Open Distro for Elasticsearch is AWS open source version of ELK architecture, original Elasticsearch part need to pay for features free access to (such as Alert), for I wait for the pursuit of open (mian) source (fei) large (diao) Public (si) User it is indeed a good choice.
After installed according to its installation steps can use the default password admin: admin login, but it is not easy to change this default password, a search of the entire network, summarized as follows for needy students Reference:
Step 1: Generate new Admin Password Hash
#Create Hashes for Your admin
sudo chmod +x /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh
/bin/bash -c /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh
7-mDj5 =
$ 2y $ 12 $ tOoM6Wz.elENbw23EZfqL.CSrd7giB / 5yKQQ0YWq8ZSwfXJPBEq8m
Step two: Back generated password Hash record, edit internal_users.yml (please backup before editing)
#Create a Local, Modified Copy of internal_users.yml, then replace with the new admin hash
cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/
sudo cp internal_users.yml internal_users.yml.backup
sudo vim internal_users.yml
The third step: Run the password update allows elasticsearch
#to reflect the changes, run below commands,
#https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/security-admin/
cd /usr/share/elasticsearch/plugins/opendistro_security/tools/
sudo bash ./securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem
Three steps to complete before you can use the new password Kibana, API calls can use the new password for authentication, and then use the original password authentication will prompt Unauthorized.
Will output the following after the final step in the successful implementation
WARNING: JAVA_HOME not set, will use /usr/bin/java
Open Distro Security Admin v7
Will connect to localhost:9300 ... done
Connected as Kirk CN =, OU = customer, customer = O, L = test, of C =
Elasticsearch Version: 7.3.2
Open Distro Security Version: 1.3.0.0
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: 8zcl5szk
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
Will update '_doc/config' with ../securityconfig/config.yml
SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with ../securityconfig/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with ../securityconfig/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with ../securityconfig/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with ../securityconfig/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with ../securityconfig/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Done with success