Unable to login with hashed pw in RC.1-1

[loknar28]

Based on my issue I wasn't sure if this was a bug or not, but any help would be appreciated.

Following the Graylog2 server and web interface guides I have successfully installed RC.1-1 on Ubuntu 12.04 LTS.

However, when I attempt to login using the pwgen –s 96 hashed password that I set for "root_password_sha2 =" in /etc/graylog2.conf I receive the error "Sorry, those credentials are invalid."

For example "echo -n password | shasum -a 256" generates the following hash. 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 -

Since, I am unfamiliar with using pwgen –s 96 I wasn’t sure if the ”
-“ at the end was supposed to be included, so I tried both and neither work.

Additionally, should the following line in /etc/graylog2.conf be set to "root_password_sha256"? ie… currently root_password_sha2 = 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

Thanks

[kroepke]

Hi! The dash at the end is not part of the hash, it's shasum's way of telling you it it used stdin to generate a hash otherwise it would state the filename it generated the hash for.

pwgen is not meant for generating hashes of passwords, it generates a random string that you can use as a password (or hash key), such as the application.secret in the web interface or the password.secret in graylog2.conf.

If I use the exact line you provided for the root_password_sha2 this works for me right away. Could you please share you config files and what credentials you use to log in? I'm thinking there might be a different problem.

On the sha2 name, yes, I suppose we could rename it, but nowadays I think it might have been a mistake to include the hash name at all. But technically it is still correct, sha256 is a hash of the sha2 family, but that's nitpicking :)

[loknar28]

OK I get it now and I realized that root_username = admin was commented out. However, setting this active did not help either. Thank you for your quick reply to my questions, I know there were a few. ;-) I have included my config in the code boxes below my comments.

I was somewhat confused by the way the blue #Commented-Out-Instructions read within the /etc/graylog2.conf file itself. They seem to imply that you would use the pwgen tool for both actions.

# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. # Generate one by using for example: pwgen -s 96 password_secret = pwgen -s 96 # the default root user is named 'admin' # root_username = admin # You MUST specify a hash password for the root user (which you only need to initially set up the # system and in case you lose connectivity to your authentication backend) # Create one by using for example: echo -n yourpassword | shasum -a 256 # and put the resulting hash value into the following line root_password_sha2 = Hashed PW

Regarding sha256 being part of the sha2 family, I really should know that already, lol. /FacePalm but anyway I am glad to get the confirmation.
/etc/graylog2.cfg

 # If you are running more than one instances of graylog2-server you have to select one of these
 # instances as master. The master will perform some periodical tasks that non-masters won't perform.
is_master = true

 # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
 # to use an absolute file path here if you are starting graylog2-server from init scripts or similar.
node_id_file = /etc/graylog2-server-node-id

 # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
 # Generate one by using for example: pwgen -s 96
password_secret = pwgen -s 96
 # the default root user is named 'admin'
root_username = admin
 # You MUST specify a hash password for the root user (which you only need to initially set up the
 # system and in case you lose connectivity to your authentication backend)
 # Create one by using for example: echo -n yourpassword | shasum -a 256
 # and put the resulting hash value into the following line
root_password_sha2 = password

 # Set plugin directory here (relative or absolute)
plugin_dir = plugin

 # REST API listen URI. Must be reachable by other graylog2-server nodes if you run a cluster.
rest_listen_uri = http://127.0.0.1:12900/
# REST API transport address. Defaults to first non-loopback IPv4 system address and port 12900.
# This will be promoted in the cluster discovery APIs and other nodes may try to connect on this
# address. (see rest_listen_uri)
#rest_transport_uri = http://192.168.1.1:12900/

# Embedded elasticsearch configuration file
# pay attention to the working directory of the server, maybe use an absolute path here
#elasticsearch_config_file = /etc/graylog2-elasticsearch.yml

elasticsearch_max_docs_per_index = 20000000

# How many indices do you want to keep?
# elasticsearch_max_number_of_indices*elasticsearch_max_docs_per_index=total number of messages in your setup
elasticsearch_max_number_of_indices = 20

# Decide what happens with the oldest indices when the maximum number of indices is reached.
# The following strategies are availble:
#   - delete # Deletes the index completely (Default)
#   - close # Closes the index and hides it from the system. Can be re-opened later.
retention_strategy = delete

# How many ElasticSearch shards and replicas should be used per index? Note that this only applies to newly created indices.
elasticsearch_shards = 1
elasticsearch_replicas = 0

elasticsearch_index_prefix = graylog2

# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
# be enabled with care. See also: http://support.torch.sh/help/kb/graylog2-web-interface/the-search-bar-explained
allow_leading_wildcard_searches = false
# settings to be passed to elasticsearch's client (overriding those in the provided elasticsearch_config_file)
# all these
# this must be the same as for your elasticsearch cluster
#elasticsearch_cluster_name = graylog2

