Elasticsearch 的默认用户和密码是什么？

Elasticsearch 在默认情况下并没有设置用户权限认证机制。但从5.x版本开始，Elastic Stack 引入了 X-Pack 插件，随后在7.x版本中，Elasticsearch 和Kibana 的基本安全特性被默认启用在了基本版中，这一特性包括了密码保护。

当你首次安装 Elasticsearch 时，你需要初始化内置用户的密码。Elasticsearch拥有几个内置用户，例如 elastic、kibana 和 logstash_system 等。其中，elastic 用户是超级用户，可以用来登录 Kibana 和操作 Elasticsearch 集群。

在启用了基本安全特性的 Elasticsearch 版本中，没有默认密码。相反，你需要在设置过程中使用 elasticsearch-setup-passwords 命令来为内置用户设置密码。例如，通过以下命令可以为所有内置用户设置密码：

bash
bin/elasticsearch-setup-passwords auto

该命令会为每个内置用户生成随机密码，并在命令行中显示。另外，也可以使用交互式命令 interactive 来为每个用户设置你想要的密码。

如果是Elasticsearch集群的Docker容器实例，也可以通过设置环境变量 ELASTIC_PASSWORD 来指定 elastic 用户的密码。

请注意，出于安全原因，应该避免使用默认密码或弱密码，并且在部署的时候应该为所有的内置用户设置强密码。此外，对于生产环境，最好遵循最小权限原则配置用户角色，以降低安全风险。

默认值是：

shell
user: elastic
password: changeme

所以：

shell
$ curl -u elastic:changeme localhost:9200
{
  "name" : "5aEHJ-Y",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "3FmaYN7rS56oBTqWOyxmKA",
  "version" : {
    "number" : "5.6.2",
    "build_hash" : "57e20f3",
    "build_date" : "2017-09-23T13:16:45.703Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.1"
  },
  "tagline" : "You Know, for Search"
}

了解有关更改默认值的更多信息。

设置Elastic Search的用户名和密码：（ES版本：7.5.2）（Ubuntu 18.04）

步骤1：首先在elasticsearch.yml文件中启用xpackmonitoring

shell
root@flax:/etc/elasticsearch# vim elasticsearch.yml

Add the following line to the end of file:
    xpack.security.enabled: true

File Contents:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 127.0.0.1
http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true

步骤 2：转到 /usr/share/elasticsearch 文件夹：

shell
root@flax:/usr/share/elasticsearch# systemctl start elasticsearch

root@flax:/usr/share/elasticsearch# ./bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Passwords do not match.
Try again.
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch.service

请注意ElasticSearch的版本。在7.2参数 ELASTIC_PASSWORD 中起作用。

shell
docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           -e "ELASTIC_PASSWORD=my_own_password" \

但也应该在 elasticsearch.yml 中添加这一行：

shell
xpack.security.enabled: true

默认情况下，它不存在。

安全设置列表

如果您在elasticsearch 7.7版本中启用了基本的x-pack安全性xpack.security.enabled: true（在撰写本答案时），它将不会changeme像旧版本的x-pack中那样具有默认密码（）。

正如安全入门官方文档中提到的

X-Pack 安全性提供了一个内置的弹性超级用户，您可以使用它来开始设置。该elastic用户拥有集群的完全访问权限，包括所有索引和数据，因此elastic用户默认没有设置密码。

所以您需要更改密码elastic，如果您想在安装后更改密码，请按照交互模式指南中的内置用户设置密码进行操作

这需要您从 elasticsearch bin 文件夹运行以下命令。

shell
bin/elasticsearch-setup-passwords interactive

设置用户名和密码

ssh到系统，停止elasticsearch和kibana服务，然后运行以下命令

shell
sudo nano /etc/elasticsearch/elasticsearch.yml

更新此文件，通过添加以下行来启用安全性

shell
xpack.security.enabled: true 

更改密码

执行以下步骤更改密码

步骤1：

shell
 cd /usr/share/elasticsearch/

第2步：

shell
sudo bin/elasticsearch-setup-passwords auto

自动 - 使用随机生成的密码 交互式 - 使用用户输入的密码

或者

shell
sudo bin/elasticsearch-setup-passwords interactive

您可以在“交互”模式下运行该命令，该模式会提示您输入elastic、kibana_system、logstash_system、beats_system、apm_system和remote_monitoring_user用户的新密码：

以上命令可以帮助您设置密码

启动弹性搜索

1. 通过运行 systemctl 命令启动 Elasticsearch 服务：

   sudo systemctl启动elasticsearch.service

系统启动该服务可能需要一些时间。如果成功的话不会有任何输出。

1. 启用 Elasticsearch 在启动时启动：

   sudo systemctl 启用elasticsearch.service

启动并启用 Kibana

1. 启动 Kibana 服务：

   sudo systemctl 启动 kibana

如果服务启动成功，则没有任何输出。

1. 接下来，将 Kibana 配置为在启动时启动：

   sudo systemctl 启用 kibana