What is the default user and password for elasticsearch?

Question

I have installed Elastic with Docker:

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           docker.elastic.co/elasticsearch/elasticsearch:5.6.2

But curl localhost:9200 fails with an authentication error:

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "missing authentication token for REST request [/]",
        "header": {
          "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type": "security_exception",
    "reason": "missing authentication token for REST request [/]",
    "header": {
      "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status": 401
}

What is the default username/password combo for Elasticsearch?

Answer 1

Defaults are:

user: elastic
password: changeme

So:

$ curl -u elastic:changeme localhost:9200
{
  "name" : "5aEHJ-Y",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "3FmaYN7rS56oBTqWOyxmKA",
  "version" : {
    "number" : "5.6.2",
    "build_hash" : "57e20f3",
    "build_date" : "2017-09-23T13:16:45.703Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.1"
  },
  "tagline" : "You Know, for Search"
}

Read more about changing the defaults.

Answer 2

Setting up username and password for Elastic Search: (ES version:7.5.2) (Ubuntu 18.04)

Step 1: First enable xpackmonitoring in elasticsearch.yml file

root@flax:/etc/elasticsearch# vim elasticsearch.yml

Add the following line to the end of file:
    xpack.security.enabled: true

File Contents:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 127.0.0.1
http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true

Step 2: Go to /usr/share/elasticsearch folder:

root@flax:/usr/share/elasticsearch# systemctl start elasticsearch

root@flax:/usr/share/elasticsearch# ./bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Passwords do not match.
Try again.
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch.service

Answer 3

Please be careful about the version of ElasticSearch. In 7.2 parameter ELASTIC_PASSWORD works.

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           -e "ELASTIC_PASSWORD=my_own_password" \

But also this line should be added in elasticsearch.yml:

xpack.security.enabled: true

By default, it is not there.

Security settings list

Answer 4

If you enabled basic x-pack security using xpack.security.enabled: true in your elasticsearch version 7.7(at the time of writing this answer), it will not have a default password(changeme) as it used to be in the old version of x-pack.

As mentioned in the getting started with security official doc

X-Pack security provides a built-in elastic superuser you can use to start setting things up. This elastic user has full access to the cluster, including all indices and data, so the elastic user does not have a password set by default.

So you need to change the password of elastic, if you want to do it after the installation then follow setting password for built-in users in interactive mode guide

which requires you to run below command from elasticsearch bin folder.

bin/elasticsearch-setup-passwords interactive

Answer 5

To Set up username and password

ssh to the system, stop elasticsearch and kibana service, then run the following command

sudo nano /etc/elasticsearch/elasticsearch.yml

update this file, enable security by adding the following line

xpack.security.enabled: true 

Change the password

Execute the following step to change the password

step 1:

 cd /usr/share/elasticsearch/

step 2:

sudo bin/elasticsearch-setup-passwords auto

auto - Uses randomly generated passwords interactive - Uses passwords entered by a user

or

sudo bin/elasticsearch-setup-passwords interactive

you can run the command in an "interactive" mode, which prompts you to enter new passwords for the elastic, kibana_system, logstash_system, beats_system, apm_system, and remote_monitoring_user users:

The above commands can help you to setup a password

Start Elasticsearch

1. Start the Elasticsearch service by running a systemctl command:

   sudo systemctl start elasticsearch.service

It may take some time for the system to start the service. There will be no output if successful.

2. Enable Elasticsearch to start on boot:

   sudo systemctl enable elasticsearch.service

Start and Enable Kibana

1. Start the Kibana service:

   sudo systemctl start kibana

There is no output if the service starts successfully.

2. Next, configure Kibana to launch at boot:

   sudo systemctl enable kibana

Answer 6

Adding below two lines in \elasticsearch-8.2.2\config\elasticsearch.yml

# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true

and restart the server works for me, it prints password onto console with -u as username

Answer 7

In Elasticsearch version 6.x - you can specify initial password for elastic user using ELASTIC_PASSWORD env variable.

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           -e "ELASTIC_PASSWORD=my_own_password" \
           docker.elastic.co/elasticsearch/elasticsearch:6.5.4

Source: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/configuring-tls-docker.html

Answer 8

I had a similar issue with the latest version of elasticsearch. When I installed elasticsearch 7.14.0 it worked! If your interested,I have a youtube video on it : https://www.youtube.com/watch?v=mqgYebLacYI.

Answer 9

For version 8.4.3, you need to do these steps:

1. Update config\elasticsearch.yml to add xpack.security.enabled: true

2. Run this to create a keystore if got this kind of error message:

   "ERROR: Elasticsearch keystore file is missing"

   Run bin/elasticsearch-keystore create -p

3. Start Elastic search: bin/elasticsearch

4. Update password bin/elasticsearch-setup-passwords interactive

Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This command will be removed in a future release.
******************************************************************************

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]

Answer 10

For ES 8.4.3 we can reset elastic search password like below

sudo docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

Answer 11

I run the version of 8.8.0 I used , when you try running for the first time, it shows the password and username in logs, when you run it , search for the data like below in cmd it is almost latest line (I run it in windows):

 Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):

if you don't seen in the first time, just remove the elastic folder and extract again, I do this. it is simplest way for .