What is the default user and password for elasticsearch?

I have installed Elastic with Docker:

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           docker.elastic.co/elasticsearch/elasticsearch:5.6.2

But curl localhost:9200 fails with authentication error:

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "missing authentication token for REST request [/]",
        "header": {
          "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type": "security_exception",
    "reason": "missing authentication token for REST request [/]",
    "header": {
      "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status": 401
}

What is the default username/password combo for Elasticsearch?

Defaults are:

user: elastic
password: changeme

So:

$ curl -u elastic:changeme localhost:9200
{
  "name" : "5aEHJ-Y",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "3FmaYN7rS56oBTqWOyxmKA",
  "version" : {
    "number" : "5.6.2",
    "build_hash" : "57e20f3",
    "build_date" : "2017-09-23T13:16:45.703Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.1"
  },
  "tagline" : "You Know, for Search"
}

Read more about changing the defaults.

Setting up username and password for Elastic Search: (ES version:7.5.2) (Ubuntu 18.04)

Step 1: First enable xpackmonitoring in elasticsearch.yml file

root@flax:/etc/elasticsearch# vim elasticsearch.yml

Add the following line to the end of file:
	xpack.security.enabled: true

File Contents:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 127.0.0.1
http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true

Step 2: Go to /usr/share/elasticsearch folder:

root@flax:/usr/share/elasticsearch# systemctl start elasticsearch

root@flax:/usr/share/elasticsearch# ./bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Passwords do not match.
Try again.
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch.service

Please be careful about the version of ElasticSearch. In 7.2 parameter ELASTIC_PASSWORD works.

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           -e "ELASTIC_PASSWORD=my_own_password" \

But also this line should be added in elasticsearch.yml:

xpack.security.enabled: true

By default, it is not there.

If you enabled basic x-pack security using xpack.security.enabled: true in your elasticsearch version 7.7(at the time of writing this answer), it will not have a default password(changeme) as it used to be in the old version of x-pack.

As mentioned in the getting started with security official doc

> X-Pack security provides a built-in elastic superuser you can use to > start setting things up. This elastic user has full access to the > cluster, including all indices and data, so the elastic user does > not have a password set by default.

So you need to change the password of elastic, if you want to do it after the installation then follow setting password for built-in users in interactive mode guide

which requires you to run below command from elasticsearch bin folder.

bin/elasticsearch-setup-passwords interactive

To Set up username and password

ssh to the system, stop elasticsearch and kibana service, then run the following command

sudo nano /etc/elasticsearch/elasticsearch.yml

update this file, enable security by adding the following line

xpack.security.enabled: true 

Change the password

Execute the following step to change the password

step 1:

 cd /usr/share/elasticsearch/

step 2:

sudo bin/elasticsearch-setup-passwords auto

> auto - Uses randomly generated passwords interactive - Uses passwords > entered by a user

or

sudo bin/elasticsearch-setup-passwords interactive

> you can run the command in an "interactive" mode, which prompts you to > enter new passwords for the elastic, kibana_system, logstash_system, > beats_system, apm_system, and remote_monitoring_user users: >

The above commands can help you to setup a password

Start Elasticsearch

1. Start the Elasticsearch service by running a systemctl command:

   sudo systemctl start elasticsearch.service

It may take some time for the system to start the service. There will be no output if successful.

2. Enable Elasticsearch to start on boot:

   sudo systemctl enable elasticsearch.service

Start and Enable Kibana

1. Start the Kibana service:

   sudo systemctl start kibana

There is no output if the service starts successfully.

2. Next, configure Kibana to launch at boot:

   sudo systemctl enable kibana

In Elasticsearch version 6.x - you can specify initial password for elastic user using ELASTIC_PASSWORD env variable.

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           -e "ELASTIC_PASSWORD=my_own_password" \
           docker.elastic.co/elasticsearch/elasticsearch:6.5.4

Source: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/configuring-tls-docker.html