How to disable password request for a Jupyter notebook session?

python ipython jupyter-notebook python-3.5 jupyter

111,415

Solution 1

The following is very unsafe, but you can remove the password completely with:

jupyter notebook --ip='*' --NotebookApp.token='' --NotebookApp.password=''

Without --NotebookApp.password='', when connecting from a remote computer to a local Jupyter launched simply with:

jupyter notebook --ip='*'

it still asks for a password for security reasons, since users with access can run arbitrary Python code on the server machine!

Note that on my machine, running just:

jupyter notebook

already opens a logged-in window on my browser, and stdout contains:

    To access the notebook, open this file in a browser:
        file:///home/ciro/.local/share/jupyter/runtime/nbserver-3286-open.html
    Or copy and paste one of these URLs:
        http://localhost:8888/?token=7c9265bf9df5f57cf5da88f410a71b097e2548ae375826b7
     or http://127.0.0.1:8888/?token=7c9265bf9df5f57cf5da88f410a71b097e2548ae375826b7

so if your browser is not opening automatically, you can try one of those links, which seem to have a login token on them, and then investigate why your browser is not opening automatically.

Tested on Jupyter 4.4.x, Ubuntu 18.04.

Solution 2

How to avoid "Invalid credentials" by disabling jupyter Notebook Password & Token

First open Anaconda Prompt

Enter the command jupyter notebook --generate-config

From jupyter directory ,edit the jupyter_notebook_config.py

made changes into the following command

 c.NotebookApp.token = ''
 c.NotebookApp.password = u''
 c.NotebookApp.open_browser = True
 c.NotebookApp.ip = 'localhost'

Now launch the jupyter notebook from anaconda navigator definitely the problem will be resolved as soon..

Solution 3

If you are trying to run from docker without password just use CMD like bellow:

CMD ["jupyter", "notebook", "--no-browser","--NotebookApp.token=''","--NotebookApp.password=''"]

Solution 4

Notebook 4.3.0 has enabled login security by default. The token to enter in the password field is printed in the output of the notebok server during startup (or can be included directly in the URL)

The Jupyter Notebook is running at: http://0.0.0.0:8888/?token=f3e7fa23fb7e347ad05914368b625416b7a95a674dc078f7

See http://jupyter-notebook.readthedocs.io/en/latest/security.html#server-security for more info, including disabling the feature.

However, this would not explain why you get the password prompt when running on one port but not on another

Solution 5

You can first create a jupyter config file with:

cd ~/.jupyter

jupyter notebook --generate-config Then set the c.NotebookApp.token parameter to an empty string in the configuration file created

c.NotebookApp.token = ''

As mentioned in comment, Setting to an empty string disables authentication altogether, which is NOT RECOMMENDED.

View more solutions

111,415

Salvatore Cosentino

Updated on January 25, 2022

Comments

Salvatore Cosentino over 2 years

I have been launching Jupyter Notebook for years using the following command:

jupyter-notebook --port=7000 --no-browser --no-mathjax

When I try to open the jupyter on the browser it ask me for a password, even though I have never set any before. It is important to note that If I do set the port to a value different than 7000 (eg., the default 8888) the interface will open with no problem

I am running jupyter locally, and on the following setup:

Python 3.5.2

With the following modules installed:

jupyter (1.0.0), jupyter-client (4.4.0), jupyter-console (5.0.0), jupyter-core (4.2.1), ipykernel (4.5.2), ipython (5.1.0), ipython-genutils (0.1.0), nbconvert (4.3.0), nbformat (4.2.0), notebook (4.3.0)

NOTE: I have no jupyter configurations file

Following are some of the output lines from the server:

[I 19:16:24.358 NotebookApp] Serving notebooks from local directory: /Users/my_user_name
[I 19:16:24.358 NotebookApp] 0 active kernels
[I 19:16:24.358 NotebookApp] The Jupyter Notebook is running at: http://localhost:7000/?token=aa0dab6e2d85766f3e2e4f0f6633e4473db56a56c94cac76
[I 19:16:24.358 NotebookApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation).

And follwing are messages after I try to open it on the browser (using port 7000)

