Default Password Reset

How i can reset default admin password

1 Like

I don’t know the best way. But I found that the internal users database (that is, if not using SSO) is located on

/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml

There is admin and other users listed there. Their passwords are hardcoded as hashes that can be replaced by any other password hash. The hash.sh script located in plugins/opendistro_security/tools/hash.sh gives you the relevant output for any password you type.

I hope you find this info useful. Keep in mind that I haven’t looked much at the docs, so please do not hesitate in correcting this answer if you find it inaccurate.

2 Likes

This doesn’t work for me, just changed the hash value and the key “readonly” to false but it doesn’t seem to have any effect, the admin password is still “admin”, have you find the correct way to change this?

Hmmm… I think you have to restart elasticsearch to apply the changes. But keep in mind that if you’re using the docker container, the configuration files must reside in a (persistent) volume.

Thanks man, it seems to be something else tho, even with the file mounted as a persistent volume the password doesn’t change. Anyways, do you have any idea why the output hash of the hash.sh is different every time with the same input?

Hi @MqewuD52 we opened an issue to change the default. https://github.com/opendistro-for-elasticsearch/security/issues/10

In the meantime can you clarify how you started up the docker container? Are you persisting indexes to a volume?

Hey, I was able to change the password, what I did was to generate the hash, put it in the internal_users.yml file and the run the script securityadmin.sh like this.

sh securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem
2 Likes

Oh, thanks. You’re right, that is required to redeploy the security changes.
Now I remember that I didn’t need to run securityadmin.sh as the docker container executes securityadmin.sh on first run, and my customizations to internal_users.yml were already stored on the volume.

By the way, the output of the hash is different even when using the same input because it includes some pseudo-random bits (salt) to make it stronger against a rainbow attack. See Bcrypt Description.

Thanks to all , i will try it

Thanks for that… The Documentation is all over the place on this. That is a piece I was missing as well!

1 Like

Thanks, Worked for me also, I had to do this …
I am on CentOS 7 64bit OS used below commands to reset default admin password,

sh /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh ( to create new hash password )
vim /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml ( added new hash in below field marked in bold )
admin:
readonly: true
hash:
to reflect the changes, run below commands,
cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/
sh /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh /usr/share/elasticsearch/plugins/opendistro_security/securityconfig -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem

Now I can login in kibana with my new password (user is admin)

1 Like

Thanks for your sharing

I know this is a little old thread but I’m wondering has something changed with these commands as I cant seem to change the password from default.

When I run the commands they appear to work but my client pod is no longer accessible and its logs have continuous error of :

Authentication finally failed for admin from IP:Port (Port number changes)

Its like the securityadmin.sh script has not fully propogated the change or something…

I have mounted user file as secret. and i regenerated bcrypt password on every run.
and on every run it updates the same password with diff hash value.
Do i need to run security.sh or restart my pod.?
OR
regenerating hash value (with same password) does not effect internally?