Mosquito without auth

I have just installed home assistant on a pi using the OS image file.
I have installed Mosquitto via the UI, however the log shows me:

Socket error on client , disconnecting.
1639159576: New connection from on port 1883.

Looking into this, it appears that mosquito is not allowing unauthenticated connections - but my attempts so far to disable authentication have failed. Any ideas?

I’m pretty sure that the addon uses home assistant users for authentication. So the easiest thing for you to do - is add a new Home Assistant user specifically for mqtt.

I had assumed the issue here was that devices were trying to connect to mosquito and having their connections refused. Unfortunately not all of my devices support authentication, which isn’t generally a problem on a closed network…I know I can configure standalone mosquito to allow unathenticated connections. But so far I haven’t managed it with HA:

certfile: fullchain.pem
active: false
folder: mosquitto
keyfile: privkey.pem
require_certificate: false
anonymous: true

Create /share/mosquitto/acl.conf with the contents:

acl_file /share/mosquitto/accesscontrollist

Create /share/mosquitto/accesscontrollist with the contents:

topic readwrite #

Restart the addon, it should now allow anyone to read and write to the broker without authentication.


For more information.

Thanks - I tried the above, along with this suggestion (very similar to yours):

Bizzarely, I do now get a single device connecting. However, all other devices - including HA itself connecting from localhost, are rejected

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] executing... 
[18:25:11] INFO: SSL is not enabled
[cont-init.d] exited 0.
[cont-init.d] executing... 
[cont-init.d] exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[18:25:12] INFO: Starting NGINX for authentication handling...
[18:25:12] INFO: Starting mosquitto MQTT broker...
1639160712: mosquitto version 1.6.12 starting
1639160712: |-- *** auth-plug: startup
[18:25:13] INFO: Successfully send discovery information to Home Assistant.
[18:25:13] INFO: Successfully send service information to the Supervisor.
1639160712: Config loaded from /etc/mosquitto/mosquitto.conf.
1639160712: Loading plugin: /usr/share/mosquitto/
1639160712:  ├── Username/password checking enabled.
1639160712:  ├── TLS-PSK checking enabled.
1639160712:  └── Extended authentication not enabled.
1639160712: Opening ipv4 listen socket on port 1883.
1639160712: Opening ipv6 listen socket on port 1883.
1639160712: Opening websockets listen socket on port 1884.
1639160712: Warning: Mosquitto should not be run as root/administrator.
1639160712: mosquitto version 1.6.12 running
1639160712: New connection from on port 1883.
1639160712: Socket error on client <unknown>, disconnecting.
1639160748: New client connected from as OTGW2C:F4:32:57:D8:CD (p2, c1, k15).
1639160782: New connection from on port 1883.
401: Unauthorized1639160782: Socket error on client <unknown>, disconnecting.

Because you are using an ACL file, any device now that has a username and password, either needs to be connecting anonymously - or there needs to be a line in the ACL file for that user:

user device-username
topic readwrite #

If the user does not exist in the ACL file, then it will be rejected.

Most of my devices are Tasmota. Setting a blank username and password via the Tasmota web UI for does not work - they reset to their (non blank) defaults. However, disabling both at the command line:

MqttUser 0
MqttPasswqord 0

Does allow the devices to connect.

This workaround works in that case - once I have configured all the devices.
I know if this was a standalone install of mosquitto, I could enable anonymous logins, at which point mosquitto would simply ignore any auth - and let clients connect whatever credentials they passed. Is this something that can be enabled when using the HA installed mosquito?

A default standalone install of Mosquitto does not have any auth enabled by default, you have to run a bundled tool in order to add users and passwords to (standalone) Mosquitto. If you attempt to connect with a username that does not exist, it will still reject the connection. It’s not really anonymous as such - it just doesn’t have any users configured out-of-the-box.

Ah thanks.
I have just run a script to blank all my MQTT device credentials, which has done the trick.

It would be nice were there a way to run HA mosquito such that it would accept any connections, whether auth was provided or not - which I did have working with my standalone install, but there may be good reasons this is not possible, and for now all is working!

Thanks for your help with this one, and have a good weekend!

1 Like

I may not be correct when it comes to how it handles usernames being passed to it on a default install, it’s been a while. I know that I have to Google just to remember how to add a new user to it haha.

I have the same problem.
Communication between anonymous clients running on different servers and mosquitto broker on HA is not working.

This method did not solve the problem.

This custom addon solved.

Can anyone come up solution for this problem on an existing addon?

I can second that.

I have some clients in my network, that do not support mqtt auth. My setup was working fine but suddenly anonymous login is not working anymore.

I’m in that situation when trying to update (in HA as add on) from 6.0.2 to 6.1.1.

I just rolled back and everything works again.

It seems that the new auth version rejects unknown clients…