MQTT user (Mosquitto) question

AldoQ · February 9, 2022, 9:01pm

This is probably a really dumb question, but I am going to ask it anyway

I recently started on using MQTT and as such installed Mosquitto. In the installation instruction it says to create ‘a new user’:

Create a new user for MQTT via your Home Assistant’s frontend Configuration → Users (manage users) , (i.e. not on Mosquitto’s Configuration tab).

I can create a new user, but how does Mosquitto know what user this would be? Is it a specific name for the user? I couldn’t find anything in the rest of the settings where to tell Moqsuitto to use a user and it is working fine ‘without it’. I’m guessing it’s not the logins part of the config as the manual says:

Option: logins (optional)
A list of local users that will be created with username and password. You don’t need to do this because you can use Home Assistant users too, without any configuration. If a local user is specifically desired:

I’m just a bit confused.

francisp · February 10, 2022, 4:57am

Did you install mosquitto or the mosquitto add-on? These instructions only apply to the add-on.

AldoQ · February 10, 2022, 5:47pm

The add-on. Took the instructions from that installation and they confuse me if I should or should not create a user and if so how to connect it to mosquitto. Everything works fine, but not sure if it’s a security thing I should be mindfull off.

francisp · February 11, 2022, 4:24am

I don’t think it is a security hole.Simply the way the add-on is built.

AldoQ · February 11, 2022, 1:41pm

So no user is needed when it’s used as an addon? That’s the conformation I was looking for

maxym · February 11, 2022, 2:07pm

not sure HA needs a user to connect mqtt. But for sure you will have a user to connect other devices to mqtt.
In case of HA integration you have to use HA user management to do so (correct me if I’m wrong)

AldoQ · February 11, 2022, 4:22pm

I’m using the Zigbee2mqtt integration at the moment. Without setting up a user. Should there be a specific user for this?

francisp · February 12, 2022, 5:19am

Just create a regular user in HA, and use that in your Zigbee2mqtt configuration.

AldoQ · February 12, 2022, 4:13pm

Thanks! So if I understand correctly. Mosquitto I don’t need to do anything for, but under Zigbee2mqtt it would be good to create a new user?

Would that be here? (It already added a user itself under ‘User’ I noticed).

francisp · February 13, 2022, 5:24am

If that user exists in HA, everything is OK.

AldoQ · February 13, 2022, 10:21am

It doesn’t. But it does… work?

I noticed this in the logs of Zigbee2mqtt. It seems its fixing my lack of configuration. Do I set this somewhere in Zigbee2mqtt or in Mosquitto? (removed the name of the user it creates from bellow)

[09:14:08] INFO: MQTT available, fetching server detail ...
[09:14:08] INFO: MQTT server settings not configured, trying to auto-discovering ...
[09:14:09] INFO: Configuring 'mqtt://core-mosquitto:1883' mqtt server
[09:14:10] INFO: MQTT credentials not configured, trying to auto-discovering ...
[09:14:10] INFO: Configuring'---removed---' mqtt user
[09:14:10] INFO: Previous config file found, checking backup
[09:14:10] INFO: Creating backup config in '/config/zigbee2mqtt/.configuration.yaml.bk'
[09:14:10] INFO: Adjusting Zigbee2mqtt core yaml config with add-on quirks ...

MilesAheadToo · April 29, 2022, 1:19pm

I’m a bit confused too. I’m using the default configuration for the add-in, and I seem to be getting an error that I do not understand.

I’m using an M5Stamp Pico as teh ESP32 device.

Configuration:

Log file:

Suspecting that it might be that I had not defined an MQTT user, I went and created one:

And then modified the Mosquitto configuration to add the username and password.

