Failed to authenticate user [elastic] AND received plaintext http traffic on an https channel, closing connection

Hello everyone,
while setting up the highest security possible I am encountering multiple Problems.
The first one is:
[2021-09-13T13:01:54,594][INFO ][o.e.x.s.a.AuthenticationService] [elasticsearch] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

I don't know what the elastic-user is trying to do so I can't find out how to fix this problem. The password that I know for him is valid, which i checked after loggin into the webserver.
BUT i did not put this password into any keystore since I didn't read a Instruction to do it.(Only the kibana password for basic security)

The second Problem is:
received plaintext http traffic on an https channel, closing connection

This happened after I activated Basic Security+HTTPS. I am assuming that my self-signed Certificate is the reason for this? Or could there be another trigger? I am not very concerned since it only is a warning but I cannot find out which Process is trying to communicate with the 9200 port. My Log-Files are full with each of these messages so I will provide my .yml:

elasticsearch.yml:

cluster.name: "cluster"
node.name: node1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: node1
http.port: 9200
discovery.seed_hosts:
 - node2:9300
 - node3:9300
cluster.initial_master_nodes:
 - node1
 - node2
 - node3
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

kibana.yml:

server.port: 5601
server.host: "node1"
server.publicBaseUrl: "http://node1"
server.name: "node1"
elasticsearch.hosts: ["http://node1:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "??"
logging.verbose: true
monitoring.kibana.collection.enabled: false

I created one certificate and copied it to every node for the inner node communication. This worked.

Elasticsearch is working right but these messages are trashing the log files. I want to remove the Problem.

Thanks in advance.

elasticsearch startup log:

[2021-09-13T13:22:55,628][INFO ][o.e.n.Node               ] [elastic1] initialized
[2021-09-13T13:22:55,628][INFO ][o.e.n.Node               ] [elastic1] starting ...
[2021-09-13T13:22:55,643][INFO ][o.e.x.s.c.f.PersistentCache] [elastic] persistent cache index loaded
[2021-09-13T13:22:55,718][INFO ][o.e.t.TransportService   ] [elastic] publish_address {node1:9300}, bound_addresses {node1:9300}
[2021-09-13T13:22:56,807][INFO ][o.e.b.BootstrapChecks    ] [elastic] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2021-09-13T13:22:56,809][INFO ][o.e.c.c.Coordinator      ] [elastic1] cluster UUID [x]
[2021-09-13T13:22:57,999][INFO ][o.e.c.s.ClusterApplierService] [elastic] master node changed {previous [], current [{elastic-node2}{y}{z}{node3}{node2:9300}{v}]}, added {{elastic2}{z}{z}{node2}{node2:9300}{cdfhilmrstw}, {elastic-node3}{uuid}{}{node3}{node3:9300}{cdfhilmrstw}}, term: 8, version: 12220, reason: ApplyCommitRequest{term=8, version=12220, sourceNode={elastic-node2}{x}{y}{node2}{node2:9300}{cdfhilmrstw}{ml.machine_memory=3918229504, ml.max_open_jobs=512, xpack.installed=true, ml.max_jvm_size=1958739968, transform.node=true}}
[2021-09-13T13:22:58,011][INFO ][o.e.c.s.ClusterSettings  ] [elastic] updating [cluster.metadata.unsafe-bootstrap] from [] to [true]
[2021-09-13T13:22:58,011][INFO ][o.e.c.s.ClusterSettings  ] [elastic] updating [xpack.monitoring.elasticsearch.collection.enabled] from [true] to [false]
[2021-09-13T13:22:58,011][INFO ][o.e.c.s.ClusterSettings  ] [elastic] updating [xpack.monitoring.collection.enabled] from [false] to [true]
[2021-09-13T13:22:58,011][INFO ][o.e.c.s.ClusterSettings  ] [elastic] updating [ingest.geoip.downloader.enabled] from [true] to [false]
[2021-09-13T13:22:58,598][INFO ][o.e.x.s.a.TokenService   ] [elastic] refresh keys
[2021-09-13T13:22:58,772][INFO ][o.e.x.s.a.TokenService   ] [elastic] refreshed keys
[2021-09-13T13:22:58,806][INFO ][o.e.l.LicenseService     ] [elastic] license [8b752e18-a8d6-45c9-87df-8d8d710a2056] mode [basic] - valid
[2021-09-13T13:22:58,807][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [elastic1] Active license is now [BASIC]; Security is enabled
[2021-09-13T13:22:58,825][INFO ][o.e.h.AbstractHttpServerTransport] [elastic] publish_address {node1:9200}, bound_addresses {node1:9200}
[2021-09-13T13:22:58,825][INFO ][o.e.n.Node               ] [elastic] started
[2021-09-13T13:23:01,917][INFO ][o.e.t.LoggingTaskListener] [elastic1] 205 finished with response BulkByScrollResponse[took=209.4ms,timed_out=false,sliceId=null,updated=15,created=0,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[2021-09-13T13:23:03,255][INFO ][o.e.x.s.a.AuthenticationService] [elastic] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2021-09-13T13:23:03,488][INFO ][o.e.t.LoggingTaskListener] [elastic] 204 finished with response BulkByScrollResponse[took=1.7s,timed_out=false,sliceId=null,updated=1769,created=0,deleted=0,batches=2,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[2021-09-13T13:23:18,512][INFO ][o.e.x.s.a.AuthenticationService] [elastic] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2021-09-13T13:23:43,827][INFO ][o.e.x.s.a.AuthenticationService] [elastic] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2021-09-13T13:24:02,518][INFO ][o.e.x.s.a.AuthenticationService] [elastic] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

elastic-node2:

[2021-09-13T13:14:36,897][INFO ][o.e.c.s.ClusterApplierService] [elastic-node3] added {{elastic-node1}{x}{node1
}{node1:9300}{cdfhilmrstw}}, term: 8, version: 12220, reason: ApplyCommitRequest{term=8, version=12220, sourceNode={elastic2}{x}{y}{node2}{node2:9300}{cdfhilmrstw}{ml.machine_memory=3918229504, ml.max_open_jobs=512, xpack.installed=true, ml.max_jvm_size=1958739968, transform.node=true}}

Well, it maybe was too obvious..
Its the same Problem, but after enabling SSL the cluster just shows the warning that it received a Plaintext packet.

However, I found out that [elastic] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic] occurs when security-7 is not loaded. I still do not understand how to do it, any ideas?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.