Describe the issue

If I try to connect with bitcoin-cli or any other client I get 401. I use normal username/password and always get 401 (localhost and remote). Authentication over basic auth cookie via bitcoin-cli works.

debug.log Msg: 2017-02-01 06:59:45 ThreadRPCServer incorrect password attempt from 127.0.0.1:41472 bitcoin-cli Msg: error: incorrect rpcuser or rpcpassword (authorization failed)

Can you reliably reproduce the issue?

If so, please list the steps to reproduce below:

1. Configure bitcoind (with my config) and start bitcoind

2. bitcoin-cli -rpcuser=REPLACED -rpcpassword=REPLACED -rpcconnect=127.0.0.1 -rpcport=8332 -datadir=/data/btc getinfo

Expected behaviour

Successful authentication

Actual behaviour

HTTP Code 401

What version of bitcoin-core are you using?

List the version number/commit ID, and if it is an official binary, self compiled or a distribution package such as PPA.

1. Bitcoin Core Daemon version v0.13.2 Arch Linux distribution package
2. Bitcoin Core Daemon version v0.13.99.0-e99f0d7ad self compiled

  with wallet   = yes
  with gui / qt = yes
    qt version  = 5
    with qr     = yes
  with zmq      = yes
  with test     = yes
  with bench    = yes
  with upnp     = yes
  debug enabled = no

Machine specs:

• OS: Arch Linux x64
• CPU: Xeon 4 cores 2 threads
• RAM: 16G
• Disk size: 16T RAID5
• Disk Type (HD/SDD): HD

Any extra information that might be useful in the debugging process.

This is normally the contents of a debug.log or config.log file. Raw text or a link to a pastebin type site are preferred.

My bitcoind config:

server=1
listen=1
rpcuser=REPLACED
rpcpassword=REPLACED
rpcbind=127.0.0.1:8332
rpcthreads=8
rpcallowip=127.0.0.1

HTTP request/response (from tcpdump):

POST / HTTP/1.1
Authorization: Basic UkVQTEFDRUQ6UkVQTEFDRUQ=
Host: REPLACED:8332
Accept: */*
Content-type: application/json
Content-Length: 39

{"method":"getinfo","params":[],"id":1}

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="jsonrpc"
Date: Wed, 01 Feb 2017 07:05:40 GMT
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1

If so, please list the steps to reproduce below: Test with curl

Purpose of this section is to ensure reproducibility, eliminate guesswork and save time. What was the content of this "test" in terms of commands you issued against the server?

Are you running curl to RPC port?

Are you running curl to RPC port?

RPC server returns an error. Most likely "testing" is not done correctly.

I get the same error with all clients.

I can reproduce it with my config and this cmd: bitcoin-cli -rpcuser=REPLACED -rpcpassword=REPLACED -rpcconnect=127.0.0.1 -rpcport=8332 -datadir=/data/btc getinfo

The error message is: error: incorrect rpcuser or rpcpassword (authorization failed)

The problem is that bitcoind uses the cookie not the password from the config.

I put a std::cout in RPCAuthorized() in httprpc.cpp std::cout << strUserPass << "\n" << strRPCUserColonPass<<"\n";

The output is:

REPLACED:REPLACED
__cookie__:0723ef24069e50123146dca0d76488bb0583781fc55e254b78be93eaf2764745

On Windows, using Bitcoin Core 0.13.2, this works fine (rpc/rpc): bitcoin-cli.exe -rpcuser=rpc -rpcpassword=rpc -testnet=1 getinfo

It's either specific to your build or maybe some of the parameters and arguments have issues. Simple RPC-focused test without using config files:

C:\bitcoin\bin>bitcoin-qt.exe -server=1 -rpcuser=rpc -rpcpassword=rpc -datadir=c:\bitcoin # wait 1 min
C:\bitcoin\bin>bitcoin-cli.exe -rpcuser=rpc -rpcpassword=rpc getinfo
{
  "version": 130200,
  "protocolversion": 70015,
  "walletversion": 60000,
  "balance": 0.00000000,
  "blocks": 641,
  "timeoffset": 0,
  "connections": 2,
  "proxy": "",
  "difficulty": 1,
  "testnet": false,
  "keypoololdest": 1416112331,
  "keypoolsize": 101,
  "paytxfee": 0.00000000,
  "relayfee": 0.00001000,
  "errors": ""
}

Why does this have the windows label? It looks like it works under windows but not under Linux.

