Jungletronics
Published in

Jungletronics

Mosquitto — User Access Configurations Setups

Editing mosquitto.conf File to Configure Simple Authentication— MQTT — Episode #02

Hi, let’s see first the mosquitto anonymous access communications. This post continues MQTT — Episode #01:)

In the end, we will force access to mosquitto's broker via login/password only.

Fig 1. What are the procedures to set login/password access to mosquitto’s broker?

Let us begin by not editing this file(I’m using mosquitto v 1.6.8):

C:\Program Files\mosquitto\mosquitto.conf

The mosquitto.conf is the configuration file for mosquitto. In this first configuration, a similar internal file will be loaded by mosquito broker automatically, and its default configuration authorizes anonymous access:/

Fig 2. On Windows mosquitto.conf are located at C:\Program Files\mosquitto

In anonymous access, we will now up the default broker configuration, remember, without modification of mosquitto.conf :)

Here are the steps:

0° Step — Install mosquitto broker in your machine & reconfigure its service in Win10 so we can start & stop it manually;

Consider following this post:)

Preparing 3 Prompters Terminals

Open Three Terminals; type these commands in each one:

cd.. (2x)                       // go to c:/> directory
cd C:\Program Files\mosquitto
// change to mosquitto directory
cls // clear the screen;)

First, anonymous access:

Anonymous Acess

1° Step —Let’s run the server:

On Term1, in C:\Program Files\mosquitto\ directory, type:

mosquitto -v
Fig 3. As we run the server with -v (verbose) all event will be dump to the terminal

2 Step — At others two terminals in sequence for sub & pub clients, type:

Term_2, For _sub, in C:\Program Files\mosquitto\ directory, type:

mosquitto_sub -h localhost -p 1883 -t temperature

Term_3, For _pub, in C:\Program Files\mosquitto\ directory, type:

mosquitto_pub -h localhost -p 1883 -t temperature -m 45
Fig 4. All three terminals running together!

See the dump file in the admin broker terminal above. See that the clients are anonymous this is very dangerous on the internet:/

1578781497: New client connected from ::1 as mosq-5eKhup3oVmPBaNaZnW (p2, c1, k60).

Simple Authentication Access

Now let’s fix anonymous access by setting a login/passwd connection.

Anonymous clients will be refused to connect.

For this, we will have to edit, as administrator credentials, the mosquitto.conf file. Here is the structure of it:

Fig 5. Here is the global structure of the mosquitto.conf file (from Quick Guide to The Mosquitto.conf File With Examples)

As you know, this file is located at system file, so we need to open this file in notepad++ editor like administrator:

Fig 6. We will use notepad ++ for mosquitto.conf editting — Note: You can configure a broker to listen on a port and require SSL and also to listen on another port and not use SSL.

To create a password file you need to use the mosquitto_passwd utility that comes with the client tools when installing the mosquitto broker.

To initialize the configuration of authenticated access, at Term_01, we will need to stop the server (ctrl + C) and use the command below to create passwordfile.pwd file that will be located at C:\Program Files\mosquitto directory; our administrator will be admin user and our password will be 123;

1º Step —On Term 1, on C:\Program Files\mosquitto\ directory, type:

mosquitto_passwd -c "C:\Program Files\mosquitto\passwordfile.pwd" admin

and hit <enter> and enter 2 x the chosen password (123);

This command creates passwordfile.pwd file and set as our administrator admin user, password 123;)

Your file for user configuration is ready at C:\ProgramFiles\mosquitto\ directory!

Admin is the name of our first and our main user;

2 ° Step — Go to C:\Program Files\mosquitto directory and see the file created there:

Fig 7. the password file will be created in the C:\Program Files\mosquitto\ directory

If we open this new file as text, passwordfile.pwd, we will see the admin user credentials:

admin:$6$sEorGWHKkOfEI8qJ$nxEMynuvKuguXqbYq7TWBsSAxEDon/MuK0pFo4Cm0yOK29m/I0yi6y3zFzuJeFXRT9DgyVVLDS/wO72CADlIaw==

3 °Step — Now open C:\Program Files\mosquitto\mosquitto.conf.

At line 651, uncomment it and set it to false, like this:

allow_anonymous false
Fig 8. in the conf file, please comment this line and type: allow_anonymous false

4 °Step — Scrolling down enough until line 669, uncomment it and set it to the directory location of password file config, like this:

password_file "C:\Program Files\mosquitto\passwordfile.pwd"
Fig 9. Tell the mosquitto server where to find the password file

Save the file and now start the server again.

