Node Red security password

Hello,
I have securely created Username/password based authentication from Node red documentation.
I am a beginner in node red
same like this in settings.js file

adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
permissions: "*"
}]
}


but i am not able to log in with the password. 
which password should be used during log in in browser i.e. localhost:...

thanking you.![node%20red|690x309](upload://A8gER88Q9P5NGbZKgLsHlGVzPX7.png)

Check if it could be related to one of the below issues:

1- Modifying the wrong settings.js file (yep, there is more than one in your system). While Node-RED is initializing it will show in the screen log which settings.js file is used. You should modify that file.

In my case (just to illustrate):

2- Make sure you added the configuration lines in the right place in the settings.js file. It should be included under the module.exports session. To be in the safe side it may be better to search and uncomment the lines from the file.

In my case (just to illustrate):

3- It is mandatory to restart Node-RED after doing the change to the settings.js file

thank you for you reply.
i checked the above given info.
its all correct. but for log in its not accepting the password given there.
What password should i use?

I recommend to check the password against the hash in an online tools , like this one (click here):

If you entered the example from the docs then the password is: password

1 Like

You need to follow the link to the security.html page and follow the instructions to create your own password hash that replaces the "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."

you then restart Node-RED so it reads the file containing your password hash and log in with your password.

thank you for you reply. i followed all these steps.
"$2b$08$gzkXWJA3Zd2RzpXqL7uPsOqyHsF628QCF9CYHCywVcz3Gqe56N4ta.",
this is what my password in settings.js file looks like.
but with this i am not able to login.

Did you check your password like suggested?

1 Like

I tried this Hash match.
but still i dont know passwords to match.
so this kind of not working for me.

Eh?

Did you generate your own password? If so, then you know it.

  1. Think of a password
  2. Generate a hash from that password
  3. Check hash matches your password
  4. Copy the hash to settings file
  5. Restart node red
  6. Login using password you thought of in step 1

It's really quite simple.

2 Likes

If you follow the step by step instructions from @Steve-Mcl it is gonna work wonderfully.

Just one question:
What tool you have used to get the hash you posted?
"$2b$08$gzkXWJA3Zd2RzpXqL7uPsOqyHsF628QCF9CYHCywVcz3Gqe56N4ta." ?

i installed first

npm install -g node-red-admin

then

node-red-admin hash-pw

in command promt 

this created password. and i copied it and pasted into setttings.js file in node-red.

and then i used it to log in into node red. 
but not working.

you don't mention restarting Node-RED

I did restarted and did process newly again.

this is what i followed: from Node Red Documentation

Blockquote

Username/password based authentication

To enable user authentication on the Editor and Admin API, add the following to your settings.js file:

adminAuth: {
    type: "credentials",
    users: [{
        username: "admin",
        password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
        permissions: "*"
    }]
}

The users property is an array of user objects. This allows you to define multiple users, each of whom can have different permissions.

This example configuration defines a single user called admin who has permission to do everything within the editor and has a password of password . Note that the password is securely hashed using the bcrypt algorithm.

Note : in previous releases of Node-RED, the setting httpAdminAuth could be used to enable HTTP Basic Authentication on the editor. This option is deprecated and should not be used.

Generating the password hash

To generate a suitable password hash, you can use the node-red-admin command-line tool. Instructions for installing the tool are available here.

node-red-admin hash-pw

The tool will prompt you for the password you wish to use and then print out the hash that can be copied into the settings file.

1 Like

Which settings.json file did you edit?
Post the log you see when you restart node-red, starting with the Welcome to node-red message, up to the point where you try to log in.

please checkout the images i have uploaded..
thanking you .
i just dont know which password should i use while logging in Node red...

Thanking you.

`

The password you have to enter in the login screen is the one you entered when using the tool `node-red-admin

a-05

One thing you can test is trying to login using another browser in your computer to see if it makes any difference.

1 Like

Thank you for all your help.
I got the point about the password generated by hash.
so I used the Hash password which converts it into a simple password.

now I am able to log in.

thanking you.

regards,
Ragahvendraawad.

The password is not generated by the hash, you are supposed to enter the password you want in the admin tool and it generates the hash for that password for you to put in the settings file.

ahha.
thank you @Colin, @Andrei, @ukmoose .
I solved that problem thank you all.

these posts helped me in my current problem as well as other aspects of node red.

thanking you.

What was your problem and how did you solve it?

This answer would make the thread more useful for anyone else who has the same problem and find this thread in the future.