How to add password authorization

Hi I've setup elk stack version 8.6.0. I've disabled authorization initially because ive installed it using a ansible playbook. by any way can i setup authorization from front end after i access kibana from front end?

Hi @Neelam_Zanvar you need to enable security (xpack.security.enabled: true) on ES and configure a suitable realm for authorization. Refer: Realms | Elasticsearch Guide [8.6] | Elastic

The above two configurations must be done in elasticsearch.yml and cluster must be restarted for taking it into effect.

Hi didn't really understand anything in it. new to elk. I did the installation without any authentication to it. now i want password based authentication. can i do it from the front end like set password or something? if i make these chnages in elasticsearch.yml

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
#cluster.initial_master_nodes: ["ip-172-31-28-233.ec2.internal"]
discovery.type: single-node
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0
xpack.security.http.ssl.client_authentication: none

kibana service status is active but it's giving error like this

,"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: missing authentication credentials for REST request

used the reset password in /usr/share/elastcisearch/bin to set a password for elasticsearch. how to set it up for kibana?kibana frontend isnt coming after setting all security options to true in elasticsearch.yml. it says kibana server is not ready yet.

First off, have you reset the built-in or system user passwords for all users, I believe there are around 6 or probably more. Have you configured Kibana to use the new password to authenticate itself to ES for connection ?
xpack.security.http.ssl settings are only required if you want to enable HTTPS connections to ES in which case, you also need to provide PEM certificate to Kibana for SSL handshake.
Since you have single node cluster, you don't need transport SSL settings since no other ES node is communicating over transport layer.

Once you have your cluster running, only then you can opt for credential based login into Kibana either using Kibana UI's User Management or by configuring some realm like PKI/ LDAP/ etc. in ES to authenticate the users.

I installed it and then set all the security settings in elasticsearch.yml to false.

xpack.security.enabled: false

xpack.security.enrollment.enabled: false

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

i am able to access the kibana and es.
but when i set

xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

I am getting the error in kibana status that its unable to retrieve version information of es. kibana is active and runnning. on front end i am getting kibana not ready.
what are the changes to be done on kibana side? i did the elasticsearch-reset-password and it is taking new password for es. but when i try to change password for the other users using

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

i am getting this error

Failed to authenticate user 'elastic' against http://:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /etc/elasticsearch/elasticsearch.keystore

You can use the `elasticsearch-reset-password` CLI tool to reset the password of the 'elastic' user

i have disabled http.ssl in elastic.yml and enabled transport.ssl because if i set it to false es fails saying transport ssl has to be true is xpack.security is true in the logs

as read in the document elasticsearch-setup-passwords is deprecated. so set up password using elasticsearch-reset-password for all the users u said

Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

I am still missing some config on kibana side.
Here is the error in log

"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip

fixed it! I set the passwords for all the users. disabled all security settings in elasticsearch.yml except xpack.security. and in kibana.yml i had to uncomment the elasticsearch_user and password and set it to the correct values! Thank you

2 Likes

Well done. In general, for the pass authentication no need for https, which you can set latter or just set HTTPS for Kibana interface.
The least painful approach is to increase security step by step.

1 Like