I lost the password that has been changed

I changed the password for the admin user "elastic", but the new password doesn't work. So I want to ask if there's a way to reset the password for the default admin user - "elastic".

I have put the line: elasticsearch.password: "somepassword" in both elastic and kibana yml config file.
But what I get when I try to login is "Oops! Error. Try again.".

Please help!

1 Like

Note: These instructions are quite old. Newer instructions are available here


It is possible to reset the elastic user password (see below) but from your description, it doesn't sound like this is necessarily what you need.

The elastic user is a superuser. We don't recommend using it for any purpose other than administering the system.

In particular, Kibana should not connect to Elasticsearch using the elastic user - by default it uses the kibana user, so the password you are putting into the kibana.yml file should be the password for the kibana user, not the elastic user.

And there should be no reason to put that password into the elasticsearch.yml file - in fact if you do so, elasticsearch won't start, because elasticsearch.password isn't a valid setting in elasticsearch.yml.

Before you go through the trouble of reseting the elastic password, double check that it really isn't working.

Assuming you have access to curl, run the following:

curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'

(You may need to change the URL if you are not on localhost, or you are using a custom port number).

When prompted, enter the password that you think you set for the elastic user. If you get output like this:

{
  "username" : "elastic",
  "roles" : [
    "superuser"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true
}

Then your password is correct, and the problems you are seeing are due to some other configuration problem.

If you get something like this:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "failed to authenticate user [elastic]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "failed to authenticate user [elastic]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

Then you have the incorrect password and you should try a different password, of if absolutely necessary, reset the password for the user.

Reseting the password for the elastic user

To do this, you need to create an alternate superuser and then authenticate as that user in order to change the password for elastic. This requires a number of steps.

(1) Stop your elasticsearch node
(2) Ensure that the file realm is available on your elasticsearch node. If you are using a default X-Pack configuration for authentication, then the file realm is available and you don't need to do anything. However, if you have explicitly configured the authentication realms in your elasticsearch.yml file, then you need to add a file realm to the list of realms.
(3) Use the bin/x-pack/users command to create a new file-based superuser:

 bin/x-pack/users useradd my_admin -p my_password -r superuser

(4) Start your elasticsearch node
(5) Using curl, reset the password for the elastic user:

curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'
{
  "password" : "new_password"
}
' 

(6) Verify the new password

curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'

(7) If you wish, stop elasticsearch and then remove the file realm from your elasticsearch.yml and/or remove the my_admin user from the file realm.

9 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.