MQTT Allow anonymous login

Configuration
1

Hi.
I’ve been using Home Assistant for a while in a Docker container, and I also had a mosquito broker set up in another container. I managed to set up the MQTT integration and everything worked just fine.
Recently, however, I decided to try out a supervised installation of Home Assistant. I used the Add-on store to install the mosquito broker, however, it seems like clients cannot subscribe to topics anymore.

Here’s what I get when I test the MQTT broker using the following command: mosquitto_sub -h 192.168.0.12 -t 'some/topic' -d

Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending SUBSCRIBE (Mid: 1, Topic: some/topic, QoS: 0, Options: 0x00)
Client (null) received SUBACK
Subscribed (mid: 1): 128
Client (null) sending DISCONNECT
All subscription requests were denied.

I did a bit of googling and found out that I had to log in using a username and password (just added -u my_username -P my_password to the command above). And just like that, I was able to connect to the broker and subscribe to topics.
The thing is, that I would like to be able to use the MQTT broker without logging in with an account. My configuration is this:

logins: []
customize:
  active: false
  folder: mosquitto
certfile: fullchain.pem
keyfile: privkey.pem
require_certificate: false
anonymous: true

I read on some forum that there’s an anonymous option, however, it does not seem to do anything.
I do understand that it’s safer to have some kind of authentication, but still, I would like to disable it.
Is there any way to do it?

1 Like
2

you need to edit mosquito server config file to allow unathenticated login

allow_anonymous true

1 Like
3

Where exactly can I find that config?
I only found these two:

/usr/share/hassio/addons/core/mosquitto/rootfs/usr/share/tempiomosquitto.gtpl
/usr/share/hassio/addons/core/zwave/rootfs/etc/mosquitto.conf

But adding allow_anonymous true to either of these does not change anything. I tried restarting the mosquito addon as well as restarting Home Assistant completely.

4

mosquitto.conf

it may currently exist in file and be commented out…OR you may need to add it as new entry

5

This is the content of /usr/share/hassio/addons/core/zwave/rootfs/etc/mosquitto.conf:

##
# defaults
listener 1883
user root

##
# logging
log_dest stdout

##
# datastore
persistence true
persistence_location /data/

##
# auth
allow_anonymous true
password_file /data/auth.db

# Dynamic config

As you can see, allow_anonymous is true, yet this makes no difference.

6

Try comment out password file

And restart the MQTT after

7

Like this?

##
# defaults
listener 1883
user root

##
# logging
log_dest stdout

##
# datastore
persistence true
persistence_location /data/

##
# auth
allow_anonymous true
#password_file /data/auth.db

# Dynamic config

This doesn’t work either.
I should also add that I just noticed something. Last night I left the file content like I shown in my previous comment. This morning I read your comment and when I opened the mosquitto config, I noticed that the file was “reset”. allow_anonymous was set to false, and I definitely left that on true last night.

Edit: I just found this https://community.home-assistant.io/t/mqtt-anonymous-connect/338208/2?u=br0kenpixel. Apparently it’s not possible to allow anonymous login.

Edit 2: I managed to do it like this:

  • I created the following file: /share/mosquitto/acl.conf (/share can be accessed through SMB)
  • Set the contents of /share/mosquitto/acl.conf to acl_file /share/mosquitto/accesscontrollist (Just this, nothing else)
  • I created the following file: /share/mosquitto/accesscontrollist
  • Set the contents of /share/mosquitto/accesscontrollist to topic readwrite # (Just this, nothing else)
  • Set active in the customize section to true (In the configuration tab)
  • Restarted the broker

Now, I can subscribe/publish without logging in:
mosquitto_sub -h 192.168.0.12 -t 'some/topic' -d:

Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending SUBSCRIBE (Mid: 1, Topic: some/topic, QoS: 0, Options: 0x00)
Client (null) received SUBACK
Subscribed (mid: 1): 0
Client (null) received PUBLISH (d0, q0, r0, m0, 'some/topic', ... (12 bytes))
Test message

Edit: Warning! This may cause the MQTT integration to stop receiving MQTT messages. In case if you experience such behavior, go to Configuration > Integrations > (MQTT Broker) Configure > Reconfigure MQTT. Here, if you have a username/password set, delete them (make sure to back it up into a text file or something just to be on the safe side. Save the configuration and the issue should be fixed.

1 Like
8

Hello, where can I found mosquitto.conf?

image
image763×576 68.5 KB

I don´t have any hassio folder.

I am using Home Assistant OS 7.6

image
image1313×442 36.4 KB

9

I’m in the same boat - and I found the “configuration” for Mosquitto is:

Settings > Add-Ons > Mosquitto Broker > Configuration tab > … three dots > Edit in YAML

My guess is that you add the lines -

logins: []
require_certificate: false
certfile: fullchain.pem
keyfile: privkey.pem
customize:
  active: false
  folder: mosquitto
  require_certificate: false
  anonymous: true

Although I just modified my connections to include username/password - which is best practice anyway.

10

did you manage to solve it like this? It doesn’t work for me, not even creating the two files in share/mosquitto/

11

anonymous login is disabled in the mosquitto add-on so you know:

I used the tip there emqx

2 Likes