Set up authentication with X-Pack for Elasticsearch


A simple http Basic authentication to set up for Elasticsearch with user name and password you need to install as the first X-Pack.

Then all functions should be automatically protected with basic auth. After the installation, a default user is available, to be able to continue working:

Name: elastic
Password: changeme

Thus, requests can be made successfully:

curl --user elastic:changeme -XGET 'localhost:9200'

Create your own user

Now can own user are added to:

curl --user elastic:changeme -XPOST 'hlocalhost:9200/_xpack/security/user/SebastianViereck?pretty' -H 'Content-Type: application/json' -d'
{
  "password" : "thePassword",
  "roles" : [ "superuser"],
  "full_name" : "Sebastian Viereck",
  "email" : "%MINIFYHTML8ef19fd4a4303935a4fefd21a36dae5a9%",
  "metadata" : {
    "intelligence" : 7
  },
  "enabled": true
}

After that, requests can be made immediately with the user:

curl --user SebastianViereck:thePassword -XGET 'localhost:9200'

It should own role be created and be used or how here the prefabricated rolls (superuser) be used.

Disable the elastic user

Very important: Of course, the default must user with the elastic “changeme” Password are disabled again. In the elasticsearch.yml must the the following parameters be used:

xpack.security.authc.accept_default_password: false

And the elasticsearch service be restarted:

 sudo service elasticsearch restart

To the control, an error message should appear at the request:

curl --user elastic:changeme -XGET 'localhost:9200'

More security enhancements

It should be a Data encryption be used with SSL.

The IP room, may be communicating with at all, should also be narrowed.