Redis raises "NOAUTH Authentication required" error but there is no password setting

Question

I got error NOAUTH Authentication required when I connect to Redis server via command: redis-cli and run ping to check if Redis is working.

I found answer for NOAUTH Authentication required error which describes that this error only happens when Redis is set a password, but I checked Redis config file at etc/redis/redis.conf and there is no password setting.

Does anyone know that if there are other settings which can cause this error? Thanks for any help.

p/s: I am using Ruby on Rails web framework, Redis database is used for Sidekiq.

Edited: Redis version is 2.8.4. Server is hosted on AWS.

Currently, I decided to set a password for Redis server so that it can not be set password when it is running.

(When Redis server is restarted, it will work normal. You can run sudo service redis-server restart to restart Redis server.)

It could be that this isn't the config file that your server is using. Alternatively, it may be that someone connected to your server and set a password using the `CONFIG SET requirepass` command, in which case a restart of you Redis server should sort that out. — Itamar Haber, Dec 06 '15 at 08:24
@ItamarHaber I sure that it is config file my server is using. Yes, I restart Redis server and it works again without password, but I don't know why it requires password later, and I can not run `CONFIG get requirepass` to get the password. — Thanh, Dec 06 '15 at 08:31
Probably because someone is connecting to your server and setting requirepass. — Itamar Haber, Dec 06 '15 at 08:55
I am sure that no one change this. But does it effect without setting in config file, just change via command line and it is applied? — Thanh, Dec 06 '15 at 09:04
Yep - all config directives (I think) can be changed during runtime. Sending a [`CONFIG REWRITE`](http://redis.io/commands/config-rewrite) persists the changes in the conf file. — Itamar Haber, Dec 06 '15 at 09:23
Even we are getting the same issue. Were you able to figure out the specific reason for it? — Puneeth, Dec 07 '15 at 08:52
@Puneeth we have not figured out the root cause of this problem — Thanh, Dec 07 '15 at 10:04
@Puneeth I decided to set password for Redis server to check if it still get this error. — Thanh, Dec 07 '15 at 15:12
@KienThanh thanks for getting back! Can you please provide details about the redis version you are using? — Puneeth, Dec 07 '15 at 15:19

score 51 · Accepted Answer · edited Sep 20 '20 at 21:30

51

We also faced a similar issue. Looks like someone scanned AWS, connected to all public redis servers, and possibly ran "CONFIG SET REQUIREPASS ''", thus locking down the running instance of redis. Once you restart redis, the config is restored to normal.

Best thing would be to use AWS security group policy and block port 6379 for public.

edited Sep 20 '20 at 21:30

sam1370

335
2
18

answered Dec 08 '15 at 06:43

Ashutosh Agrawal

567
4
5

1

In my case, the troll cleared the database (ran FLUSHALL), then ran CONFIG SET REQUIREPASS '', twice. Luckily I had backups, thank you for pointing the exact vunerability that allowed him to do this, and how to fix it. – Felipe Zavan Dec 09 '15 at 12:06
Seems like the very reasonable explanation, had same problem on AWS – DataGreed Dec 09 '15 at 15:51
I think I have the same problem, but how did you restart redis? When I try "sudo /etc/init.d/redis_6379 restart", I get "Stopping ... (error) NOAUTH Authentication required." – Kohanz Dec 11 '15 at 15:27
Nevermind, I found the PID and sudo kill'd the process. – Kohanz Dec 11 '15 at 15:49
@Kohanz you can run `sudo service redis-server restart` to restart redis – Thanh Dec 15 '15 at 06:22
@KienThanh thanks but that didn't work for me (perhaps it was not installed as a service?) – Kohanz Dec 16 '15 at 13:00

score 11 · Answer 2 · answered Nov 08 '21 at 10:58

I'm running Redis with Docker and there is an authentication password with the REDIS_PASSWORD env variable.

After connecting to the container with docker exec command, connect to redis CLI by entering the redis-cli command.

Then enter auth {password}, (the password that is set with the REDIS_PASSWORD)

jianyongli · Answer 3 · 2022-07-20T00:50:12.057

7

specific your redis password in the redis-cli command line eg:

redis-cli -h 127.0.0.1 -p 6379 -a "$your_password"

check your $your_password.

