t log in with a password. This guide covers both cases.

These steps apply to self-managed Linux servers (Ubuntu, Debian, AlmaLinux/CentOS). If you’re on managed WordPress hosting or a cPanel environment, your MySQL credentials are handled differently — check the cPanel MySQL Databases interface first before going this route.

Prerequisites

• SSH access to the server with sudo or root privileges
• MySQL 8.0+ or MariaDB 10.3+ installed (these steps don’t apply to MySQL 5.7 --skip-grant-tables flow exactly as written — see the note in Step 2)
• Ability to stop and restart the MySQL/MariaDB service (requires root or sudo)
• A terminal client — PuTTY, Windows Terminal, or any SSH client works fine
• 2–5 minutes of downtime tolerance — MySQL must be stopped briefly during the reset

Step-by-Step: Reset the MySQL Root Password

Step 1 — Check Which Database Server You’re Running

Before anything else, confirm whether you’re on MySQL or MariaDB. The commands are slightly different.

mysql --version

You’ll see something like mysql Ver 8.0.36 or mysql Ver 15.1 Distrib 10.6.16-MariaDB. Note this — you’ll need it in Step 4.

Step 2 — Stop the MySQL Service

You need to stop MySQL so you can restart it without authentication checks.

sudo systemctl stop mysql
# or on AlmaLinux/CentOS:
sudo systemctl stop mysqld

Confirm it stopped:

sudo systemctl status mysql

You should see inactive (dead). If it won’t stop cleanly, check for active connections with sudo ss -tp | grep mysql and kill them first.

Step 3 — Start MySQL in Safe Mode (Skip Grant Tables)

This starts MySQL without loading the permission system, which lets you log in without a password. The method changed in MySQL 8 — the old --skip-grant-tables alone isn’t sufficient. Use the init-file approach for MySQL 8, or the direct flag for MariaDB.

For MySQL 8.0+:

# Create a temporary SQL init file
sudo mkdir -p /var/lib/mysql-reset
sudo tee /var/lib/mysql-reset/reset.sql << 'EOF'
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourNewSecurePassword123!';
EOF

# Start MySQL using that init file
sudo mysqld --user=mysql --init-file=/var/lib/mysql-reset/reset.sql &

Wait 5–10 seconds for MySQL to start and process the file. Then stop it and clean up:

sudo kill $(sudo cat /var/run/mysqld/mysqld.pid)
sudo rm -rf /var/lib/mysql-reset

For MariaDB 10.x:

sudo mysqld_safe --skip-grant-tables --skip-networking &

The --skip-networking flag is there for a reason: it prevents remote connections while the server has no authentication. Don’t skip it.

📝 Note: On MySQL 5.7 (older servers), the original --skip-grant-tables method still works, but MySQL 5.7 is end-of-life. If you’re still running it, I’d strongly recommend upgrading before this becomes a bigger problem.

Step 4 — Log In and Set the New Password

For MySQL 8.0+ (if you used the init-file method above):

MySQL should already have processed the password change. Restart the service normally and test:

sudo systemctl start mysql
mysql -u root -p

Enter the password you set in the reset.sql file. If you get in, you’re done. Skip to Step 5.

For MariaDB (skip-grant-tables method):

Connect without a password:

mysql -u root

Then run:

FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'YourNewSecurePassword123!';
EXIT;

Now stop the safe-mode instance and start MySQL normally:

sudo kill $(sudo cat /var/run/mysqld/mysqld.pid 2>/dev/null || pgrep mysqld)
sudo systemctl start mysql
mysql -u root -p

⚠ Warning: Replace YourNewSecurePassword123! with an actual strong password before running any of these commands. Never leave a literal example password on a production server.

Step 5 — Handle Socket Authentication (Ubuntu-Specific Gotcha)

This is the part official docs gloss over. On Ubuntu 20.04, 22.04, and 24.04, MySQL root defaults to the auth_socket plugin — meaning it authenticates by your Linux username, not a password. So even after a reset, mysql -u root -p may still fail if the plugin wasn’t changed.

Check what auth plugin is set:

SELECT user, host, plugin FROM mysql.user WHERE user = 'root';

If you see auth_socket or unix_socket in the plugin column, run this to switch to password authentication:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourNewSecurePassword123!';
FLUSH PRIVILEGES;
EXIT;

📝 Note: On MySQL 8.0.34+, mysql_native_password is deprecated and disabled by default in MySQL 8.4. If you’re on MySQL 8.4, use caching_sha2_password instead, or enable the native plugin explicitly in /etc/mysql/mysql.conf.d/mysqld.cnf.

Step 6 — Re-run mysql_secure_installation (Optional but Recommended)

If this is a fresh server and you haven’t hardened MySQL yet, now’s a good time:

sudo mysql_secure_installation

⚠ Warning: If root is still using socket auth, mysql_secure_installation will throw an error or behave unexpectedly. Complete Step 5 first, then run this.

Common Issues & Troubleshooting

ERROR 1698 (28000): Access denied for user ‘root’@’localhost’

This is the socket auth issue described in Step 5. You’re connecting with a password but MySQL is expecting OS-level authentication. Log in via sudo mysql (no password flag), then switch the auth plugin as shown in Step 5.

mysqld: Can’t create/write to file ‘/var/lib/mysql-reset/reset.sql’

Permission problem. Make sure you’re using sudo tee rather than a redirect with your regular user. The MySQL process runs as the mysql user — the init file path needs to be readable by it. /tmp works as an alternative path if you’re stuck.

MySQL won’t start after the reset attempt

Usually caused by a leftover PID file or a crashed safe-mode instance still holding the socket. Check:

sudo rm -f /var/run/mysqld/mysqld.pid
sudo rm -f /var/run/mysqld/mysqld.sock
sudo systemctl start mysql

If it still won’t start, check the error log:

sudo tail -50 /var/log/mysql/error.log

mysql_native_password plugin not found (MySQL 8.4)

MySQL 8.4 ships with mysql_native_password disabled. Either use caching_sha2_password in your ALTER USER statement, or re-enable the legacy plugin by adding mysql_native_password=ON under [mysqld] in your config file and restarting.

Password reset worked but phpMyAdmin still shows Access Denied

phpMyAdmin caches credentials in its config file. Check /etc/phpmyadmin/config.inc.php or your custom phpMyAdmin config and update the $cfg['Servers'][$i]['password'] value. Also clear any browser session cookies — phpMyAdmin’s session handling will hold onto a failed auth state.

Frequently Asked Questions