1
00:00:01,170 --> 00:00:08,550
In this lecture, I'm going to talk about how to customize the configuration of your mosquito burka,

2
00:00:08,850 --> 00:00:15,810
and in particular, I'll show you how to include your username and password authentication to add a

3
00:00:15,810 --> 00:00:17,700
level of security to your.

4
00:00:17,730 --> 00:00:25,150
And could it BROCA To know what is possible to do in terms of configuration with your mosquito breuker.

5
00:00:25,380 --> 00:00:31,710
Have a look at the mosquito, the CANF men page, which of course is available under mosquito authority

6
00:00:31,920 --> 00:00:33,940
for men for manual labor.

7
00:00:34,140 --> 00:00:40,650
So here you'll find all the possible configuration directives, including those for authentication that

8
00:00:40,650 --> 00:00:42,820
we can use in this lecture.

9
00:00:43,470 --> 00:00:46,260
There's lots of general options.

10
00:00:46,260 --> 00:00:51,960
You can customize your broker so that encryption is also used.

11
00:00:52,500 --> 00:01:00,600
And basically what I suggest that you do here is to take a little bit of time to become familiar with

12
00:01:00,690 --> 00:01:07,300
the possibilities that are available to you here in the context of this project.

13
00:01:07,320 --> 00:01:16,020
I will only be adding to the authentication layer for a little bit of additional protection to our application,

14
00:01:16,260 --> 00:01:21,420
but I'm not going to be spending any time doing any other types of customization.

15
00:01:21,930 --> 00:01:26,490
So out of all these configuration directives will be using a couple.

16
00:01:26,490 --> 00:01:36,630
For example, there is the password file directive, which is right here.

17
00:01:36,840 --> 00:01:38,460
This is one of the available directives.

18
00:01:38,460 --> 00:01:45,660
So when it comes to setting up your broker to require clients to authenticate with it, you need to

19
00:01:45,660 --> 00:01:52,620
have either a password file that contains an encrypted password or you can also set this up via the

20
00:01:52,620 --> 00:01:53,640
command line.

21
00:01:53,670 --> 00:02:01,920
I'm going to go with the file option because that allows me to add multiple usernames at the same time

22
00:02:01,920 --> 00:02:03,970
and encrypt their passwords as well.

23
00:02:04,650 --> 00:02:06,390
So let's go ahead and do that.

24
00:02:06,750 --> 00:02:08,910
I'm going to use the top.

25
00:02:10,650 --> 00:02:21,990
Panel in my terminal and navigate to ATC first mosquito, which is where the mosquito configuration

26
00:02:21,990 --> 00:02:27,790
file is, you've got actually two locations where you can set your configuration.

27
00:02:27,810 --> 00:02:30,780
The first one is right here in the root of the mosquito folder.

28
00:02:31,200 --> 00:02:35,330
But preferably you want to leave this one alone.

29
00:02:35,330 --> 00:02:40,070
And this is the stock standard that comes with a fresh mosquito installation.

30
00:02:40,080 --> 00:02:43,170
And then there is the DOT, the directory.

31
00:02:43,560 --> 00:02:46,470
And in that you'll find.

32
00:02:49,200 --> 00:02:54,750
Another configuration file can actually add yours if in your case is probably going to be empty.

33
00:02:55,410 --> 00:03:04,100
So the D directorate will be empty, but any file that you add inside this directory with the DOD conf

34
00:03:04,140 --> 00:03:09,570
extension will be loaded and passed by the broker when it starts.

35
00:03:09,840 --> 00:03:15,260
So I just called mine must not confirm if this violence is that does not exist for you.

36
00:03:15,270 --> 00:03:20,830
Just create it or create any file with the dot com extension.

37
00:03:21,510 --> 00:03:23,130
So this is where configuration happens.

38
00:03:23,220 --> 00:03:32,170
So let's go ahead and set up our must get a Broca to require the client to authenticate.

39
00:03:32,430 --> 00:03:38,240
To do that, I'm going to go into the must get a dot config file and do a little bit of editing.

40
00:03:38,850 --> 00:03:44,250
So I'm going to use the Nonno utility for this because I have not installs to them, which is my preference,

41
00:03:44,250 --> 00:03:53,100
but I'm not doing much text editing work on my note Red Raspberry Pi, so I just stick with none of

42
00:03:53,100 --> 00:03:53,400
this.

43
00:03:54,450 --> 00:03:55,560
So then open up.

44
00:03:55,590 --> 00:03:56,220
No, no.

45
00:03:57,470 --> 00:04:05,720
And need to be suited for this elevator privileges, because most of the confi belongs to Rita, as

46
00:04:05,720 --> 00:04:07,970
you can see here, right?

47
00:04:07,970 --> 00:04:10,120
So sedar no must go to the conf.

48
00:04:10,130 --> 00:04:19,760
And then inside here, what I'll do is first set the port for my broker and I'm not using encryption.

49
00:04:19,760 --> 00:04:25,580
So the standard port for an encrypted communications with a muscular broker is one eight three.

50
00:04:25,940 --> 00:04:28,870
And then I'm going to set the password file.

51
00:04:28,880 --> 00:04:32,920
This is a pointer or add a full path to the password file.

52
00:04:33,590 --> 00:04:41,330
So the directive is password and the scroll file, as you can see here in the documentation, and that

53
00:04:41,330 --> 00:04:42,830
is followed by the path.

