Security_exception: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes..ip]

hello friends,

I am getting this error when launching kibana in the browser... below is the cause of the error returned by kibana statuses.

Please can you help overcome this situation

md/system/kibana.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2023-08-06 00:10:29 WAT; 59s ago
 Main PID: 69613 (node)
    Tasks: 11 (limit: 35504)
   Memory: 354.8M
   CGroup: /system.slice/kibana.service
           └─69613 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist

Aug 06 00:10:42 lsvprdalarmkta01 kibana[69613]: [2023-08-06T00:10:42.750+01:00][INFO ][plugins.alerting] Registering resources for context "security".
Aug 06 00:10:42 lsvprdalarmkta01 kibana[69613]: [2023-08-06T00:10:42.784+01:00][INFO ][plugins.alerting] Registering resources for context "observability.logs".
Aug 06 00:10:42 lsvprdalarmkta01 kibana[69613]: [2023-08-06T00:10:42.786+01:00][INFO ][plugins.alerting] Registering resources for context "observability.metrics".
Aug 06 00:10:42 lsvprdalarmkta01 kibana[69613]: [2023-08-06T00:10:42.884+01:00][INFO ][plugins.alerting] Registering resources for context "observability.apm".
Aug 06 00:10:42 lsvprdalarmkta01 kibana[69613]: [2023-08-06T00:10:42.886+01:00][INFO ][plugins.assetManager] Asset manager plugin [tech preview] is NOT enabled
Aug 06 00:10:43 lsvprdalarmkta01 kibana[69613]: [2023-08-06T00:10:43.034+01:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, but is not supported for Linux Red Hat Linux 8.6 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.
Aug 06 00:10:43 lsvprdalarmkta01 kibana[69613]: [2023-08-06T00:10:43.165+01:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception
Aug 06 00:10:43 xxxxxxx kibana[69613]:         Root causes:security_exception: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
Aug 06 00:10:43 lsvprdalarmkta01
Aug 06 00:10:43 lsvprdalarmkta01 kibana[69613]:                  kibana[69613]: [2023-08-06T00:10:43.885+01:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell

My kibana (/etc/kibana/kibana.yml)

 =================== System: Kibana Server ===================
 Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

 Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
 The default is 'localhost', which usually means remote machines will not be able to connect.
 To allow connections from remote users, set this parameter to a non-loopback address. ""

 Enables you to specify a path to mount Kibana at if you are running behind a proxy.
 Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
 from requests it receives, and to prevent a deprecation warning at startup.
 This setting cannot end in a slash.
server.basePath: ""

 Specifies whether Kibana should rewrite requests that are prefixed with
 `server.basePath` or require that they are rewritten by your reverse proxy.
 Defaults to `false`.
server.rewriteBasePath: false

 Specifies the public URL at which Kibana is available for end users. If
 `server.basePath` is configured this URL should end with the same basePath.
server.publicBaseUrl: ""

 The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

 The Kibana server's name. This is used for display purposes. "your-hostname"

 =================== System: Kibana Server (Optional) ===================
 Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
 These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

 =================== System: Elasticsearch ===================
 The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: [""]

 If your Elasticsearch is protected with basic authentication, these settings provide
 the username and password that the Kibana server uses to perform maintenance on the Kibana
 index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
 is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "password"

 Kibana can also authenticate to Elasticsearch via "service account tokens".
 Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

 Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
 the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

 Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
 must be a positive integer.
#elasticsearch.requestTimeout: 30000

 The maximum number of sockets that can be used for communications with elasticsearch.
 Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

 Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

 List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

 Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
 by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

 Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

 =================== System: Elasticsearch (Optional) ===================
These files are used to verify the identity of Kibana to Elasticsearch and are required when in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

 Enables you to specify a path to the PEM file for the certificate
 authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/http_ca.crt" ]

 To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

 =================== System: Logging ===================
 Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug

 Enables you to specify a file where Kibana stores log output.
      type: file
      fileName: /var/log/kibana/kibana.log
        type: json
      - default
      - file
#  layout:
#    type: json

# Logs queries sent to Elasticsearch.
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#  - name: metrics.ops
#    level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data data

# Specifies the path where Kibana creates the process ID file.
pid.file: /run/kibana/

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"

# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000

I tried to format your post better... Somewhat but still hard to tell because all the comment signs are missing

For code you don't use Block quote ">"

Use 3 backticks "`" the line before and after is the correct way...

In short looks like you have the wrong password for the
kibana_system user

elasticsearch.username: "kibana_system"
elasticsearch.password: "password" < HERE

What do I do?, I remember that I already changed the password using the command below:

usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u kibana_system

Reset it again and put in the correct password there.. those errors are basically saying the password is not correct.

It's an authentication error which means the password is not correct

Which password is correct?

The password you set with

/usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u kibana_system

Or use without -i and it will provide you one

/usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system

I reset the password, but the error still persists


Root causes:
Aug 06 15:15:16 lsvprdalarmkta01 kibana[1226]: security_exception: unable to authenticate user [kibana_system] for REST request [/_nodes?filter>



[joao.malebo@lsvprdalarmkta01 ~]$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system
This tool will reset the password of the [kibana_system] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y

Password for the [kibana_system] user successfully reset.
New value: b*bzoJ-FDBG5wnbQr-----

After that, he managed to solve it with a reset... In fact, I wasn't putting the new password in the kibana configuration file

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.