Kibana login username & password

(Sharon Sasporta) #1

Can I disable it ? Where do I set a username and password? It is the first time I am running the Kibana 5.

(Sharon Sasporta) #2

I think I understood the issue. I need to disable the xpack security in both elasticsearch.yml and kibana.yml.


(Sharon Sasporta) #3

Still stuck with no abilities to open the kibana without login user and pass

(Felix Stürmer) #4

Hi @ssasporta,

setting false in both the elasticsearch.yml and the kibana.yml should remove the login screen and allow completely unauthorized access to both Elasticsearch and Kibana. Did you restart both processes after changing those settings?

(Sharon Sasporta) #5

After setting this line in both yml files & restarting both elasticsearch & kibana, when I am trying to reach the kibana via browser, I am getting a note in the browser:
This site can't be reached.
<My machine IP> refused to connect.

(Felix Stürmer) #6

That sounds like an unrelated problem. Would it be able for you to provide the Elasticsearch and Kibana logs?

BTW: Instead of disabling Security, you can also opt to configure it to your needs. The documentation contains a detailed Getting Started With Security Guide, which introduces the concepts and also shows specific configuration steps.

(Sharon Sasporta) #7

How can I send the logs? email? I can't upload them here.

(Felix Stürmer) #8

There seems to be a permission problem with some of the Kibana files, that prevents the Kibana server from serving the web UI. This is probably the result of kibana-plugin having been called as root, thereby setting the wrong owner on some files. Running chown -R kibana:kibana /usr/share/kibana/optimize should fix that.

(Sharon Sasporta) #9

I had to run this with sudo.

Anyway, I also tried to go on the direction of enabling the security.

In stage 4b it says: Copy the generated system key to the rest of the nodes in the cluster

I am not really understand to where else should I copy the generated key? What are the rest of the nodes in the cluster?

(Felix Stürmer) #10

Elasticsearch has built-in clustering capabilities, which means that it can distribute the storage and processing across multiple cooperating Elasticsearch nodes. This key protects the communication between the nodes in the cluster from tampering. Since it is a symmetric key, it needs to be present on all nodes in the cluster. If you are only running a single-node cluster (which is not recommended for most production scenarios) you don't need to copy the key anywhere.

(Sharon Sasporta) #11

It is a test environment not distributed. I will implement it in production when time come.

(Sharon Sasporta) #12

Actually I tried that, I saw that all owner of the files changed to kibana, But still I can't open the kibana.

This what the browser is returning:

The page isn’t working redirected you too many times.

(Sharon Sasporta) #13

I tried to unmark the monitoring enable line in both ymls, and I am getting the following from the browser:

This site can’t be reached refused to connect.

(Sharon Sasporta) #14

Still not able to connect:

This is from the kibana log:

{"type":"response","@timestamp":"2016-12-14T19:44:15Z","tags":[],"pid":64840,"method":"get","statusCode":302,"req":{"            url":"/login?next=%2Fapp%2Fkibana","method":"get","headers":{"host":"","connection":"keep-alive","c            ache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebK            it/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36","accept":"text/html,application/xhtml+xml,applicatio            n/xml;q=0.9,image/webp,*/*;q=0.8","accept-encoding":"gzip, deflate, sdch","accept-language":"en-US,en;q=0.8"},"remote            Address":"","userAgent":""},"res":{"statusCode":302,"responseTime":1,"contentLength":9},"            message":"GET /login?next=%2Fapp%2Fkibana 302 1ms - 9.0B"}
{"type":"response","@timestamp":"2016-12-14T19:44:15Z","tags":[],"pid":64840,"method":"get","statusCode":302,"req":{"            url":"/app/kibana","method":"get","headers":{"host":"","connection":"keep-alive","cache-control":"m            ax-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML            , like Gecko) Chrome/54.0.2840.99 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,imag            e/webp,*/*;q=0.8","accept-encoding":"gzip, deflate, sdch","accept-language":"en-US,en;q=0.8"},"remoteAddress":"10.233            .161.168","userAgent":""},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET /a            pp/kibana 302 3ms - 9.0B"}

(Sharon Sasporta) #15

When I try to connect kibana with enabling security,

In the elasticsearch, in the following log file: valuePack_access.log

I see:

[2016-12-14T21:51:43,308] [rest] [authentication_failed] origin_address=[], principal=[kibana], uri=[/]
[2016-12-14T21:51:49,190] [rest] [authentication_failed] origin_address=[], principal=[kibana], uri=[/]
[2016-12-14T21:51:49,374] [rest] [authentication_failed] origin_address=[], principal=[kibana], uri=[/]
[2016-12-14T21:51:51,840] [rest] [authentication_failed] origin_address=[], principal=[kibana], uri=[/]
[2016-12-14T21:51:52,363] [rest] [authentication_failed] origin_address=[], principal=[kibana], uri=[/.reporting-*/esqueue/_search?version=true]

(Felix Stürmer) #16

This indicates that Kibana itself fails to authenticate with Elasticsearch. After updating the password for the kibana user in Elasticsearch, have you also configured Kibana to use that password by setting elasticsearch.password: "<yournewkibanapassword>" in the kibana.yml (see Step 1 of

This is necessary, because there are two layers of access that are required for a secured Kibana:

  1. Kibana needs to be able to read and write the .kibana index and monitoring api. For this the configured elasticsearch.username and elasticsearch.password are used.
  2. The user needs to authenticate with Elasticsearch on each request to read the actual data he wants to visualize in Kibana. This is done using the username/password the user entered when logging in.

(system) #17

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.