54
00:04:43,520 --> 00:04:52,340
So to prevent me from making typing mistakes, I'm just going to copy the path like this so that ATC

55
00:04:52,340 --> 00:04:53,870
mosquito passwords.

56
00:04:53,870 --> 00:05:01,010
The text in another directive that I'm going to use is the directive that instructs the broker to only

57
00:05:01,010 --> 00:05:09,300
accept connections from authenticated clients so it will not allow anonymous clients to connect.

58
00:05:09,590 --> 00:05:12,320
So there is a directive for this code.

59
00:05:12,740 --> 00:05:15,890
Allow Anonymous.

60
00:05:17,920 --> 00:05:26,320
And it's this one here, and it can accept either true or false configuration for this one, so I'm

61
00:05:26,320 --> 00:05:33,640
going to copy it across and make it false so that anonymous clients cannot connect.

62
00:05:33,640 --> 00:05:35,200
They have to be authenticated.

63
00:05:36,220 --> 00:05:37,570
So now I've got my construction.

64
00:05:37,570 --> 00:05:44,530
I'm going to save it in a moment, but I still need to create and then encrypt the passwords dot text

65
00:05:44,530 --> 00:05:45,060
file.

66
00:05:45,730 --> 00:05:48,880
So let's go ahead and exit.

67
00:05:49,810 --> 00:05:59,740
I say yes to right the changes to the file and then move one level back where I will create a new file

68
00:06:00,670 --> 00:06:03,220
and it'll be owned by Route's.

69
00:06:03,230 --> 00:06:08,680
I'm going to go sudo no no passwords don't texte.

70
00:06:10,660 --> 00:06:17,480
And in this file I'm going to type in the usernames and passwords for my clients.

71
00:06:17,500 --> 00:06:18,610
As many as you want.

72
00:06:18,640 --> 00:06:19,620
There's no limit here.

73
00:06:19,940 --> 00:06:22,990
I'm going to copy something that I prepared earlier.

74
00:06:23,650 --> 00:06:30,340
So here you've got the username and you've got two dots and then the password in clear text.

75
00:06:30,700 --> 00:06:32,830
We are about to encrypt this key.

76
00:06:32,830 --> 00:06:35,590
A text, of course, that is not in the clear anymore.

77
00:06:35,860 --> 00:06:37,530
But this is where you start from.

78
00:06:37,590 --> 00:06:42,160
So have as many usernames with matching passwords as you want.

79
00:06:42,440 --> 00:06:45,340
And then when you're finished, save the file.

80
00:06:45,730 --> 00:06:51,790
Before you say that, make sure that you do have a backup because you won't be able to decrypt the passwords

81
00:06:52,150 --> 00:06:53,940
once you set them.

82
00:06:54,430 --> 00:07:00,460
You will not be able to go back to the passwords file to look at the passwords themselves because there

83
00:07:00,460 --> 00:07:01,300
will be encrypted.

84
00:07:01,720 --> 00:07:04,810
So make sure that you've got a copy and I've got my copy here as well.

85
00:07:05,680 --> 00:07:14,090
So control X and yes, to exit Nonoo and save the changes to the file.

86
00:07:14,560 --> 00:07:18,580
The next thing we need to do is to encrypt the new password file.

87
00:07:18,580 --> 00:07:24,750
And the broker comes with a utility called Mosquito and Password for this job.

88
00:07:25,150 --> 00:07:26,090
So let's run it.

89
00:07:26,120 --> 00:07:31,330
So let's go for mosquito underscored password P..

90
00:07:35,880 --> 00:07:44,220
Password and with the uSwitch will pass the password, then the name of the file that contains the passwords,

91
00:07:44,220 --> 00:07:46,150
which is this enter.

92
00:07:46,910 --> 00:07:47,490
Oh, OK.

93
00:07:47,520 --> 00:07:51,320
Of course I need to be suited for this job because of passwords.

94
00:07:51,330 --> 00:07:54,270
The text file is owned by route.

95
00:07:55,380 --> 00:07:56,480
All right, then.

96
00:07:56,610 --> 00:07:58,010
Let's have a look at what we have.

97
00:07:58,020 --> 00:08:02,520
So the password static's to file is no encrypted.

98
00:08:02,610 --> 00:08:03,810
Let's have a quick look at it.

99
00:08:05,920 --> 00:08:11,920
Using the cap command, all right, and then there's the user name and there is my encrypted password

100
00:08:11,920 --> 00:08:20,200
for that user, my other user name and the encrypted password and so on to make the changes in the configuration

101
00:08:20,200 --> 00:08:23,320
file effective as a couple of ways to do that.

102
00:08:24,220 --> 00:08:27,360
I found that the service command works.

103
00:08:27,370 --> 00:08:30,040
So you'll just say pseudo.

104
00:08:32,620 --> 00:08:37,030
Service Moscato restored.

105
00:08:38,640 --> 00:08:39,450
And that's it.

106
00:08:40,680 --> 00:08:48,120
So now we've got mosquito configured so that clients need to be authenticated before they can subscribe

107
00:08:48,420 --> 00:08:51,320
or publish anything to the broke up.

108
00:08:51,960 --> 00:08:53,400
Let's go to the next picture now.

109
00:08:53,410 --> 00:08:57,710
We'll show you how to create clients to the broker that authenticate themselves.