Reset Elasticsearch Internal User Password

Hi,

Does anyone know how to reset or change Elasticsearch internal user password?

Have you tried elasticsearch-reset-password | Elasticsearch Guide [8.4] | Elastic?

Hi @warkolm,

I don't have the elasticsearch-reset-password in my bin directory. I'm using Elasticsearch 7.17.1.

Please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them :slight_smile:

What about elasticsearch-users | Elasticsearch Guide [7.14] | Elastic

This is noted :slight_smile:

Tried to reset the password of elastic and encountered this error.

[rhel@esnode1 elasticsearch-7.17.1]$ ./bin/elasticsearch-users passwd elastic

ERROR: Invalid username [elastic]... Username [elastic] is reserved and may not be used.

What you need is to define a superuser with elasticsearch-users CLI. Then use that newly created user to call ChangePassword API to change password for the elastic user.

As @warkolm mentioned, you could use elasticsearch-reset-password if you are on version 8.x, which basically automates the above process for you (it also deletes the newly created user after the password change is completed).

2 Likes

Here is a quick tutorial / example of what @Yang_Wang suggested

Hi @Yang_Wang and @stephenb,

Tried creating a new user with superuser privilege and changed the elastic user password using the newly created account like the example given by @stephen. I encountered this error while authenticating elastic account with the new password.

{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "unable to authenticate user [elastic] for REST request [/?pretty]",
"header" : {
"WWW-Authenticate" : [
"Basic realm="security" charset="UTF-8"",
"Bearer realm="security"",
"ApiKey"
]
}
}
],
"type" : "security_exception",
"reason" : "unable to authenticate user [elastic] for REST request [/?pretty]",
"header" : {
"WWW-Authenticate" : [
"Basic realm="security" charset="UTF-8"",
"Bearer realm="security"",
"ApiKey"
]
}
},
"status" : 401
}

What response did you get when you change the password? Was it successful?

How did you authenticate with the elastic user, is it via command line using cURL? If so please make sure any special characaters may need to be quoted. Of cousre, please make sure you inded entered the correct password and talked to the right Elasticsearch cluster.

If everything above is fine, I suggest you enable trace log for Elasticsearch and share the ES logs during the authentication failure for further troubleshooting. You can enable trace log with:

PUT _cluster/settings
{
  "transient": {
    "logger.org.elasticsearch.xpack.security.authc": "trace"
  }
}
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.