How to reset elastic user default password

skyluke.1987 · November 26, 2020, 11:11am

Hi I have a question. How to reset the default password?

I have no idea why this suddenly became restricted account? Previously was working fine with tis predefine account.

Now have this Connection refused error too to ES.

dadoonet · November 26, 2020, 12:51pm

Are you running on cloud.elastic.co? Locally?
What is exactly your setup?

skyluke.1987 · November 26, 2020, 3:28pm

I am running on our own local server. Please assist.

I setup all within a server, the ELKS.

dadoonet · November 26, 2020, 3:56pm

Would that help?

skyluke.1987 · November 26, 2020, 3:59pm

The system say prompt me that this is no longer in use.

Btw can I change password rather than creating new one?

Because its a system user, I cant remove it, and I need to change the password for this user. How can I do it.

skyluke.1987 · November 26, 2020, 5:25pm

Hi may I know is my ES got crashed? What should I do? Please help...

Besides that, how can I use this "discovery.type=single-node" ? Where should I specify this and will this helped to resolve the problem?

dadoonet · November 26, 2020, 6:07pm

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

Please share the whole logs.

Here I believe you stopped the node yourself?

dadoonet · November 26, 2020, 6:13pm

In the instructions here it's said that you can add a user manually:

Could you please try and share all the steps you did and the outcome?

skyluke.1987 · November 27, 2020, 2:03am

[2020-11-27T00:56:35,797][INFO ][o.e.x.s.a.AuthenticationService] [master-node] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2020-11-27T00:56:36,482][INFO ][o.e.x.s.a.AuthenticationService] [master-node] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2020-11-27T00:56:37,847][INFO ][o.e.x.s.a.AuthenticationService] [master-node] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2020-11-27T00:56:37,847][INFO ][o.e.x.s.a.AuthenticationService] [master-node] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2020-11-27T00:56:40,794][INFO ][o.e.n.Node               ] [master-node] stopping ...
[2020-11-27T00:56:40,839][INFO ][o.e.x.w.WatcherService   ] [master-node] stopping watch service, reason [shutdown initiated]
[2020-11-27T00:56:40,840][INFO ][o.e.x.w.WatcherLifeCycleService] [master-node] watcher has stopped and shutdown
[2020-11-27T00:56:41,292][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [master-node] [controller/9812] [Main.cc@150] Ml controller exiting
[2020-11-27T00:56:41,296][INFO ][o.e.x.m.p.NativeController] [master-node] Native controller process has stopped - no new native processes can be started
[2020-11-27T00:56:50,030][INFO ][o.e.n.Node               ] [master-node] stopped
[2020-11-27T00:56:50,031][INFO ][o.e.n.Node               ] [master-node] closing ...
[2020-11-27T00:56:50,053][INFO ][o.e.n.Node               ] [master-node] closed
You have mail in /var/mail/root

Hi above is the ES log. No I didnt stop the node, but it just cannot be started. May I know is there other ways rather than maintaining it on File base? Any commands I can change from the system in a proper way?

I did try to add new ES user in. And this happens.

Action done:

bin/elasticsearch-keystore add elastic, then try to input new password.
restart elasticsearch.

Error when setting up password for Elastic:

root@eta10:/usr/share/elasticsearch# bin/elasticsearch-setup-passwords interactive
Picked up _JAVA_OPTIONS: -Xmx9g
Picked up _JAVA_OPTIONS: -Xmx9g

Connection failure to: http://10.0.106.144:9200/_security/_authenticate?pretty failed: Connection refused (Connection refused)

ERROR: Failed to connect to elasticsearch at http://10.0.106.144:9200/_security/_authenticate?pretty. Is the URL correct and elasticsearch running?

Are the access rights correct?

root@eta10:/etc/elasticsearch# ls -ltr
total 84
-rw-r--r-- 1 root          elasticsearch   197 May 23  2019 roles.yml
-rw-r--r-- 1 root          elasticsearch   473 May 23  2019 role_mapping.yml
-rw-r--r-- 1 root          elasticsearch  3599 Jun 21  2019 jvm.options.dpkg-old
-rw-r--r-- 1 root          elasticsearch    85 Aug 14  2019 template.json
-rw-r--r-- 1 root          elasticsearch 17330 Aug 26  2019 log4j2.properties.dpkg-old
-rw-r--r-- 1 root          elasticsearch 17419 May 12  2020 log4j2.properties
drwxr-s--- 2 root          elasticsearch  4096 May 12  2020 jvm.options.d
-rw-r--r-- 1 root          elasticsearch  2373 May 12  2020 jvm.options
drwxrws--- 2 elasticsearch elasticsearch  4096 Jun 18 16:55 certs
-rw-r--r-- 1 root          elasticsearch   137 Nov 26 18:50 users
-rw-r--r-- 1 root          elasticsearch    32 Nov 26 18:50 users_roles
-rw-rw---- 1 root          elasticsearch   227 Nov 27 00:44 elasticsearch.keystore
-rw-r--r-- 1 root          elasticsearch  2442 Nov 27 10:53 elasticsearch.yml

skyluke.1987 · November 30, 2020, 8:48am

May I know since having issue now for my ES, can I just upgrade it?

What is the best practice for upgrading to ES 7.9? I notice previous upgrade might be causing issues because it does not have certain rights to certain folders.

Now my ES folders are mixing of root and elasticsearch user rights.

dadoonet · November 30, 2020, 2:51pm

Did you read the link I shared?

I don't see in that doc that you need to call bin/elasticsearch-setup-passwords.

skyluke.1987 · December 1, 2020, 6:22am

Hi previously i was using this "elastic" as my user to elasticsearch. But my the upgrading to 7.10, it was used as the system user.

What are the options should I go for?

reset the password for "elastic"?
create new user to access elasticsearch for Kibana? What are the configuration i need to do?

TimV · December 2, 2020, 4:07am

Can you explain what you mean? elastic has always been a system user, nothing changed in 7.10

It sounds like something broke when you upgraded to 7.10, and you've interpreted that as the password for elastic changing in some way, but that is highly unlikely to be the problem.

Maybe you can start at the beginning.

What version were you running before?
How did you perform the upgrade?
What did your logs says after you upgraded?

skyluke.1987 · December 2, 2020, 6:16am

The Elastic became reserved user.

I notice my ES log has this info - Authentication of elastic was terminated by realm. Is that a concern

TimV · December 2, 2020, 9:02am

The elastic user has been a reserved user since 5.0, unless you upgraded from Elasticsearch 2 (or earlier) then that is not the cause of your problems.

We are trying to help you here. If you aren't willing to answer our basic questions, then there's no way for us to solve the problem.

system · December 30, 2020, 9:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I lost the password that has been changed Elasticsearch	2	66145	August 2, 2017
Elastic password reset error - Elasticsearch	3	4372	February 14, 2018
How to reset built in elastic password? Elasticsearch elastic-stack-security	4	1176	March 26, 2021
Reset Elasticsearch Internal User Password Elasticsearch elastic-stack-security	9	2946	October 6, 2022
How to reset password? Elasticsearch elastic-stack-security	3	66	September 3, 2024

How to reset elastic user default password

Related topics