Connecting to Postgres from Remote Network - postgresql

Unable to get data from Postgres from remote network. We have a Postgres DB setup for our MItel System and users from different vlans cannot get data. They can connect to the DB successfully but getting "no records found" when connected. The users that are connect to the same vlan as the DB can connect fine and get all the data (call History) but users from a branch office cannot receive data.
What I have setup in the pg_hba.conf file is:
host all all 10.0.0.0/24 trust (I've tried md5 as well)
host all all 172.0.0.0/24 trust
In the Postgressql.conf I have:
Listen_addresses = '*'
All users are using the same database username and password.

I found out what i needed to put in the pg_hba.conf file. The line needed to read
host all all 0.0.0.0/0 md5
Not quite sure why the network address or subnet didn't work but they didn't. For whatever reason that line worked and all data is flowing. Thanks

Related

postgres logical replication not working. Error says "could not connect to the publisher"

I have a postgres database called salephone_test with 3 tables (smartphones, listings, phone_listings) on my windows pc which I want to replicate to at least one ubuntu droplet on digitalocean. I attempted the following setup to replicate the smartphones table:
On my local machine (pc) in postgresql.conf I set the listen_addresses = '*' and wal_level = logical
in pg_hba.conf, I added the following lines
host salephone_test rep 0.0.0.0/0 md5
host salephone_test all 104.248.54.230/0 md5
host all all 0.0.0.0/0 md5
host all all 0.0.0.0/0 md5
where 104.248.54.230 is the IP of my digitalocean droplet
I also set up a replication user and publication by the following commands
CREATE ROLE rep REPLICATION LOGIN PASSWORD 'fakepass';
GRANT SELECT on smartphones to rep;
CREATE PUBLICATION test_phones FOR TABLE smartphones;
on my remote droplet, after installing postgres on the ubuntu, I created a database called salephone with a table called smartphones
in psql, I then used the following command to subscribe for logical replication
// 50.71.125.50 is my pc ip according to google
CREATE SUBSCRIPTION phone_sub CONNECTION 'dbname = salephone_test host = 50.71.125.50 user = rep password = fakepass port = 5432' PUBLICATION test_phones;
after a minute of waiting, I received the following
ERROR: could not connect to the publisher: connection to server at "50.71.125.50", port 5432 failed: Connection timed out
Is the server running on that host and accepting TCP/IP connections?
Note: i tried restarting postgres on my pc multiple times already via services.msc
Your home modem/router is surely blocking the connection. You will need to configure it to accept the connection and do 'port forwarding' to your pc. How you do that (or if it is even possible) would depend on the make and model of the router.
Also, your pg_hba doesn't make much sense. The reason to have a more specific entry above a more general entry is to give it a different auth method (or configuration). Since all your entries have the same method, you might as well just have the last line and not have the preceding 3.

How to connect to a local postgreSQL database from a remote pc

I am pretty new to everything that is database management, remote connection etc... And I need this for a university project.
I have a local postgreSQL database on my Windows computer, which I access through localhost. What I want to do now is connect to this database using my laptop (which is in the same WLAN, don't know if that helps).
I changed the file pg_hba.conf, and added host all all 0.0.0.0/0 md5 and host all all ::0/0 md5. Also in the postgresql.conf file, there is one line listen_addresses = '*' which was the default, but as I understand it it is what it needs to be so a non-localhost can connect to the database.
How can I do this? On my laptop I tried running psql and for the server I put the IPv4 address of my PC(where the local database is stored), but it doesn't connect (Connection timed out)

Connect to remote postgres server from EC2 Instance

I am trying to fetch data from the Postgres server which is remotely available from Amazon EC2 instance. When I try to telnet the remote server, it is connected.
But when I am running a kafka connector which connects to the remote Postgres server it throws an error stating
FATAL: no pg_hba.conf entry for host, SSL off for configuration Couldn't open a connection to jdbc:postgresql://<url>
I tried changing the connection string from
jdbc:postgresql://host:5432/schema_name?user=******&password=******&defaultFetchSize=250000&useCursorFetch=true
to
jdbc:postgresql://host:5432/schema_name?ssl=true&user=******&password=******&defaultFetchSize=250000&useCursorFetch=true
then it throws another error which is
The server does not support SSL. for configuration Couldn't open a connection to jdbc:postgresql://<url>
There is no SSL support in the Postgres server because I can connect to the server through any DB connector without ssh. I am sure it has to do something with the security access group of EC2(considering I can telnet to the server from the instance). Any help would be much appreciated.
Looks like error is in the pg_hba.conf. I would have put this as a comment but not enough rep.
When you telnet to the server did you use the db port?
Can you post your pg_hba.conf file. This is one off my home dev server. You'll need to add a line similar to this: host all all 192.168.1.1/24 md5 with your IP addr and details.
If you're using this in a corporate network I'd highly recommend looking at a amazon VPC and not to expose your database to the internet.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 10.10.187.1/24 md5

