Security
我可以更改 Redis 集群中正在執行的 Redis 實例的 MASTERAUTH 值嗎?
根據http://redis.io/topics/security,我可以在 Redis 配置文件中設置一個
requirepass
值,例如, 。requirepass foobared
但是,我不希望在我的配置文件中使用它。
基本上,我想將此密碼保留在
.conf
文件之外,並使用redis-cli
.################################## SECURITY ################################### # Require clients to issue AUTH <PASSWORD> before processing any other # commands. This might be useful in environments in which you do not trust # others with access to the host running redis-server. # # This should stay commented out for backward compatibility and because most # people do not need auth (e.g. they run their own servers). # # Warning: since Redis is pretty fast an outside user can try up to # 150k passwords per second against a good box. This means that you should # use a very strong password otherwise it will be very easy to break. # # 2015.12.14 nbasanes: Although I prefer enabling this, I'm not # sure it buys us much, since a clear password in a config # file is bad for security: # requirepass foobared # 2015.12.14 nbasanes: This could be interesting, although # I don't put much weight in security-by-obscurity: # Command renaming. # # It is possible to change the name of dangerous commands in a shared # environment. For instance the CONFIG command may be renamed into something # hard to guess so that it will still be available for internal-use tools # but not available for general clients. # # Example: # # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 # # It is also possible to completely kill a command by renaming it into # an empty string: # # rename-command CONFIG "" # # Please note that changing the name of commands that are logged into the # AOF file or transmitted to slaves may cause problems.
是的,您確實可以
requirepass
在實時 Redis 實例上設置該值。此範例顯示我在 Redis 從站上設置它:
[nbasanes@SLAVEONE ~]$ redis-cli -h $(facter ipaddress) 101.222.222.222:6379> CONFIG SET REQUIREPASS FOOBARED OK 101.222.222.222:6379> CONFIG SET REQUIREPA FOOBARED (error) NOAUTH Authentication required. 101.222.222.222:6379> AUTH FOOBARED OK 101.222.222.222:6379> CONFIG SET REQUIREPA FOOBARED (error) ERR Unsupported CONFIG parameter: REQUIREPA 10.252.226.179:6379> ROLE 1) "slave" 2) "101.102.94.22" 3) (integer) 6379 4) "connected" 5) (integer) 702567 101.222.222.222:6379>
是的,可以在執行時更改身份驗證。(請參閱 Nathan Basanese 的回答)。
此外,請確保觸發 config rewrite 命令以保持身份驗證。如果 Redis 實例重新啟動,它可能會失去
CONFIG REWRITE
您可以通過對您的 Redis 實例執行 CONFIG GET * 來獲取可以在執行時更改的所有參數的列表
127.0.0.1:6379> CONFIG GET * 1) "dbfilename" 2) "dump.rdb" 3) "requirepass" 4) "" 5) "masterauth" 6) "" 7) "unixsocket" 8) ""