After initially installing mongodb and running mongod with security.authorization: enabled option, how do I authenticate myself?
I need to access Mongo Shell to create root account, but it requires authentication...
According to this guide you should
first create an admin account
enable authorization and restart mongo instance
When you run mongod with authorization: enabled it will ask for a password, unless you're connecting from the localhost, in which case you'll be able to connect and create users.
This is known as the localhost exception, and it's the way they allow you to create a root or better off a userAdmin on the database. It won't ask you for a pwd.
You can of course, launch mongod without autorization: enabled, create the user, and re-launch. I find the previous approach far more practical than this.
You can simply run the mongo shell and it will run on localhost port 27017 by default.
Connection URL: mongodb://localhost:27017/your-project
That will allow you to create root account without any password.
You can take help of this article,
and also the official MongoDB security options configuration.
Related
I have forgot my mongodb root user password for the shared cluster of 3 nodes. I have gone through stack overflow for the same issue but was unable to replicate due to different configuration. Below is my configuration
mongodb version 4.4.
replication on 3 servers(nodes) using keyfile authentication.
all nodes are running in docker containers.
In case useful, I have other credentials that were created through root user for backup and read write permission but they dont have access to admin database.
Please guide me if you have any solution. thanks
unable to find anything to try
The official way of doing this is:
Restart the MongoDB without authorization, i.e. mongod --noauth ... or via configuration file
security:
authorization: disabled
Then you can logon without password and change credentials of the root user.
Attention: while the MongoDB is running without authorization, every user connects with root privileges, so you better restart the MongoDB in maintenance mode, i.e.
net:
bindIp: localhost
port: 55555
#replication:
# replSetName: shardA
#sharding:
# clusterRole: shardsvr
setParameter:
skipShardingConfigurationChecks: true
disableLogicalSessionCacheRefresh: true
Then you can connect only from localhost using port 55555 (which is not configured by other cluster members nor known by other users)
You need to do this only on the configuration server, because user accounts are stored there, not on the shards or mongos members.
However, there is a much simpler way to achieve the same, use the keyfile for authentication:
mongosh --authenticationDatabase local -u __system -p "$(tr -d '\011-\015\040' < /path/to/keyfile)"
I already setup mongod with authentication but forget to expose port 27017 to public but I don't understand why attacker can drop my database?
*** Updated, issued has been resolved, I forgot to re-enable auth after change something on config files and attacker random scripting execute drop database command on server which not enable auth.
Server Information:
MongoDB Server 4.0.3 on Ubuntu 16.04.5
You need to disable the remote access to your MongoDB.
In mongo conf file, setting bind_ip you can restrict.
Refer this link : http://wptrafficanalyzer.in/blog/enabling-and-disabling-remote-access-to-a-mongodb-server/
In your case, it might be accessible to remote users using mongoclient.
Just upgraded from Debian8 to Debian9. My MongoDB instance was upgraded as well (2.4 -> 3.2). Authentication is enabled.
In 2.4 when logging from localhost you could simply connect via mongo and was granted administrative privileges:
mongo
After doing some research it seems to me that in 3.2 you MUST login via some user/password combination even from localhost. But that seems awfully inconvenient.
mongo localhost/admin -u superAdminUser -p
So my question is whether that is really true and you do need to always use user/password combination? Or maybe I missed something and logging as superuser from localhost is still possible with no user/password?
if you start Mongodb by the following command , you will need to insert user name and password
mongod --dbpath /var/lib/mongo/ --auth &
also check /etc/mongod.conf file , you can enable/disable authentication .
security.authorization : enabled
As I know there is no way to disable authentication on local host only .
you can disable/enable authentication for all hosts which want to connect to Database
I have mongo db install on ec2 server and auth= true is turned on /etc/mongodb.conf but still any one can connect from remote using
mongo ipaddress. So how to revoke this access and permit user via authentication only.
You have to configure users specifically to handle authentication. There is no authentication as such like mysql. Access mongo console and configure users, add those credentials to your application which should connect to mongodb server. Follow the below steps in mongo console.
use admin
db.addUser("username", "Password")
use another_database_name
db.addUser("project1", "Password")
Restart mongodb instance with authentication enabled.
mongod --auth --config /etc/mongodb/mongodb.conf
I have a MongoDB database on my Linux server. I want to access it from another server. I tried to make a connection from my local computer with the Robomongo. The connection is succesfull, but the authentication fails.
How can I get the authentication credentials? Or should I change something in MongoDB before I can acces the database from another server / pc?
Someone else have set up this database, and there is no possibility to ask him this questions.
I have found the solution by my self:
The File etc/mongod.conf has a line 'bind_ip'. In this line, you originally have to add the IP address which you want to access your database. But, it don't work! You should better comment this line.
But, you don't have any authentication now, so you have to add authentication. Here you have an tutorial about this: http://ghosttx.com/2012/03/how-to-connect-to-a-remote-mongodb-server-with-mongohub-for-mac/
When you have done that, you have to enable authentication. You can do this by editing etc/mongod.conf again, and uncomment the line 'Auth = true'.
Now you can connect with you Mongo Database ;)
Ive sorted it by adding ssh option to RoboMongo following this link:
http://www.mongovue.com/2011/08/04/mongovue-connection-to-remote-server-over-ssh/
Im on OSX and connecting to Ubuntu 14 / Mongo 2.6.7 on VPS and when Ive added my ssh details to the Robomongo all seem to work ok (Ive also changed the mongo config to remove the ip_bing and enabled port 27017)
If you do not like to bother with authentication and stuff just make an SSH Tunnel:
ssh -fN -l username -i .ssh/id_rsa -L 9999:localhost:27017 remote.com
Just connect to mongodb on localhost:9999 and it will establish a connection to your mongodb on port 27017 on your server at remote.com.
Run your mongodb with following command to access mongodb from other servers
mongod --port 10945 --bind_ip 0.0.0.0
I was not able to use Robomongo with MongoDB 3.0 too (connecting from a Windows machine to a Linux one, using SSH). The only tool that works for me is MongoChef (http://3t.io/mongochef/).