Hi to all
I'm running NODE RED on Raspberry PI5 Bookworm. Following the "securing nodered" instruction I have createted an hash password and edited settings.js
Whe I try to access node-red editor login windows appears but if I'm absolutely sure of my correct user and password input the message "login failure" apper... please elp me I'm very close to the to the destruction of my raspberry 
Thanks for your cooperation
1 Like
I had the same thing happen, I ended up starting a fresh installation without securing it, I hope someone lends some light on the situation.
It works for me:
NB the <<- ! and final ! are not needed, I just used them so you can see my password is nice and secure 
Also "admin" here means you want to perform an administrative task, not the username
pi@TestOS:~/.node-red $ node-red admin hash-pw <<- !
> password1
> !
Password: $2a$08$IYkf3sQb5.gxdR7C5ZUnwel3cq5siukhhjO3dTWgjykx4Q/G5ZnaG
In settings.js I have this.
See that the password hash is the same, and the username is "admin"
/*******************************************************************************
* Security
* - adminAuth
* - https
* - httpsRefreshInterval
* - requireHttps
* - httpNodeAuth
* - httpStaticAuth
******************************************************************************/
/** To password protect the Node-RED editor and admin API, the following
* property can be used. See https://nodered.org/docs/security.html for details.
*/
adminAuth: {
"type": "credentials",
"users": [
{
"username": "admin",
"password": "$2a$08$IYkf3sQb5.gxdR7C5ZUnwel3cq5siukhhjO3dTWgjykx4Q/G5ZnaG",
"permissions": "*"
}
]
},
Restart Node-red & visit the editor URL:
And success!
Did you restart NR after setting your credentials in the settings file?
Thanks for your reply
Yes
of course
This is what is in my setting.js file
adminAuth: {
type: "credentials",
users: [
{
username: "admin",
password: "$2y$08$fvIZYnWxkSOBkjEjsgSORe5dbMeJbj3wDbDND9sGsY9xFTsRSEFFK",
permissions: "*"
},
{
username: "user",
password: "$2y$08$Bo/OKKX8ZmeUBHGallYLhehFdXIwljU7MXK3Ua6AmanhHH4wKNyXa",
permissions: "read"
}
]
}
Issued command after settings.js saving
chl@raspberrypi:~/.node-red $ node-red-stop
Stop Node-RED
Use node-red-start to start Node-RED again
chl@raspberrypi:~/.node-red $ node-red-restart
Restarted Node-RED
chl@raspberrypi:~/.node-red $
Starting node red login is requested and my answers are:
Username : admin
Password : $2y$08$fvIZYnWxkSOBkjEjsgSORe5dbMeJbj3wDbDND9sGsY9xFTsRSEFFK
……
marco cheli
Via dei Platani – 20
51100 PISTOIA
marco@cheli.info
3485100539
Admin edit. Please use triple backticks for code and terminal output
If you look at my example I put the long password hash into settings.js, but at the login screen I used "password1"
which settings file did you edit? (full path please)
Hi jbudd
Thanks for your suggestion
I’m not sure to understand what you suggest
If I choose a complex password it is because I wont to protect nodered editor from undue access to my public IP
So if for nodered editor access it is enough to digit “admin/password1” it is too much simple to hack my nodered
I don’t understand something?
Bye
marco cheli
Via dei Platani – 20
51100 PISTOIA
marco@cheli.info
3485100539
Hi Steve
/home/chl/.node-red/settings.js
Bye
marco cheli
Via dei Platani – 20
51100 PISTOIA
marco@cheli.info
3485100539
Certainly one of us is misunderstanding something but it's not necessarily you.
I interpret your replies above as meaning you typed in the password hash, not the actual password.
In settings.js you should have
$2y$08$fvIZYnWxkSOBkjEjsgSORe5dbMeJbj3wDbDND9sGsY9xFTsRSEFFK
And in the login screen you should use the string which you used to generate that password hash.
You are right to use a secure password. "password1" is just an example which could be guessed in a millisecond by a teenage hacker.
Hi Jbudd
Now I understand !!!!!!
So it is clear that was me that doesn’t understand !!!! 
I try immediately
thanks
marco cheli
Via dei Platani – 20
51100 PISTOIA
marco@cheli.info
3485100539
Thanks again jbudd
Now it’s working !!!!!
Reading again your first email your explanation wos absolutely clear
Have you a nice week end
marco cheli
Via dei Platani – 20
51100 PISTOIA
marco@cheli.info
3485100539
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