It works the same everywhere, I was at my Windows desktop at the time. Why speculate when you can simply run the same command and provide your output?

An auth cookie is used if no -rpcpassword set: https://github.com/bitcoin/bitcoin/blob/master/src/httprpc.cpp#L220 The server will also log a message in that case. Make sure the server is using the expected configuration file, and that the configuration file specifies rpcpassword.

For future googlers: the password should not contain the pound sign (#) as this is treated as a comment!

I was running it on Ubuntu 16.

I had rpcuser and rpcpassword in the config file, but I was getting 401 error when I called the jaon-rpc api.

I found a workaround by providing -rpcuser=REPLACED -rpcpassword=REPLACED when I launched the bitcoind.

Hope this is still relevant and useful.

I'm having this issue on linux/ubuntu when trying to proxy rpc requests from one machine to another using ssh port forwarding. The same setup with litecoin, dash or dogecoin works fine. So, I guess, the bug was introduced in bitcoin recently. Workaround by @Kiza helped me

I am having this issue on my mac OSX High Sierra. The rpcuser and rpcpassword set in the conf file are not being used by the rpcserver.

Failure

curl -v --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' http://<username>:<password>=@127.0.0.1:9245/

Success

curl -v --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' http://__cookie__:Cq113bVyv+MNbOp5krK5rersYN9JPWAiheaQr5z4hhw=@127.0.0.1:9245/

Can also be done via CLI

Failure

./bitcoin-cli -rpcuser=<username> -rpcpassword=<password> -rpcconnect=127.0.0.1 -rpcport=9245 getinfo

Sucess

./bitcoin-cli -rpcuser=__cookie__ -rpcpassword=Cq113bVyv+MNbOp5krK5rersYN9JPWAiheaQr5z4hhw= -rpcconnect=127.0.0.1 -rpcport=9245 getinfo

I'm having same issue on Debian when using python-bitcoinrpc, @Kiza 's workaround works for me.

In my case, if I uncomment the rpcuser and rpcpassword, then success

On client-side, you add the normal user/password pair to send commands:

rpcuser=alice rpcpassword=DONT_USE_THIS_YOU_WILL_GET_ROBBED_8ak1gI25KFTvjovL3gAM967mies3E=

I was running it on Ubuntu 16.

I had rpcuser and rpcpassword in the config file, but I was getting 401 error when I called the jaon-rpc api.

I found a workaround by providing -rpcuser=REPLACED -rpcpassword=REPLACED when I launched the bitcoind.

Hope this is still relevant and useful.

yes, and i need to remove the rpcuser and rpcpassword in the config file.

For future googlers: the password should not contain the pound sign (#) as this is treated as a comment!

Yes. Always be wary of special characters. Stick to long passwords of upper/lower case plus numbers.

Well if anyone wonders why rpcallowip is not working on master build - it could be (i suspect) because it's not intended for production use perhaps (?). However I had to revert to 0.17 for 8332 to listen to more than just localhost. And it's not a config file issue it seems because the same config worked on this earlier version (not to mention many many other altcoins).

If you are struggling with this - git checkout 0.17 and give that a try ;)

@gr33k That's an unrelated issue. Since 0.18 you need to put rpcbind explicitly if you want to listen on more than localhost.

I swear I did RTM (https://en.bitcoin.it/wiki/Running_Bitcoin) and saw that option…but it did not say that it wouldn’t listen unless explicitly used. Infact, it seems the default was to listen on all interfaces prior to this change.

Regardless -thank you @sipa for pointing that out as I was wondering what the heck I was doing wrong 👍