Hi Steve. Thanks for the nice tutorial. It helped me understand few things better. I would like to add a little more info for your viewers. You are using ps -a to get the process id and then kill the process to make the changes take effect after you edit the configuration. There is a another better way. 1. Make changes to the mosquitto.conf. 2. sudo systemctl stop mosquitto.service 3. Sudo systemctl daemon-reload 4. sudo systemctl start mosquitto.service. May be you can add this way of doing it to your blog. Thanks
Hi, Thanks for a descriptive video. When I enable the configurations in the default mosquitto.conf file, I'm able to connect to the broker with our or without credentials too. If I maintain it in separate conf file, then the authorization part works. Am I missing something?
How are you starting the broker?If you start without any command line arguments it will use the mosquitto.conf file. If you start with the -c argument it will use the configuration file that you specify e.g mosquitto -c myfile.comf
I enabled allow_anonymous and password_file in musquitto.conf and started it without -c, to allow the usage of default conf file. Wonder why this didn't work. However, a separate conf file worked with -c.
The allow_anonymous should be set to False to force username and password authentication. The tutorial on the site explains in more detail what happens when you use a username/password with allow anonymous set to True www.steves-internet-guide.com/mqtt-username-password-example/
Thanks for the tutorials steve. If I want to encrypt the password sent to the broker can I use payload encryption to avoid using keys? If so can you point me to the topics I need to know to do this?
Hi Yes you could but in a way it doesn't solve anything as the hacker would still see the password and could use it as is. I think a better method would be some kind of token in the payload which you could encrypt with the payload. Here is a tutorial on payload encryption using python. www.steves-internet-guide.com/encrypting-the-mqtt-payload-python-example/ Rgds Steve
Hey Steve, I saw your transport encryption tutorial, but wonder how something like that work with the password since the broker is handling the authentication, not the receiving client? Can you point me to anything for that?
It works the same way. The encryption is just a wrapper around the message the wrapper is taken off at the receiver and you get the original message. www.steves-internet-guide.com/internet-protocol-suite-explained/ Does that make sense?
You probably don't have permissions. When doing testing I always put the files in my home directory . I only copy them to the /etc folder when the are ready for production
Hi Steve, Coworker and I are trying to work through setting this up. I am getting "Error: Unable to open configuration file." when I attempt to disallow anonymous. The .conf file is still the default name. Is this something simple like a folder permissions setting or something different?
It could be an error in the config file or the wrong path. The error reasons given aren't always very clear. If you continue to get them use the ask-steve link on the site and send me the config file
Hi Steve, I’m having trouble of open up my mosquitto.conf at my raspberry.It always mentioned permission denied.Could you assist me regarding this problem.Im trying to install the key and ca on my raspberry.Thank you
Using the mqtt pub_sub client then pass the username and password after teh client id as follows mqttClient.connect("arduino-1","steve","password")) Rgds Steve
hi steve, when i try to encrypt the password file like u did on minute 2:38 igot this error C:\Program Files (x86)\mosquitto>mosquitto_passwd -U mosquitto1.txt Error creating backup password file "mosquitto1.txt.tmp", not continuing. i hope u can help me. thanks in advance.
You are probably missing a dll. Did you download the mosquitto install files from my site? If not download them and copy them to a directory and run it from there. www.steves-internet-guide.com/downloads/
Hi Steve, thanks for the tutorial. I have a question, if i have 50 devices connected to a Broker, do i have to create 50 users, or just register 1 user with password and used together? It's quite tedious to register auth one by one and manage the password changes in other time. Is there any way easier?
Hi Steve, have you thought of doing a tutorial on installing mosquitto to a privet home sever, like freenas I have looked all over and the info is very vague at best. Regards Chris.
from what I have found it is freeBSD or UNIX. Yes I have it installed and running on my home server for movies using Plex. freenas is jails based from some things I have read I would have place mosquitto into a jails and start from there.
hai steve i found eror like this 1525918561: mosquitto version 1.4.14 (build date 11/07/2017 0:03:18.53) starting 1525918561: Config loaded from pass.conf. 1525918561: Opening ipv6 listen socket on port 1883. 1525918561: Error: Only one usage of each socket address (protocol/network address/port) is normally how i can fix this?
It looks like you are trying to use the same port twice. If you still have problems the use th the ask steve page on the site to send me the details www.steves-internet-guide.com/ask-steve/
Yes about new users dynamically and i dont worry about restart broker but how do i restart it after add new user and how how add user? (with api or web server?) If i restart broker,other users lost connection?
You don't need to restart the broker to get the password file reread. If you look at the article on the site www.steves-internet-guide.com/mqtt-username-password-example/ it shows how to use the HUP signal to reload the config files
