MQTT user (Mosquitto) question

This is probably a really dumb question, but I am going to ask it anyway :slight_smile:

I recently started on using MQTT and as such installed Mosquitto. In the installation instruction it says to create ‘a new user’:

Create a new user for MQTT via your Home Assistant’s frontend ConfigurationUsers (manage users) , (i.e. not on Mosquitto’s Configuration tab).

I can create a new user, but how does Mosquitto know what user this would be? Is it a specific name for the user? I couldn’t find anything in the rest of the settings where to tell Moqsuitto to use a user and it is working fine ‘without it’. I’m guessing it’s not the logins part of the config as the manual says:

Option: logins (optional)
A list of local users that will be created with username and password. You don’t need to do this because you can use Home Assistant users too, without any configuration. If a local user is specifically desired:

I’m just a bit confused.

Did you install mosquitto or the mosquitto add-on? These instructions only apply to the add-on.

The add-on. Took the instructions from that installation and they confuse me if I should or should not create a user and if so how to connect it to mosquitto. Everything works fine, but not sure if it’s a security thing I should be mindfull off.

I don’t think it is a security hole.Simply the way the add-on is built.

1 Like

So no user is needed when it’s used as an addon? That’s the conformation I was looking for :slight_smile:

not sure HA needs a user to connect mqtt. But for sure you will have a user to connect other devices to mqtt.
In case of HA integration you have to use HA user management to do so (correct me if I’m wrong)

I’m using the Zigbee2mqtt integration at the moment. Without setting up a user. Should there be a specific user for this?

Just create a regular user in HA, and use that in your Zigbee2mqtt configuration.

1 Like

Thanks! So if I understand correctly. Mosquitto I don’t need to do anything for, but under Zigbee2mqtt it would be good to create a new user?

Would that be here? (It already added a user itself under ‘User’ I noticed).

If that user exists in HA, everything is OK.

1 Like

It doesn’t. But it does… work?

I noticed this in the logs of Zigbee2mqtt. It seems its fixing my lack of configuration. Do I set this somewhere in Zigbee2mqtt or in Mosquitto? (removed the name of the user it creates from bellow)

[09:14:08] INFO: MQTT available, fetching server detail ...
[09:14:08] INFO: MQTT server settings not configured, trying to auto-discovering ...
[09:14:09] INFO: Configuring 'mqtt://core-mosquitto:1883' mqtt server
[09:14:10] INFO: MQTT credentials not configured, trying to auto-discovering ...
[09:14:10] INFO: Configuring'---removed---' mqtt user
[09:14:10] INFO: Previous config file found, checking backup
[09:14:10] INFO: Creating backup config in '/config/zigbee2mqtt/.configuration.yaml.bk'
[09:14:10] INFO: Adjusting Zigbee2mqtt core yaml config with add-on quirks ...

I’m a bit confused too. I’m using the default configuration for the add-in, and I seem to be getting an error that I do not understand.

I’m using an M5Stamp Pico as teh ESP32 device.

Configuration:
image

Log file:

Suspecting that it might be that I had not defined an MQTT user, I went and created one:

And then modified the Mosquitto configuration to add the username and password.

The log appears to be fine after the restart, but I get the same error message.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] mosquitto.sh: executing... 
[13:52:39] INFO: Setting up user mosquitto
[13:52:39] INFO: Certificates found: SSL is available
[cont-init.d] mosquitto.sh: exited 0.
[cont-init.d] nginx.sh: executing... 
[cont-init.d] nginx.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[13:52:39] INFO: Starting NGINX for authentication handling...
[13:52:39] INFO: Starting mosquitto MQTT broker...
1651236759: mosquitto version 1.6.12 starting
1651236759: |-- *** auth-plug: startup
[13:52:39] INFO: Successfully send discovery information to Home Assistant.
[13:52:40] INFO: Successfully send service information to the Supervisor.
1651236759: Config loaded from /etc/mosquitto/mosquitto.conf.
1651236759: Loading plugin: /usr/share/mosquitto/auth-plug.so
1651236759:  ├── Username/password checking enabled.
1651236759:  ├── TLS-PSK checking enabled.
1651236759:  └── Extended authentication not enabled.
1651236759: Opening ipv4 listen socket on port 1883.
1651236759: Opening ipv6 listen socket on port 1883.
1651236759: Opening websockets listen socket on port 1884.
1651236759: Opening ipv4 listen socket on port 8883.
1651236759: Opening ipv6 listen socket on port 8883.
1651236759: Opening websockets listen socket on port 8884.
1651236759: Warning: Mosquitto should not be run as root/administrator.
1651236759: mosquitto version 1.6.12 running
1651236759: New connection from 127.0.0.1 on port 1883.
1651236759: Socket error on client <unknown>, disconnecting.
1651236762: New connection from 192.xxx.xxx.xxx on port 1883.
1651236762: Socket error on client <unknown>, disconnecting.

On the ESPresence website I get this log from the Firmware page after restarting the M5Stamp Pico device.

Connecting to WiFi SSID 'Miles-Home'.....................192.xxx.xxx.xxx
Firmware:     esp32
Version:      v2.1.1
IP address:   192.xxx.xxx.xxx
DNS address:  192.xxx.xxx.xxx
Hostname:     espresense-entrance
Room:         entrance
MQTT server:  192.xxx.xxx.xxx:1883
Max Distance: 16.00
PIR Sensor:   disabled
Radar Sensor: disabled
Query:        
Include:      
Exclude:      
Known Macs:   
Count Ids:    
1 New   | MAC: d2xxxxxxxx6c, ID: sonos:d2d2d3bf686c                                           
1 New   | MAC: 56xxxxxxxx91, ID: sd:0xfe9f                                                    
[E][main.cpp:291] onMqttDisconnect(): Disconnected from MQTT; reason 5

1 New   | MAC: 13xxxxxxxxc3, ID: md:0006:27                                                   
1 New   | MAC: 52xxxxxxxx2a, ID: exp:20                                                       4f2626fd04f3c35773588a7111350de3af5626e8
1 New   | MAC: 01xxxxxxxx40, ID: msft:cdp:0902                                                473cd7f3fdc99da75c3d7ebaa1f5e70a0d4f9aab
1 New   | MAC: 4cxxxxxxxx4f, ID: 4cxxxxxxxx4f                                                 
1 Close | MAC: 7cxxxxxxxxbb, ID: 7cxxxxxxxxbb                                                 (0.00m) -39dBm
1 New   | MAC: 7cxxxxxxxxbb, ID: 7cxxxxxxxxxbb                                                 
1 New   | MAC: 73xxxxxxxx6f, ID: sd:0xfe9f                                                    
1 New   | MAC: 6axxxxxxxx59, ID: sd:0xfe9f                                                    
1 Close | MAC: 01xxxxxxxx40, ID: msft:cdp:0902                                                (0.15m) -39dBm
1 New   | MAC: e4xxxxxxxx0e, ID: tile:e4xxxxxxxx0e                                            
1 Close | MAC: e3e1323cc0ab, ID: tile:e3xxxxxxxxab                                            (0.00m) -37dBm
1 New   | MAC: e3e1323cc0ab, ID: tile:e3xxxxxxxxab                                            
1 New   | MAC: 7cxxxxxxxx11, ID: 7cxxxxxxxx11                                                 
0 Reconnect timer
0 Reconnecting to MQTT...
[E][main.cpp:291] onMqttDisconnect(): Disconnected from MQTT; reason 5

0 Reconnect timer
0 Reconnecting to MQTT...

I can see that there is an error in main.cpp:291 with a reason code 5.

Is this a bug or an error on my side?