[I 19:21:56.848 NotebookApp] 302 GET /tree (::1) 8.46ms
[D 19:21:56.857 NotebookApp] Using contents: services/contents
[D 19:21:56.919 NotebookApp] Path base/images/favicon.ico served from /usr/local/lib/python3.5/site-packages/notebook/static/base/images/favicon.ico
[D 19:21:56.920 NotebookApp] Path components/jquery-ui/themes/smoothness/jquery-ui.min.css served from /usr/local/lib/python3.5/site-packages/notebook/static/components/jquery-ui/themes/smoothness/jquery-ui.min.css
[D 19:21:56.922 NotebookApp] Path components/jquery-typeahead/dist/jquery.typeahead.min.css served from /usr/local/lib/python3.5/site-packages/notebook/static/components/jquery-typeahead/dist/jquery.typeahead.min.css
[D 19:21:56.923 NotebookApp] Path style/style.min.css served from /usr/local/lib/python3.5/site-packages/notebook/static/style/style.min.css
[D 19:21:56.925 NotebookApp] Path auth/css/override.css served from /usr/local/lib/python3.5/site-packages/notebook/static/auth/css/override.css
[D 19:21:56.926 NotebookApp] Path components/es6-promise/promise.min.js served from /usr/local/lib/python3.5/site-packages/notebook/static/components/es6-promise/promise.min.js
[D 19:21:56.926 NotebookApp] Path components/requirejs/require.js served from /usr/local/lib/python3.5/site-packages/notebook/static/components/requirejs/require.js
[D 19:21:56.933 NotebookApp] Path base/images/logo.png served from /usr/local/lib/python3.5/site-packages/notebook/static/base/images/logo.png
[D 19:21:56.934 NotebookApp] 200 GET /login?next=%2Ftree (::1) 80.86ms
[D 19:21:57.001 NotebookApp] Path custom.css served from /usr/local/lib/python3.5/site-packages/notebook/static/custom/custom.css
[D 19:21:57.003 NotebookApp] 304 GET /custom/custom.css (::1) 3.11ms
[D 19:21:57.341 NotebookApp] Path auth/js/main.min.js served from /usr/local/lib/python3.5/site-packages/notebook/static/auth/js/main.min.js
[D 19:21:57.344 NotebookApp] 200 GET /static/auth/js/main.min.js?v=20161219191623 (::1) 3.57ms

At this point there is a page from jupyter asking me to insert a password I have never set before.

SOLVED!

With latest update of notebook module (4.3.1) the problem has been solved.

Once the jupyter notebook is launched the user is prompted to paste a URL into the browser at the first connection:

Copy/paste this URL into your browser when you connect for the first time,
to login with a token:
    http://localhost:7000/?token=32be0f5ee74cfe521187bc479855ce8b9fbab9e8021701c9

This solved the problem!

Admin over 7 years

Does the same happen if you don't run Jupyter? Which messages does Jupyter print to stdout?
Salvatore Cosentino over 7 years

Yes! These are some of the last output lines (removed starting part in square brackets): Path base/images/logo.png served from /usr/local/lib/python3.5/site-packages/notebook/static/base/‌images/logo.png 200 GET /login?next=%2Ftree (::1) 106.60ms Path custom.css served from /usr/local/lib/python3.5/site-packages/notebook/static/custo‌m/custom.css 304 GET /custom/custom.css (::1) 3.09ms Path auth/js/main.min.js served from /usr/local/lib/python3.5/site-packages/notebook/static/auth/‌js/main.min.js 200 GET /static/auth/js/main.min.js?v=20161215192744 (::1) 4.07ms
Admin over 7 years

I think some other program is running on port 7000 instead. The last output lines aren't so interesting here; if the port is taken, you should see it somewhere in the first output lines. Please edit your question (rather than commenting) to include the output of the jupyter-notebook command.
mins over 3 years

"SOLVED!", more accurately: bypassed, not fixed. It seems everything running Python in a browser should have this kind of "security". Fixing it would need not to use a browser, so maybe a bad design choice in the first place. More answers from the Jupyter team in 2019 which mentions an environment variable JUPYTER_TOKEN, another bypass.

minrk over 7 years

The cookies used are different on different ports, so you can be logged into a server on one port, but not on another. You can see the URLs with tokens of all running servers with jupyter notebook list.
Jinna Balu about 4 years

This throws an error behind the proxy '_xsrf' argument missing from POST
mins over 3 years

"The following is very unsafe, but you can remove the password completely", if it is very unsafe, why mentioning it? For computers which are disconnected from the network?
Ciro Santilli OurBigBook.com over 3 years

@mins on a home LAN it could be fine. OPs question is inherently about overcoming security mechanisms.
quant almost 3 years

It's only "unsafe" in certain situations. Importantly, it's much less annoying in most situations than the default, which involves pointless copying of tokens on a local network.
Bruce wayne - The Geek Killer over 2 years

yes, it disables the token auth. If you are running from docker(my use case), u can add that either in .sh script by editting it while image building or add like this with docker run command start-notebook.sh --NotebookApp.token=''
Bruce wayne - The Geek Killer over 2 years

yes, it is correct. We can also edit the .sh file, my case, custom-start.sh where i written like this jupyter notebook --allow-root --no-browser --ip=0.0.0.0 --port=8888 --NotebookApp.token='' --NotebookApp.password='' and builded the jupiter notebook image
Bruce wayne - The Geek Killer over 2 years

if anyone read above comment and wanna try that method, i explained it as an answer below