By default redis server does not require password for connection but it allows configuration to accepts remote connections which is potential security risk. If your redis server accept connections from remote client then it is of utmost importance to have password based authentication configured for your redis instance. Below we will check the configuration changes required to set password and secure our redis setup from an unauthorized access.
Configure Password for Redis Server
To set password you would need to modify redis configuration file and restart the redis server with modified configuration like below.
- Move to the redis server installation directory.
cd /home/techmonger/redis/redis-4.0.11/
- Open redis configuration file
redis.conf
(Linux) orredis.windows.conf
(Windows). - Uncomment following line and set strong password by removing default one.
Default Configuration
Configuration after Setting Password#requirepass foobared
requirepass MyStr0ngP#d
- Start the redis instance with configuration file.
- Start Redis Server - Linux
cd /home/techmonger/redis/redis-4.0.11/src/ ./redis-server ../redis.conf
- Start Redis Server - Windows
cd C:\Users\techmonger\Documents\Programs redis-server.exe redis.windows.conf
- Start Redis Server - Linux
Connect to Redis DB with Password
Above we have set password now let us connect to database with redis client. Here we will assume that redis is running on the the host example.com
on the default port 6379
. Note that we have set password as MyStr0ngP#d
- Start redis client to initiate connection by moving inside redis installation directory.
cd /home/techmonger/redis/redis-4.0.11/src
- Initiate connection by providing hostname (-h flag), port number(-p flag) and password (-a flag).
redis-cli -h example.com -p 6379 -a MyStr0ngP#d 127.0.0.1:6379> PING PONG
Note that if you are trying to connect redis server that is running on same machine as that of client (via localhost) then hostname and default port number is not required.
redis-cli -a MyStr0ngP#d
127.0.0.1:6379> PING
PONG
Also If you try to connect with invalid credentials then you should get following error.
(error) NOAUTH Authentication required.
redis-cli -h example.com -p 6379 -a hunter2
127.0.0.1:6379> PING
(error) NOAUTH Authentication required.
127.0.0.1:6379>
Conclusion
With above configuration we have secured redis installation so that it could be connected remotely without compromising security. We have also seen how to use -h
, -p
and -a
flags to provide information about hostname, port and password respectively to initiate connection with redis database.