When using the elasticsearch password reset tool (elasticsearch-reset-password) in Linux, using a special character will pick up the shell interpretation and not the character itself. In particular, I’m having issues using ‘!’ in my password as it wants to interpret command history from the shell session. Is there a way to reset the password with this tool and use special characters?
Hi @Ryan_Clark
Yes, you can also use passwords containing special characters (like ‘!’) in the elasticsearch-reset-password tool, but you'll need to avoid shell interpretation. There are two easy ways to do this.
Method 1: Use interactive mode
Run the command:
elasticsearch-reset-password -u elastic -i
Then type the password manually when prompted (this avoids shell interpretation).
Method 2: Enclose the password in quotes
If you want to provide the password directly in the command, enclose it in single quotes (' ').
elasticsearch-reset-password -u elastic -p 'MyP@ssw0rd!'
Use single quotes ' ' around the password, or escape special characters (e.g., MyP@ssw0rd\!) if needed.
You can try both of these methods once; it might solve your problem.
Apologies, I wasn’t specific. This is actually occurring using the interactive mode. I was trying to avoid method 2 so the password wouldn’t show up in command history. Also the version I’m using (9.1.3) claims there isn’t a ‘-p’ option. This really seems like a bug if it’s happening in interactive mode.
right, no -p option for me on my Mac with 9.20 either.
❯ ./elasticsearch-reset-password -u elastic -i --url https://localhost:9200
This tool will reset the password of the [elastic] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Re-enter password for [elastic]:
Password for the [elastic] user successfully reset.
No issue with ! in the password for me.
Which shell and operating system are you using to make it more clear what the possible issue is happening?
This is on RHEL9 using a bash shell. I generalized the issue saying special characters in general. The specific issue is having two exclamation points in succession ‘!!’ as this is interpreted as “run the last command”. I do not get an error setting the password. It successfully sets the password but if I have ‘!!’ in the password, it injects the last command issued in the shell into the password. Because of this, the password is unusable when you try to login because of the command injection.
I can reproduce on RHEL10 too. I am guessing it starts/forks some of shell to read the password. Looks like a bug to me, though where is not clear.
I did some additional testing of some common shell character bindings and it appears the ‘!$’ sequence also reverts to the shell interpretation which is “last argument of the previous command”.
I guess the relevant java code is shown here, see promptForPassword, but the details are hidden behind these calls:
SecureString password1 = new = SecureString(terminal.readSecret("Enter password for [" + providedUsername + "]: "));
...
SecureString password2 = new = SecureString(terminal.readSecret("Re-enter password for [" + providedUsername + "]: "))
I would have thought an application just reading from the terminal would not involve the parent (bash) shell. Maybe I was wrong, though I dont see any child shells spawned from the JVM parent. Or maybe ES uses some java library with similar “shell functionality”, something like readline.