Opensearch 2.18 virtualbox debian reset password

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
uname -a
Linux opensearch 6.1.0-26-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux
environment virtualbox
opensearch 2.18
opensearch-dashboard 2.18

Describe the issue:
I Installed opensearch and opensearch dashboard.
Then I tried to change the admin password running the command

cd /opt/opensearch/plugins/opensearch-security/tools
bash ./hash.sh

and inserting the obtained hash inside the hash value of this file
nano /opt/opensearch/config/opensearch-security/internal_users.yml
then restarted opensearch and opensearch-dashboard
but every time i try to login from dashboard i get that the password for admin is incorrect.

Configuration:

/opt/opensearch/config/opensearch.yml

cluster.name: experiment-cluster
node.name: onlynode
discovery.type: single-node
path.data:path.logs: /opt/opensearch/logs
bootstrap.memory_lock: true
network.host: 10.0.2.15
http.port: 9200
plugins.security.disabled: true
plugins.security.ssl.transport.pemcert_filepath: /opt/opensearch/config/certs/node1.pem
plugins.security.ssl.transport.pemkey_filepath: /opt/opensearch/config/certs/node1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /opt/opensearch/config/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: /opt/opensearch/config/certs/node1.pem
plugins.security.ssl.http.pemkey_filepath: /opt/opensearch/config/certs/node1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /opt/opensearch/config/certs/root-ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
  - 'CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
plugins.security.nodes_dn:
  - 'CN=node1.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
/opt/opensearch-dashboards/config/opensearch_dashboards.yml

server.port: 5601
server.host: "10.0.2.15"
opensearch.hosts: [http://10.0.2.15:9200]
opensearch.ssl.verificationMode: none
opensearch.username: admin
opensearch.password: ThePasswordInClear
opensearch.requestHeadersWhitelist: [authorization, securitytenant]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]
opensearch_security.cookie.secure: false

Relevant Logs or Screenshots:

Did you place the hash under the admin user or a different user? If you have started up opensearch previously, then you may already have data in your data/ directory which includes the security index. If the security index has existed previously then it will not reload the yaml files when starting up and will use what was stored on disk instead.

1 Like

@CuriousGuy, have you tried using securityadmin.sh to apply your new password/configuration?

Please see more info here:

Best,
mj