Redis: Password Authentication(AUTH) [Default User]

by

After installing the Redis server, our next task is to set up the authentication. In this article we are discussing- how to set a password for the default user in Redis.

The default user name for Redis is “default“. The basic steps of authentication will work for the “default” user.

To create new users and set passwords for those users, we need to use the Access Control List(ACL) of Redis. Using ACL we can set complex permissions for the user. ACL is available for Redis version 6 and later.

Check Details of Access Control List(ACL)

In this article, we are discussing how to set the password for the “default” Redis user. Let’s check step-by-step.

Method #1: Using redis-cli [Temporary]

Setting a password using the method will be reset when the Redis server is restarted. So, do not use this in production.
This is useful for a quick setup and checking.

First, connect to Redis server by using the “redis-cli“-

redis-cli

Check Password

Password for the “default” user is set in the configuration named “requirepass“. Let’s check what is the default value for that configuration. Use the command “CONFIG GET requirepass” for that-

127.0.0.1:6379> CONFIG GET requirepass
1) "requirepass"
2) ""

We can see the value of “requirepass” is an empty string. This means we can use the Redis server without authentication.

Set Password

To set the password for the “default” user, use the command “CONFIG SET“. In the following command, we are setting the password “bigboxpass” for the default user-

127.0.0.1:6379> CONFIG SET requirepass bigboxpass
OK

This command returned “OK“, which means the password is set properly.

Check Authentication

Now if we exit the terminal or exit the “redis-cli“, and then connect again.

Try to get some keys, by using the “GET” command-

127.0.0.1:6379> get somekey
(error) NOAUTH Authentication required.

An error is returned “NOAUTH“. So, now we can not access Redis keys without authentication.

Authenticate Default User

Let’s perform the authentication. For authentication, we use the “AUTH” command. The format of the command usage is “AUTH your_password_here”. As we have set the password “bigboxpass“, so the following command will work-

127.0.0.1:6379> AUTH bigboxpass
OK
127.0.0.1:6379> get somekey
"bigboxcode.com"

On authentication, we got “OK“, which means authentication is done successfully. And now we are able to access data from Redis.

Check Default User Password

Let’s check the value of “requirepass” config now.

127.0.0.1:6379> CONFIG GET requirepass
1) "requirepass"
2) "bigboxpass"

We can see the correct password is returned as the value of the command “CONFIG GET“.

Use of Wrong Password

Let’s check using a wrong password-

127.0.0.1:6379> AUTH somewrongpassword
(error) WRONGPASS invalid username-password pair or user is disabled.

An auth fail error is returned as expected.

Disable Password

To disable password authentication of the “default” user, we can set the value of “requirepass” config to blank/empty string(“”), like below-

127.0.0.1:6379> config set requirepass ""
OK

After running this command, we don’t need to authenticate using a password.

Method #2: Using redis.conf [Permanent Solution]

As discussed in the previous section we saw the password is saved in the config “requirepass”. In this method we will change the “requirepass” permanently.

The config of “requirepass” is saved in the “redis.conf” file. Let’s open the config file. We are opening in vim editor, you can open it in your preferred editor.

sudo vim /etc/redis/redis.conf

Then we have to look for the section “requirepass …..”. It will look like the below, the line is commented, and has some comment above it.

# IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility
# layer on top of the new ACL system. The option effect will be just setting
# the password for the default user. Clients will still authenticate using
# AUTH <password> as usually, or more explicitly with AUTH default <password>
# if they follow the new protocol: both will work.
#
# The requirepass is not compatible with aclfile option and the ACL LOAD
# command, these will cause requirepass to be ignored.
#
# requirepass foobared

In our Ubuntu server Redis config file, we found the configuration at line 1036

We have to uncomment(by removing the ‘#’ sign from the start of the line) the line “requirepass …..” and put our password after the “requirepass”. Here we have set the password “bigboxpass”.

# IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility
# layer on top of the new ACL system. The option effect will be just setting
# the password for the default user. Clients will still authenticate using
# AUTH <password> as usually, or more explicitly with AUTH default <password>
# if they follow the new protocol: both will work.
#
# The requirepass is not compatible with aclfile option and the ACL LOAD
# command, these will cause requirepass to be ignored.
#
requirepass bigboxpass

Restart Redis service, to activate the password change.

sudo service redis-server restart

Connect to Redis CLI using the following command-

redis-cli

Now we can use the “AUTH” command like below-

127.0.0.1:6379> AUTH bigboxpass
OK

Or we can connect using a password directly from the Redis CLI, using the following command –

redis-cli -h 127.0.0.1 -p 6379 -a bigboxpass

The -a argument/flag for passing the password.

Leave a Comment


The reCAPTCHA verification period has expired. Please reload the page.