- Shield Reference for 2.x and 1.x:
- Introduction
- Getting Started with Shield
- Installing Shield
- How Shield Works
- User Authentication
- How Authentication Works
- Enabling Anonymous Access [1.1.0] Added in 1.1.0.
- Native User Authentication
- LDAP User Authentication
- Active Directory User Authentication
- PKI User Authentication [1.3.0] Added in 1.3.0.
- File-based User Authentication
- Integrating with Other Authentication Systems
- Controlling the User Cache
- Role-based Access Control
- Auditing Security Events
- Securing Communications with Encryption and IP Filtering
- Configuring Clients and Integrations
- Managing Your License
- Example Shield Deployments
- Reference
- Limitations
- Troubleshooting
- Setting Up a Certificate Authority
- Release Notes
From version 5.0 onward, Shield is part of X-Pack. For more information, see
Securing the Elastic Stack.
Enable Message Authentication
editEnable Message Authentication
editMessage authentication verifies that a message has not been tampered with or corrupted in transit during node-to-node communication.
To enable message authentication:
-
Run the
syskeygentool fromES_HOMEwithout any options:bin/shield/syskeygen
This creates a system key file in
CONFIG_DIR/shield/system_key. - Copy the genererated system key to the rest of the nodes in the cluster.
The system key is a symmetric key, so the same key must be on every node in the cluster.
Now that you’ve enabled message authentication, you might also want to Enable Auditing to keep track of attempted and successful interactions with your Elasticsearch cluster.
Was this helpful?
Thank you for your feedback.