Elasticsearch OpenSearch Default Username and Password: Securing Your Cluster

By Opster Team

Updated: Nov 2, 2023

| 2 min read

Introduction

OpenSearch, a fork of Elasticsearch, is a powerful search and analytics engine that provides a wide range of features for handling large volumes of data. One of the critical aspects of managing an OpenSearch cluster is ensuring its security. This article will discuss the default username and password for OpenSearch and how to secure your cluster by changing these credentials and implementing additional security measures. If you want to learn about OpenSearch docker – how to spin up a cluster using docker, check out this guide.

Default Username and Password in OpenSearch

When you install OpenSearch, it comes with a built-in security plugin that provides authentication and authorization features. By default, the security plugin is enabled, and it comes with a set of predefined users and roles. The default username and password for OpenSearch are:

  • Username: admin
  • Password: admin

These default credentials provide full access to the OpenSearch cluster, including the ability to manage indices, create and delete users, and modify cluster settings. It is crucial to change the default username and password to secure your OpenSearch cluster.

Changing the Default Username and Password

To change the default username and password in OpenSearch, follow these steps:

1. Locate the `opensearch.yml` configuration file in your OpenSearch installation directory. The file is usually located in the `config` folder.

2. Open the `opensearch.yml` file in a text editor.

3. Find the `plugins.security.authcz.admin_dn` setting in the file. This setting specifies the distinguished name (DN) of the admin user. By default, it should look like this:

  plugins.security.authcz.admin_dn:
"CN=admin,OU=client,O=client,L=test,C=de"

4. Change the DN to a unique value that represents your new admin user. For example:

   plugins.security.authcz.admin_dn:
"CN=my_new_admin,OU=client,O=client,L=test,C=de"

5. Save and close the `opensearch.yml` file.

6. Locate the `internal_users.yml` file in the `config` folder of your OpenSearch installation directory.

7. Open the `internal_users.yml` file in a text editor.

8. Find the `admin` user entry in the file. It should look like this:

   admin:
     hash: "$2y$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
     reserved: true

9. Change the `admin` user entry to your new admin username and update the password hash. To generate a new password hash, you can use the `hash.sh` script provided by OpenSearch. Run the script with your desired password as an argument:

   ./hash.sh my_new_password

   This will output a new password hash. Replace the existing hash in the `internal_users.yml` file with the new hash:

   my_new_admin:
     hash: "new_password_hash"
     reserved: true

10. Save and close the `internal_users.yml` file.

11. Restart your OpenSearch cluster for the changes to take effect.

Additional Security Measures

Changing the default username and password is just the first step in securing your OpenSearch cluster. Here are some additional security measures you should consider implementing:

  1. Enable HTTPS: Configure your OpenSearch cluster to use HTTPS for secure communication between clients and the cluster.
  1. Configure Role-Based Access Control (RBAC): Define roles and permissions for your users to limit their access to specific indices and actions.
  1. Enable Audit Logging: Monitor and log user activity in your OpenSearch cluster to detect and investigate potential security incidents.
  1. Use Network Security: Restrict access to your OpenSearch cluster by configuring firewall rules and using a virtual private network (VPN) or a private network.
  2. Keep OpenSearch Up-to-Date: Regularly update your OpenSearch installation to benefit from the latest security patches and improvements.

Conclusion 

In conclusion, securing your OpenSearch cluster is essential to protect your data and maintain the integrity of your search and analytics operations. Changing the default username and password is a crucial first step, but implementing additional security measures will further strengthen your cluster’s security posture.

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?