Default Password Reset

#1

How i can reset default admin password

#2

I don’t know the best way. But I found that the internal users database (that is, if not using SSO) is located on

/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml

There is admin and other users listed there. Their passwords are hardcoded as hashes that can be replaced by any other password hash. The hash.sh script located in plugins/opendistro_security/tools/hash.sh gives you the relevant output for any password you type.

I hope you find this info useful. Keep in mind that I haven’t looked much at the docs, so please do not hesitate in correcting this answer if you find it inaccurate.

2 Likes
#3

This doesn’t work for me, just changed the hash value and the key “readonly” to false but it doesn’t seem to have any effect, the admin password is still “admin”, have you find the correct way to change this?

#4

Hmmm… I think you have to restart elasticsearch to apply the changes. But keep in mind that if you’re using the docker container, the configuration files must reside in a (persistent) volume.

#5

Thanks man, it seems to be something else tho, even with the file mounted as a persistent volume the password doesn’t change. Anyways, do you have any idea why the output hash of the hash.sh is different every time with the same input?

#6

Hi @MqewuD52 we opened an issue to change the default. https://github.com/opendistro-for-elasticsearch/security/issues/10

In the meantime can you clarify how you started up the docker container? Are you persisting indexes to a volume?

#7

Hey, I was able to change the password, what I did was to generate the hash, put it in the internal_users.yml file and the run the script securityadmin.sh like this.

sh securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem
2 Likes
#8

Oh, thanks. You’re right, that is required to redeploy the security changes.
Now I remember that I didn’t need to run securityadmin.sh as the docker container executes securityadmin.sh on first run, and my customizations to internal_users.yml were already stored on the volume.

By the way, the output of the hash is different even when using the same input because it includes some pseudo-random bits (salt) to make it stronger against a rainbow attack. See Bcrypt Description.

#9

Thanks to all , i will try it

#10

Thanks for that… The Documentation is all over the place on this. That is a piece I was missing as well!

1 Like
#11

Thanks, Worked for me also, I had to do this …
I am on CentOS 7 64bit OS used below commands to reset default admin password,

sh /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh ( to create new hash password )
vim /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml ( added new hash in below field marked in bold )
admin:
readonly: true
hash:
to reflect the changes, run below commands,
cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/
sh /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh /usr/share/elasticsearch/plugins/opendistro_security/securityconfig -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem

Now I can login in kibana with my new password (user is admin)