Note: These instructions are quite old. Newer instructions are available here
It is possible to reset the elastic
user password (see below) but from your description, it doesn't sound like this is necessarily what you need.
The elastic
user is a superuser. We don't recommend using it for any purpose other than administering the system.
In particular, Kibana should not connect to Elasticsearch using the elastic user - by default it uses the kibana user, so the password you are putting into the kibana.yml
file should be the password for the kibana
user, not the elastic
user.
And there should be no reason to put that password into the elasticsearch.yml
file - in fact if you do so, elasticsearch won't start, because elasticsearch.password
isn't a valid setting in elasticsearch.yml
.
Before you go through the trouble of reseting the elastic
password, double check that it really isn't working.
Assuming you have access to curl, run the following:
curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'
(You may need to change the URL if you are not on localhost, or you are using a custom port number).
When prompted, enter the password that you think you set for the elastic
user. If you get output like this:
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true
}
Then your password is correct, and the problems you are seeing are due to some other configuration problem.
If you get something like this:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status" : 401
}
Then you have the incorrect password and you should try a different password, of if absolutely necessary, reset the password for the user.
Reseting the password for the elastic user
To do this, you need to create an alternate superuser and then authenticate as that user in order to change the password for elastic. This requires a number of steps.
(1) Stop your elasticsearch node
(2) Ensure that the file realm is available on your elasticsearch node. If you are using a default X-Pack configuration for authentication, then the file realm is available and you don't need to do anything. However, if you have explicitly configured the authentication realms in your elasticsearch.yml
file, then you need to add a file
realm to the list of realms.
(3) Use the bin/x-pack/users
command to create a new file-based superuser:
bin/x-pack/users useradd my_admin -p my_password -r superuser
(4) Start your elasticsearch node
(5) Using curl, reset the password for the elastic user:
curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'
{
"password" : "new_password"
}
'
(6) Verify the new password
curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'
(7) If you wish, stop elasticsearch and then remove the file realm from your elasticsearch.yml
and/or remove the my_admin user from the file realm.