The log appears to be fine after the restart, but I get the same error message.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] mosquitto.sh: executing... 
[13:52:39] INFO: Setting up user mosquitto
[13:52:39] INFO: Certificates found: SSL is available
[cont-init.d] mosquitto.sh: exited 0.
[cont-init.d] nginx.sh: executing... 
[cont-init.d] nginx.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[13:52:39] INFO: Starting NGINX for authentication handling...
[13:52:39] INFO: Starting mosquitto MQTT broker...
1651236759: mosquitto version 1.6.12 starting
1651236759: |-- *** auth-plug: startup
[13:52:39] INFO: Successfully send discovery information to Home Assistant.
[13:52:40] INFO: Successfully send service information to the Supervisor.
1651236759: Config loaded from /etc/mosquitto/mosquitto.conf.
1651236759: Loading plugin: /usr/share/mosquitto/auth-plug.so
1651236759:  ├── Username/password checking enabled.
1651236759:  ├── TLS-PSK checking enabled.
1651236759:  └── Extended authentication not enabled.
1651236759: Opening ipv4 listen socket on port 1883.
1651236759: Opening ipv6 listen socket on port 1883.
1651236759: Opening websockets listen socket on port 1884.
1651236759: Opening ipv4 listen socket on port 8883.
1651236759: Opening ipv6 listen socket on port 8883.
1651236759: Opening websockets listen socket on port 8884.
1651236759: Warning: Mosquitto should not be run as root/administrator.
1651236759: mosquitto version 1.6.12 running
1651236759: New connection from 127.0.0.1 on port 1883.
1651236759: Socket error on client <unknown>, disconnecting.
1651236762: New connection from 192.xxx.xxx.xxx on port 1883.
1651236762: Socket error on client <unknown>, disconnecting.

On the ESPresence website I get this log from the Firmware page after restarting the M5Stamp Pico device.

Connecting to WiFi SSID 'Miles-Home'.....................192.xxx.xxx.xxx
Firmware:     esp32
Version:      v2.1.1
IP address:   192.xxx.xxx.xxx
DNS address:  192.xxx.xxx.xxx
Hostname:     espresense-entrance
Room:         entrance
MQTT server:  192.xxx.xxx.xxx:1883
Max Distance: 16.00
PIR Sensor:   disabled
Radar Sensor: disabled
Query:        
Include:      
Exclude:      
Known Macs:   
Count Ids:    
1 New   | MAC: d2xxxxxxxx6c, ID: sonos:d2d2d3bf686c                                           
1 New   | MAC: 56xxxxxxxx91, ID: sd:0xfe9f                                                    
[E][main.cpp:291] onMqttDisconnect(): Disconnected from MQTT; reason 5

1 New   | MAC: 13xxxxxxxxc3, ID: md:0006:27                                                   
1 New   | MAC: 52xxxxxxxx2a, ID: exp:20                                                       4f2626fd04f3c35773588a7111350de3af5626e8
1 New   | MAC: 01xxxxxxxx40, ID: msft:cdp:0902                                                473cd7f3fdc99da75c3d7ebaa1f5e70a0d4f9aab
1 New   | MAC: 4cxxxxxxxx4f, ID: 4cxxxxxxxx4f                                                 
1 Close | MAC: 7cxxxxxxxxbb, ID: 7cxxxxxxxxbb                                                 (0.00m) -39dBm
1 New   | MAC: 7cxxxxxxxxbb, ID: 7cxxxxxxxxxbb                                                 
1 New   | MAC: 73xxxxxxxx6f, ID: sd:0xfe9f                                                    
1 New   | MAC: 6axxxxxxxx59, ID: sd:0xfe9f                                                    
1 Close | MAC: 01xxxxxxxx40, ID: msft:cdp:0902                                                (0.15m) -39dBm
1 New   | MAC: e4xxxxxxxx0e, ID: tile:e4xxxxxxxx0e                                            
1 Close | MAC: e3e1323cc0ab, ID: tile:e3xxxxxxxxab                                            (0.00m) -37dBm
1 New   | MAC: e3e1323cc0ab, ID: tile:e3xxxxxxxxab                                            
1 New   | MAC: 7cxxxxxxxx11, ID: 7cxxxxxxxx11                                                 
0 Reconnect timer
0 Reconnecting to MQTT...
[E][main.cpp:291] onMqttDisconnect(): Disconnected from MQTT; reason 5

0 Reconnect timer
0 Reconnecting to MQTT...

I can see that there is an error in main.cpp:291 with a reason code 5.

Is this a bug or an error on my side?