MQTT authority

MQTT兩套預設的驗證方法

passwd setting

step1 mosquitto.conf設定

mosquitto.conf

allow_anonymous false                      #不允許匿名傳輸
password_file /etc/mosquitto/passwd        #配置用戶(username)密碼
acl_file /etc/mosquitto/acl                #設置用戶與主題(topic)關係

step2 設置密碼(passwd)文件

//-c 新增文件 路徑 用戶名稱

mosquitto_passwd -c /etc/mosquitto/passwd pub_client 
mosquitto_passwd /etc/mosquitto/passwd sub_client 

step3 acl檔案設定

//This only affects clients with username "pub_client".

user pub_client  
topic write mtopic/#  

//This only affects clients with username "sub_client".

user sub_client  
topic read mtopic/#  

[測試]

[root@sparkVM mosquitto]# mosquitto_pub -t mtopic -m "test"                       
1416301592: New connection from ::1 on port 1883.  
Connection Refused: not authorised.  

[root@sparkVM mosquitto]# mosquitto_pub -t mtopic -u pub_client -P test -m "test"  
1416301643: New connection from ::1 on port 1883.  
1416301643: New client connected from ::1 as mosqpub/4113-sparkVM (c1, k60, upub_client).  

[root@pandaVM html]# mosquitto_sub -h 192.168.197.128 -t mtopic  
Connection Refused: not authorised.  

[root@pandaVM html]# mosquitto_sub -h 192.168.197.128 -t mtopic -u sub_client -P sub_client  
test  

[ref]http://www.jazywoo.com/2015/03/17/mosquitto-userpasswd%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6acl.html

pre-shared-key setting

step1 mosquitto.conf設定

allow_anonymous false           # 不允許匿名傳輸
require_certificate true        # 取消 MQTT username for access
use_identity_as_username true    # 開啟 pre-shared-key based encryption
sk_file /mosquitto/psk            # 設置 psk_file
psk_hint hint(string)            # 可選選項，psk的提示

step2 psk檔案設定

//identity:key
//identity為任意文字；key為16進位的數字

id:deadbeef
easy:12345

[測試]

mosquitto_pub -t mtopic --psk deadbeef --psk-identity id -m "test"