Mosquitto & paho-mqtt-python

Enhance security for mosquitto on Ubuntu 16.04 LTS

Install mosquitto
> sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa
> sudo apt-get update
> sudo apt-get install mosquitto mosquitto-clients

Install paho-mqtt-python
> pip install paho-mqtt

Setup mosquitto
> sudo vi /etc/mosquitto/mosquitto.conf
> wget

persistence true
persistence_location /var/lib/mosquitto/
allow_anonymous false
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d

Add mosquitto confoguration
> sudo vi /etc/mosquitto/conf.d/default.conf

password_file /etc/mosquitto/passwd
listener 1883 localhost
listener 8883
certfile /etc/letsencrypt/live/[hostname]/fullchain.pem
cafile /etc/letsencrypt/live/[hostname]/chain.pem
keyfile /etc/letsencrypt/live/[hostname]/privkey.pem

Add mosquitto username and password
> mosquitto_passwd -c /etc/mosquitto/passwd [username]
Password: [password]
Reenter password: [password]

Test with mosquitto subscriber
> mosquitto_sub -h [hostname] -p 8883 --capath /etc/ssl/certs -t [topic] -q [qos] -c -i [clientid] -u [username] -P [password]

Test with mosquitto publiser
> mosquitto_pub -h [hostname] -p 8883 --capath /etc/ssl/certs -t [topic] -m [message] -q [qos] -i [clientid] -u [username] -P [password]

paho-mqtt subscriber

paho-mqtt publisher

erinus says:

If your subscriber wanna receive all unread messages in a topic after starting, you must finish these steps:

Use same client id when you start subscriber.
Use clean_session = False when you start subscriber.
Use qos > 0 when you subscribe a topic.
Use qos > 0 when you publish a message.

To make your communications safer, you must finish these steps:

Use TLS 1.2
Set allow_anonymous = False
Enable authentication with username and password

If you wanna more authentication methods, try this mosquitto plugin:
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.