5 °Step — At Terminal 1, type (run as Administrator, please):

<Ctrl + C>                             // To stop the server
mosquitto -c mosquitto.conf -v // to run it with loaded file

This will break the connection of the anonymous client:

Fig 10. See this message in the second terminals: Connection error: Connection Refused: not authorised. (sic)

6°Step — Now let’s test if the admin user can subscribe topic:

At Terminal 2, type:

mosquitto_sub -h localhost -p 1883 -u admin -P 123 -t temperature
Fig 11. Admin user subscribing at the second terminal

7°Step — Now let’s test if the admin user can publish to the same topic.

At Terminal 3, type (run as Administrator, please):

mosquitto_pub -h localhost -p 1883 -u admin -P 123 -t temperature -m 45
Fig 12. Admin user publishing at the third terminal

And there you have it! no more anonymous user!

1578789217: New client connected from ::1 as mosq-EEOo25jUO0f6IGxaTP  (p2, c1, k60, u'admin').

In the next MQTT episode, let’s use ACL (Access Control List).

Thanks and bye, for now, o/

Download All Files For This Project

MQTT Related Posts

01# Episode — Mosquitto Intro To MQTT — It is Suitable for the Internet of Things Applications — MQTT

02# Episode — Mosquitto — User Access Configurations Setups — Editing mosquitto.conf File to Configure SSL Authentications — MQTT (this one)

03# Episode — Mosquitto — MosquittoACLs — Wildcards & ACL — access control lists — MQTT

04# Episode — Mosquitto — MQTT QoS — How To Set QoS at Mosquitto Broker — MQTT

05# Episode — Mosquitto — Bulletproof TLS & SSL Mosquitto — How To Set Up Mosquitto Broker/Client Keys & Certificates — MQTT

06# Episode — Mosquitto — Mosquitto Bridge — How To Bridge Two Mosquitto Brokers — MQTT

07be tuned for the upcoming post about MQTT and IoT o/

References & Credits

Eclipse Mosquitto™ An open source MQTT broker

Microgênios — Treinamento em Sistemas Embarcados — Microchip Regional Partner — Microchip Certified Brazilian Training Education Company & a Simplício-Owned enterprise o/

Notes About mosquitto

- After installation and every PC restart, the mosquitto program starts automatically;- Mosquitto runs as a service and operates in the background;- If a new configuration is made in mosquitto it is common to STOP and START the mosquitto MQTT service;- Through shell, it is possible to reconfigure mosquitto without restarting the service;- The clients are constatlly sending PING to the server, that respond at about each 60 seconds intervals (); follow an extract:1578781078: Sending PINGRESP to mosq-nSDsiy1MZKG4ShY5D0
1578781138: Received PINGREQ from mosq-nSDsiy1MZKG4ShY5D0
- This is because HTPP protocol, which mosquitto is under, tends to disconnect the clients;

Sintaxe

Fig 4. Mosquitto syntax complete

Notes About This Post

Daemon (computing)

From Wikipedia, the free encyclopedia

Components of some Linux desktop environments that are daemons include D-Bus, NetworkManager (here called unetwork), PulseAudio (usound), and Avahi.

In multitasking computer operating systems, a daemon (/ˈdiːmən/ or /ˈdeɪmən/)[1] is a computer program that runs as a background process, rather than being under the direct control of an interactive user. Traditionally, the process names of a daemon end with the letter d, for clarification that the process is in fact a daemon, and for differentiation between a daemon and a normal computer program. For example, syslogd is the daemon that implements the system logging facility, and sshd is a daemon that serves incoming SSH connections. (from https://en.wikipedia.org/wiki/Daemon_(computing))

Review

All commands in this post: [Open 3 terminals as Administrator]

Subtitles: [terminal number/file] command description

For Anonymous access:[1][2][3] cd C:\Program Files\mosquitto     
[1][2][3] cls
[1] mosquitto -v
[2] mosquitto_sub -h localhost -p 1883 -t temperature
[3] mosquitto_pub -h localhost -p 1883 -t temperature -m 45
For Secure Access:
[1] mosquitto_passwd -c C:\ProgramFiles\mosquitto\passwordfile.pwd admin
[mosquitto.conf] allow_anonymous false
[mosquitto.conf] password_file C:\Program Files\mosquitto\passwordfile.pwd

[1] mosquitto -c mosquitto.conf -v
[2] mosquitto_sub -h localhost -p 1883 -u admin -P 123 -t temperature
[3] mosquitto_pub -h localhost -p 1883 -u admin -P 123 -t temperature -m 45

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
J3

J3

Hi, Guys o/ I am J3! I am just a hobby-dev, playing around with Python, Django, Lego, Arduino, Raspy, PIC, AI… Welcome! Join us!