Mosquitto on Raspberry Pi 2

mqttWell, that took some doing.  I now have Mosquitto running on the Raspberry Pi 2. 

This is the link I followed for the install..

I simply installed the respository then Mosquitto itself, nothing more.

This installation put a non-personalised config file at /etc/mosquitto – so in there was pointed to the directory /etc/mosquitto/conf.d  - so I put my mosquitto.conf in there which was basically 2 lines…

allow_anonymous false
password_file /etc/mosquitto/conf.d/passwords.txt

I’ve not yet put SSL in there but I certainly wasn’t going to start up the broker with NO security.  I added a simple text file passwords.txt as above with a one-liner admin (colon) password where the password is encrypted using the Mosquitto password program for the PC (thankfully I already had a passwords file).

And that’s it really, stop the broker and restart it to make sure it takes notice of the config file..

sudo /etc/init.d/mosquitto stop

sudo /etc/init.d/mosquitto start

And talk to it via something like MQTT SPY – subscribe to any old topic (“testing”, in my case) and try publishing to that topic. I’ve tested powering down and back up and all is well.

Easiest thing I’ve done all day.. oh, NO it wasn’t – I could not write to the etc/mosquitto/conf.d directory  - the usual Linux security issues….  I did this.. most likely giving FAR too much access (if anyone wants to tell me what it SHOULD be, please do but don’t let’s get complicated)…

sudo chmod 777 ./conf.d


and from there on I could use my FTP described earlier and Notepad++ to create and edit the necessary files.


6 thoughts on “Mosquitto on Raspberry Pi 2

  1. Giving 777 permissions is bad,it allows everyone connected to the system to create and execute files.

    Personally i would have simply edited the file as root (sudo vi /etc/mosquitto/conf.d/mosquitto.conf) (or whichever editor you want to use).

    1. Agree 777 is bad, especially if you have your password file stored there. You shouldn't need to modify the permissions of that folder it should be set so that the mosquitto (root) demon can read and write thats about it.

      As Tomer suggested try using sudo to run a text editor like vi to edit the file with elevated permissions, although if you are starting out I would recommend nano as it is much easier to learn/use than VI. If you want to keep your current method of using WinSCP and a windows text editor then create a new user and add them to the root user group (note: this really isn't recommended, but it is better than setting all files to RWX for all users).

      1. Why not use the user root when connecting with WinSCP. 😉

        In Raspbian user root is not active by default. But you can activate it by running command "sudo passwd root" without the quotes and type a root password twice.

        1. From a security perspective it isn't best practice if you plan to have SSH enables to the internet as you are exposing your self to brute force attacks.

          On that note, Pete if you are planning on making ssh available from the internet I would highly recommend you install fail2ban it is in the apt-get repository and will automatically ban IP addresses after 3 failed SSH logins.

          1. Pete,

            I second what Ben is saying here. I had a similar setup for a while with my RPi being web accessible via ssh. So one day just out of curiosity I checked the /var/log/auth.log; to my surprise I found out that some douche-bag had been very busy trying to brute-force in to my home network. I suggest disabling root's remote ssh access; and configure a key-based ssh authentication instead of a password based one while you are at it.

            Happy hacking.

Comments are closed.