# you could also leave this out, but makes it easier to identify the graylog2 client instance
#elasticsearch_node_name = graylog2-server

# we don't want the graylog2 server to store any data, or be master node
#elasticsearch_node_master = false
#elasticsearch_node_data = false

# use a different port if you run multiple elasticsearch nodes on one machine
#elasticsearch_transport_tcp_port = 9350
# we don't need to run the embedded HTTP server here
#elasticsearch_http_enabled = false

#elasticsearch_discovery_zen_ping_multicast_enabled = false
#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300

# Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
# All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
# ElasticSearch documentation: http://www.elasticsearch.org/guide/reference/index-modules/analysis/
# Note that this setting only takes effect on newly created indices.
elasticsearch_analyzer = standard

# Batch size for all outputs. This is the maximum (!) number of messages an output module will get at once.
# For example, if this is set to 5000 (default), the ElasticSearch Output will not index more than 5000 messages
# at once. After that index operation is performed, the next batch will be indexed. If there is only 1 message
# waiting, it will only index that single message. It is important to raise this parameter if you send in so
# many messages that it is not enough to index 5000 messages at once. (Only at *really* high message rates)
output_batch_size = 5000

# The number of parallel running processors.
# Raise this number if your buffers are filling up.
processbuffer_processors = 5
outputbuffer_processors = 5

# Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
# Possible types:
#  - yielding
#     Compromise between performance and CPU usage.
#  - sleeping
#     Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
#  - blocking
#     High throughput, low latency, higher CPU usage.
#  - busy_spinning
#     Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
processor_wait_strategy = blocking
# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
# Start server with --statistics flag to see buffer utilization.
# Must be a power of 2. (512, 1024, 2048, ...)
ring_size = 1024

# MongoDB Configuration
mongodb_useauth = false
#mongodb_user =
#mongodb_password =
mongodb_host = 127.0.0.1
#mongodb_replica_set = localhost:27017,localhost:27018,localhost:27019
mongodb_database = graylog2
mongodb_port = 27017

# Raise this according to the maximum connections your MongoDB server can handle if you encounter MongoDB connection problems.
mongodb_max_connections = 100

# Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, then 500 threads can block. More than that and an exception will be thrown.
# http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
mongodb_threads_allowed_to_block_multiplier = 5

# Drools Rule File (Use to rewrite incoming log messages)
# See: http://support.torch.sh/help/kb/graylog2-server/custom-message-rewritingprocessing
# rules_file = /etc/graylog2.drl

# Email transport
transport_email_enabled = false
transport_email_hostname = mail.example.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username = you@example.com
transport_email_auth_password = secret
transport_email_subject_prefix = [graylog2]
transport_email_from_email = graylog2@example.com

/conf/greylog2-web-interface.conf

# graylog2-server REST URIs (one or more, comma separated) For example: "http://127.0.0.1:12900/,http://127.0.0.1:12910/"
graylog2-server.uris="http://127.0.0.1:12900/"

# Learn how to configure custom logging in the documentation:
#    http://support.torch.sh/help/kb/graylog2-web-interface/configuring-web-interface-logging

# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions. Set this to a long and randomly generated string.
# If you deploy your application to several instances be sure to use the same key!
# Generate for example with: pwgen -s 96
application.secret="6EE6xnwlUkjTBshIHUxHWTikn4zCAsVwJn5lGmvBRBYr6WikGoEy7TPfyUoejwvGkKPdmuPA0DSPOm3icUKT4uWsXteLmnmM"

# Web interface timezone
# Graylog2 stores all timestamps in UTC. To properly display times, set the default timezone of the interface.
# If you leave this out, Graylog2 will pick your system default as the timezone. Usually you will want to configure it explicitly.
# timezone="Europe/Berlin"

# Message field limit
# Your web interface can cause high load in your browser when you have a lot of different message fields. The default
# limit of message fields is 100. Set it to 0 if you always want to get all fields. They are for example used in the
# search result sidebar or for autocompletion of field names.
field_list_limit=100 ```

[loknar28]

I am still unable to log in. In my post from yesterday I included the two config files I figured you were talking about. I am unsure if this was the best way to include the configs you requested. If there is a better option to use let me know and I will send them though that method. I tried to create a "Code" box that would not take up the whole page, but it wasn't clear that this would be possible though GitHub's system. Collin

[loknar28]

OK, Feeling a bit silly now, after discovering why I was unable to log in. # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.

Generate one by using for example: pwgen -s 96

password_secret = pwgen -s 96

However, in my defense I had misread the line and thought it was specifying the type of tool used to generate the salt so Greylog2 would be able to read the salt in /conf/greylog2-web-interface.conf ;-)

[Tusharkale123]

To be able to connect to Graylog you should set rest_listen_uri and web_listen_uri to the public host name or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.

not able to configure the above steps, can somebody tell me how to configure it?

[joschi]

@Tusharkale123 We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our discussion forum or join the #graylog channel on freenode IRC.

Thank you!