mosquitto_passwd — manage password files for mosquitto
hash ] [
mosquitto_passwd is a tool for managing password files for the mosquitto MQTT broker.
Usernames must not contain ":". Passwords are stored in a similar format to crypt.
Run in batch mode. This allows the password to be provided at the command line which can be convenient but should be used with care because the password will be visible on the command line and in command history.
Create a new password file. If the file already exists, it will be overwritten.
Delete the specified user from the password file.
Choose the hash to use. Can be one of
sha512. Defaults to
sha512 option is provided for creating password files for use with Mosquitto 1.6 and earlier.
This option can be used to upgrade/convert a password file with plain text passwords into one using hashed passwords. It will modify the specified file. It does not detect whether passwords are already hashed, so using it on a password file that already contains hashed passwords will generate new hashes based on the old hashes and render the password file unusable.
The password file to modify.
The username to add/update/delete.
The password to use when in batch mode.
mosquitto_sub returns zero on success, or non-zero on error. If the connection is refused by the broker at the MQTT level, then the exit code is the CONNACK reason code. If another error occurs, the exit code is a libmosquitto return value.
MQTT v3.1.1 CONNACK codes:
1Connection refused: Bad protocol version
2Connection refused: Identifier rejected
3Connection refused: Server unavailable
4Connection refused: Bad username/password
5Connection refused: Not authorized
MQTT v5 CONNACK codes:
131Implementation specific error
132Unsupported protocol version
133Client ID not valid
134Bad username or password
139Server shutting down
140Bad authentication method
141Keep alive timeout
142Session taken over
143Topic filter invalid
144Topic name invalid
147Receive maximum exceeded
148Topic alias invalid
149Packet too large
148Message rate too high
153Payload format invalid
154Retain not supported
155QoS not supported
156Use another server
158Shared subscriptions not supported
159Connection rate exceeded
160Maximum connect time
161Subscription IDs not supported
162Wildcard subscriptions not supported
Add a user to a new password file:
Delete a user from a password file