It's recommend to add double quote to the password on the command line.

edited Jul 20 '22 at 00:50

answered May 15 '22 at 09:09

jianyongli

1,131
12
10

I think `-a` should be used for the password. This worked for me `sudo -u redis -g redis redis-cli --user admin -h ${IP_ADDRESS} -p 6379 -a "$ADMIN_PASS"` – vikramaditya234 Jul 19 '22 at 12:06
@vikramaditya234 You are right. I‘ve corrected my typo. – jianyongli Jul 20 '22 at 00:49

score 4 · Answer 4 · edited Dec 10 '15 at 04:05

4

I Have the same problem. after that I'm set requirepass for the redis server.
And add that password in initializer/redis.rb

$redis = Redis.new(:password=>"****")

It works fine

edited Dec 10 '15 at 04:05

ketan

19,129
42
60
98

answered Dec 10 '15 at 04:00

Son Nguyen

79
3

you should also limit connect to your Redis port if your server is installed on AWS. – Thanh Dec 11 '15 at 04:36

Farshad · Answer 5 · 2023-01-18T07:18:26.800

Redis password has been saved in redis.conf in this /etc/redis/ directory you are able to see/edit redis config/password by:

sudo vim /etc/redis/redis.conf

Scroll to the SECURITY section and look for a commented directive that reads(use / to enter a phrase to search in vim and press enter):

# requirepass foobared

Uncomment it by removing the #, and change the foobared to a secure password (save changes by press esc key and :wq).

you can use openssl to generate a secure password to use in real project on server:

openssl rand 60 | openssl base64 -A

and copy secure password to redis.conf or use a simple password for learning on the local machine. After the password is changed don't forget to restart the redis service by:

sudo systemctl restart redis.service

use redis-cli to enter redis shell. then enter password using auth.

127.0.0.1:6379> auth your_password
OK
127.0.0.1:6379>

credits goes to DigitalOcean Community read more about securing redis here.

score 3 · Answer 6 · edited May 23 '17 at 12:25

3

I had the same issue (running on AWS) and discovered our redis port was exposed. You probably had the same. Someone was messing around.

EDIT: The solution: reset your redis password and then (assuming you have it running as a service) restart the service providing the new password

edited May 23 '17 at 12:25

Community

1
1

answered Dec 07 '15 at 18:28

haren

1,595
2
11
17

Yes, I restarted server and it works normal but then stuck again. So I decided to set a password for it so that it can not set new password again. – Thanh Dec 08 '15 at 08:30
Do you have your redis port (presumably 6379) exposed to the world? Closing it is the first step in the solution. – haren Dec 08 '15 at 08:54
Yes, maybe the server is not protected port 6379 of redis. My solution is set a password for redis server so it can not be override password. – Thanh Dec 08 '15 at 12:24

score 3 · Answer 7 · answered Dec 11 '15 at 16:22

Had the exact same problem running Redis on an AWS instance. I would restart redis-server without any password requirements (#requirepass ''), would work fine for a few hours, then would throw "NOAUTH Authentication required" and eventually would have to restart redis-server.

Checked the Security Groups settings in AWS for the instance and saw port 6379 open to the public (0.0.0.0/0). We limited the port access to our only server that needs to access and haven't seen the issue come up ever since!

P.S. This is my first ever contribution to StackOverflow. Thanks for the help!

score 2 · Answer 8 · answered Aug 04 '21 at 11:39

2

You can have a try: auth 'foobared' It should be default password in config file: /etc/redis/redis.conf

answered Aug 04 '21 at 11:39

Jichao Zhang

436
5
7

Akhil Latta · Answer 9 · 2015-12-09T06:48:59.387

If you have made any changes in configuration file then don't forget to restart redis service with sudo service redis-server restart command.

Edit: If you are running redis service in production mode then redis requires password to run. For that you need to set password in your config file present at /etc/redis.

You need to set requirepass ******* in that file under ########### SECURITY ############ section.

Then restart your server sudo service redis-server restart.

After that add that password in your config or initializer file where you have set your hostname and port. Example:

$redis = Redis.new(:host => 'localhost', :port => 6379, :password => "*******")

I did not make any change, the Redis server require a password when it is running while configuration is not set password. — Thanh, Dec 07 '15 at 15:13

score 0 · Answer 10 · edited Jan 09 '23 at 08:18

0

I Have the same problem, I found it's caused by someone starting redis with another redis.cnf configure file, So I stopped redis-server and then started redis-server to specify a configure file.

redis-server /etc/redis.cnf

Then everything works fine.

edited Jan 09 '23 at 08:18

Farshad

337
2
9

answered Sep 23 '16 at 07:08

Fangxing

5,716
2
49
53

score 0 · Answer 11 · answered Jun 28 '22 at 11:43

I was getting the same error on localhost so just tried this, which is default behaviour by the way:

redis-cli
auth admin

And it worked. By the way if anyone just struggling for

redis.conf

(as i was) just use:

nano /usr/local/etc/redis.conf

you can also see you password here in redis.conf file against

requirepass (can search for it in file)

Note: Don't use such configuration for production its just for localhost.

Redis raises "NOAUTH Authentication required" error but there is no password setting

11 Answers11

Linked