Login nodered ui requires password suddenly

I’m Quite new on this subject (tool)
After successful installation I run several weeks load jobs successfully! On Linux Debian 11 (bullseye)

After a reboot node-red interface comes with login screen.
I checked settings.js
There is nothing enabled. I see (in database) that jobs are still running fine.

But I cant edit jobs anymore…
Any help is appreciated

I’m wondering how this can happen?

Is your device connected to the open internet ?
If so then you have most likely been hacked - see this thread - Dashboard suddenly asks for password (Hacked Node-RED servers)


Hi. Thanks for your reply.
My device is not accessible from internet.
Since it ran for more then a month (and it still runs) I rather think of an update which was semi-automatic done…

Passworded access to the Node-red editor is defined in ~/.node-red/settings.js.
Here is a sample of the standard file. The password deinition is commented out, so no password is prompted for.

    //adminAuth: {
    //    type: "credentials",
    //    users: [{
    //        username: "admin",
    //        password: "$2a$08$zZWtXTja0fB1pzD4sHCPucBMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
    //        permissions: "*"
    //    }]

Note that the section could be present both commented and uncommented.
If you comment it out and restart, you should be able to get back in to NR.
Another option is just to delete settings.js and restart.

Node-red updates are not automatic, nor do they set passwords. If you didn't set the password, someone/something else did. What else did they do while they had access to your computer?

If you still can't work it out then stop node red and start it again in a terminal and show us the startup log. Also which settings.js did you check?

Rebooted again today. Now even worse. Flow doesn start due to database access denied... (I can fix this in flow, but need UI acces...)
This is the log after starting:

mcattel@penguin:~/.node-red$ sudo node-red &
[1] 962
mcattel@penguin:~/.node-red$ 19 Nov 17:26:25 - [info] 

Welcome to Node-RED

19 Nov 17:26:25 - [info] Node-RED version: v3.0.2
19 Nov 17:26:25 - [info] Node.js  version: v12.22.12
19 Nov 17:26:25 - [info] Linux 5.10.114-16025-ge75506b9d98e x64 LE
19 Nov 17:26:30 - [info] Loading palette nodes
19 Nov 17:26:40 - [info] **Settings file  :/root/.node-red /settings.js**
19 Nov 17:26:40 - [info] Context store  : 'default' [module=memory]
19 Nov 17:26:40 - [info] User directory : /root/.node-red
19 Nov 17:26:40 - [warn] Projects disabled : editorTheme.projects.enabled=false
19 Nov 17:26:40 - [info] Flows file     : /home/mcattel/.node-red/flows.json
19 Nov 17:26:40 - [warn] 

Your flow credentials file is encrypted using a system-generated key.

If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.

You should set your own key using the 'credentialSecret' option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.

19 Nov 17:26:40 - [info] Server now running at
19 Nov 17:26:40 - [info] Starting flows
19 Nov 17:26:40 - [info] Started flows
19 Nov 17:26:40 - [error] [mysql:Database] Database not connected
19 Nov 17:26:40 - [error] [MySQLdatabase:8648a27d733482c7] Error: Access denied for user ''@'localhost' (using password: NO)
19 Nov 17:26:40 - [error] [MySQLdatabase:energy] Error: Access denied for user ''@'localhost' (using password: NO)

mcattel@penguin:~/.node-red$ pwd
mcattel@penguin:~/.node-red$ ls -la
total 140
drwxr-xr-x 1 mcattel mcattel   454 Nov 19 17:15 .
drwxr-xr-x 1 mcattel mcattel  1050 Nov 19 17:23 ..
-rw-r--r-- 1 mcattel mcattel 16230 Sep 15 17:32 .config.nodes.json
-rw-r--r-- 1 mcattel mcattel 15554 Sep 15 17:32 .config.nodes.json.backup
-rw-r--r-- 1 mcattel mcattel    95 Sep 13 19:56 .config.runtime.json
-rw-r--r-- 1 mcattel mcattel   583 Sep 16 13:57 .config.users.json
-rw-r--r-- 1 mcattel mcattel   584 Sep 16 13:57 .config.users.json.backup
-rw-r--r-- 1 mcattel mcattel   235 Sep 16 15:18 flows_cred.json
-rw-r--r-- 1 mcattel mcattel   155 Sep 16 15:18 .flows_cred.json.backup
-rw-r--r-- 1 mcattel mcattel 13589 Sep 16 19:46 flows.json
-rw-r--r-- 1 mcattel mcattel 13541 Sep 16 19:46 .flows.json.backup
drwxr-xr-x 1 mcattel mcattel    10 Sep 13 19:56 lib
drwxr-xr-x 1 mcattel mcattel   696 Sep 15 17:32 node_modules
-rw-r--r-- 1 mcattel mcattel   244 Sep 15 17:32 package.json
-rw-r--r-- 1 mcattel mcattel 25164 Sep 15 17:32 package-lock.json
-rw-r--r-- 1 mcattel mcattel 22610 Nov 11 20:27 settings.js

Even tried after removing the settings.js

... But found something
Maybe I'm running using a composer.

mcattel@penguin:/usr/local/bin$ ls -l
total 2748
-rwxr-xr-x 1 root root 2801573 Sep 26 15:28 composer
lrwxrwxrwx 1 root root      35 Sep 13 19:54 node-red -> ../lib/node_modules/node-red/red.js
lrwxrwxrwx 1 root root      52 Nov  9 15:08 node-red-admin -> ../lib/node_modules/node-red-admin/node-red-admin.js
lrwxrwxrwx 1 root root      44 Sep 13 19:54 node-red-pi -> ../lib/node_modules/node-red/bin/node-red-pi

At the end I think I fixed it by editing this file:
Settings file :/root/.node-red /settings.js

Not sure how it came there.....
instead of the file where I expect to be there.: /home/mcattel/.node-red
The setting.js file was still default (with george and admin user)

You started node red using sudo, that is why it is using a file in the root folder. You should not start node-red using sudo unless you have a very good reason, and probably not even then.

1 Like

Also node-red 3.0 requires nodejs 14 or above. See Version 3.0 released : Node-RED

The best way to upgrade is to use the recommended Debian/Ubuntu/Pi install script Running on Raspberry Pi : Node-RED

1 Like

Was the login notated "Node-RED", or was it a login for your server or network? Are you local to the Node-RED instance? or on another pc on the network?

thanks Colin.

its probably because of I installed and running it with sudo

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.