Setting Up Authentication in Mosquitto MQTT Broker

Eclipse Mosquitto: An Open Source MQTT Broker

Eclipse Mosquitto is an open-source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 3.1 and 3.1.1. Mosquitto is lightweight and suitable for use on all devices, from low-power single-board computers to full servers.

The MQTT protocol provides a lightweight method of messaging using a publish/subscribe model, making it ideal for Internet of Things (IoT) messaging, such as low-power sensors, mobile devices, embedded computers, or microcontrollers.

The Mosquitto project also provides a C library for implementing MQTT clients and the widely used mosquitto_pub and mosquitto_sub command-line MQTT clients.

Mosquitto is one of the most popular MQTT brokers. It is easy to install and use. Below are the steps to set up and configure Mosquitto MQTT Broker with authentication.

Downloading and Installing Mosquitto

Mosquitto is highly portable and available for a wide range of platforms. To download the source or binaries for your platform, visit the Mosquitto download page.

Installation on Debian-based Systems

Run the following commands to install Mosquitto on a Debian-based system (Ubuntu/Raspberry Pi OS, etc.):

wget http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key
sudo apt-key add mosquitto-repo.gpg.key
cd /etc/apt/sources.list.d/
sudo wget http://repo.mosquitto.org/debian/mosquitto-bullseye.list
sudo apt-get update
sudo apt-get install mosquitto mosquitto-clients

If you have just installed the Mosquitto broker, ensure it is stopped before configuring authentication:

sudo systemctl stop mosquitto

Setting Up Authentication in Mosquitto MQTT Broker

By default, Mosquitto allows anonymous connections. To enhance security, set up username-password authentication as follows:

1. Create a Password File

A password file will contain your username and encrypted password. Run the following command to create a new password file and add a user:

sudo mosquitto_passwd -c /etc/mosquitto/passwd <user_name>

You will be asked to enter your password twice. Once done, the password file is created.

2. Configure Mosquitto to Use the Password File

Edit the Mosquitto configuration file to enable authentication:

sudo nano /etc/mosquitto/mosquitto.conf

Add the following lines to the mosquitto.conf file:

password_file /etc/mosquitto/passwd
allow_anonymous false

• password_file /etc/mosquitto/passwd: Specifies the file containing user credentials.
• allow_anonymous false: Prevents clients without a username and password from connecting to the broker.

3. Restart Mosquitto Broker

After saving the configuration file, restart the Mosquitto service:

sudo systemctl restart mosquitto

4. Verify Authentication

To verify the authentication, subscribe to a topic using a username and password:

mosquitto_sub -h localhost -p 1883 -t myTopic -u <user_name> -P <password>

If the authentication is set up correctly, you should be able to receive messages on the specified topic.

Conclusion

Eclipse Mosquitto is a powerful, lightweight, and open-source MQTT broker, widely used for IoT applications. Setting up authentication enhances security and prevents unauthorized access to your MQTT broker. By following the steps outlined above, you can easily install, configure, and secure your Mosquitto broker for reliable IoT communication.

For more advanced configurations, refer to the official Mosquitto documentation: Mosquitto Documentation.

You May Also Like- How To Create Secure MQTT Broker