What is the default user and password for elasticsearch

By default, Elasticsearch does not enable user authentication mechanisms.

Starting from version 5.x, Elastic Stack introduced the X-Pack plugin. In version 7.x, basic security features for Elasticsearch and Kibana are enabled by default in the basic edition, including password protection.

When you first install Elasticsearch, you need to initialize the passwords for built-in users.

Elasticsearch has several built-in users, such as elastic, kibana, and logstash_system. Among them, the elastic user is a superuser that can be used to log in to Kibana and manage the Elasticsearch cluster.

In versions of Elasticsearch with basic security enabled, there are no default passwords. Instead, you need to use the elasticsearch-setup-passwords command during setup to set passwords for built-in users. For example, the following command can set passwords for all built-in users:

bash
bin/elasticsearch-setup-passwords auto

This command generates random passwords for each built-in user and displays them in the command line. Alternatively, you can use the interactive command interactive to set passwords for each user as desired.

For Docker container instances of an Elasticsearch cluster, you can specify the password for the elastic user by setting the environment variable ELASTIC_PASSWORD.

Please note that for security reasons, you should avoid using default or weak passwords and set strong passwords for all built-in users during deployment. Additionally, for production environments, it is recommended to configure user roles following the principle of least privilege to reduce security risks.

**Setting Username and Password

SSH into the system, stop the Elasticsearch and Kibana services, and then run the following command:

shell
sudo nano /etc/elasticsearch/elasticsearch.yml

Update this file by adding the following lines to enable security:

shell
xpack.security.enabled: true

**Changing Password

Follow these steps to change the password:

Step 1:

shell
cd /usr/share/elasticsearch/

Step 2:

shell
sudo bin/elasticsearch-setup-passwords auto

Auto - Uses randomly generated passwords; Interactive - Uses user-provided passwords

Alternatively:

shell
sudo bin/elasticsearch-setup-passwords interactive

You can run this command in 'interactive' mode, which prompts you to enter new passwords for the elastic, kibana_system, logstash_system, beats_system, apm_system, and remote_monitoring_user users:

These commands help you set the passwords.

**Starting Elasticsearch

1. Start the Elasticsearch service by running the systemctl command:

   sudo systemctl start elasticsearch.service

The system may take some time to start the service. If successful, there will be no output.

1. Enable Elasticsearch to start on boot:

   sudo systemctl enable elasticsearch.service

**Starting and Enabling Kibana

1. Start the Kibana service:

   sudo systemctl start kibana

If the service starts successfully, there will be no output.

1. Next, configure Kibana to start on boot:

   sudo systemctl enable kibana

If you enable basic X-Pack security in Elasticsearch 7.7 (xpack.security.enabled: true as of the time of writing), it will not have a default password like in older versions of X-Pack, which was changeme.

As mentioned in the official security getting started documentation: [https://www.elastic.co/guide/en/x-pack/6.2/security-getting-started.html]

X-Pack security provides an internal Elastic superuser that you can use to begin setup. The elastic user has full access to the cluster, including all indices and data, so the elastic user does not have a default password set.

Therefore, you need to change the password for elastic. If you want to change the password after installation, follow the instructions for setting passwords for built-in users in the interactive mode guide: [https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html#set-built-in-user-passwords]

This requires you to run the following command from the Elasticsearch bin folder.

bin/elasticsearch-setup-passwords interactive

Default values are: [link]

user: elastic password: changeme

Thus:

$ curl -u elastic:changeme localhost:9200 { "name" : "5aEHJ-Y", "cluster_name" : "docker-cluster", "cluster_uuid" : "3FmaYN7rS56oBTqWOyxmKA", "version" : { "number" : "5.6.2", "build_hash" : "57e20f3", "build_date" : "2017-09-23T13:16:45.703Z", "build_snapshot" : false, "lucene_version" : "6.6.1" }, "tagline" : "You Know, for Search" }

Learn more about changing the default values.