How does dblink work when using it on remote client

The scenario is we have a host with postgresql9.6 installed this is working perfectly fine. We have another host in AWS with redshift installed which contains a bunch of views. We are using dblink between these two hosts to query data / bulk inserts etc and they are working. The issue occurs when we add a client machine into the scenario. I have a laptop with the psql module and I can successfully connect to my postgresql database on the above host and run queries without any trouble but when I try executing the dblink connect command from my psql client on my laptop it fails stating ...
ERROR: could not establish connection
DETAILS: FATAL: password authentication for user " **** "
FATAL : no pg_hba.conf entry for host " ***.**.**.**", " username " , database "db", SSL off
I don't understand why we get this error because the exact commands for dblink work fine when executing local to the postgresql host.
Has anyone encountered the same issue?
Thanks
I had a very similar issue, it is not a user issue but an IP issue.
Check your laptops IP, it most likely is not listed in pg_hba.conf
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all xxx.xxx.xxx.xxx/24 md5
The first line is the local machine, the second line is for the network you are on. i.e. 198.162.1.0, would allow connection from 198.162.1.0.
Your laptop most likely is on a separate network and will have to be added.
You will also have to restart the service after making changes to pg_hba.conf
Good luck.

Postgresql server not asking for password for remote connections

I found my posgresql database server is not asking password for user postgres when remote connecting through pgadmin. I mean this is when I connect to remote database server from my local computer through pgAdmin.
I did add a password in psql, ALTER USER postgres PASSWORD 'mypassword'.
This is my pg_hba.config file:
/usr/local/pgsql/bin/psql -qAt -c "show hba_file" | xargs grep -v -E '^[[:space:]]*#'
local all all trust
host all all 127.0.0.1/32 md5
host all all 0.0.0.0/0 md5
host all all ::1/128 md5
So, I do not quite understand what is happening here.
Can anyone help with this?
Thanks a lot.
UPDATE:
If i change:
local all all trust
to
local all all md5
Now, local connections (via SSH) will be asked for password ( wasn't asking for password before.) but remote connections will still connect without a password.
Acutally, I tried connecting to this database server by a rails appliaction from another server, without a password, and the rails server started without a problem.
PUTTING RESULT HERE FOR THE CONVENIENCE
The real reason of this issue was the .pgpass file. Mac stored the password locally in the .pgpass file under user home folder. Then every time when user try to login without a password, PostgreSQL will send the password for user.
Official doc here
Thanks for all the comments and answers ppl!
But the real reason of this issue was the .pgpass file. My mac stored the password locally in the .pgpass file under my user home folder. Then every time when i try to login without a password, PostgreSQL will send the password for me.
So that was the issue i was having....
Thanks for all the reply and the comments again!
For more details can refer to here
Reading the documentation at Postgresql.org
https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
I would suggest that you change the user field with the names of the few users allowed to connect remotely:
host all john,charles 0.0.0.0/0 scram-sha-256
host all john,charles ::1/128 scram-sha-256
Further, for security reasons, I would advice that you look into using hostssl and also that you specify the name of the database(s) that can be accessed remotely:
hostsll webapp123 john,charles 0.0.0.0/0 scram-sha-256
And if the remote access is only from specific computers, specify their static IP addresses (if DHCP is used, use a mask accordingly.)
hostsll webapp123 john,charles 1.2.3.4/32 scram-sha-256
This way you only compromise database webapp123, to what users john and charles can do, and only from computer 1.2.3.4.
As mentioned in the documentation, you can have any number of entries, so if you want to add a test server (i.e. your server at home) then you can add one line so it looks like this:
hostsll webapp123 john,charles 1.2.3.4/32 scram-sha-256
hostsll webapp123 henry home-ip/32 scram-sha-256
By not specifying the users, you probably allow any user, including those without passwords and one of them is selected and it works...
Of course, I would strongly advice that you do not name a user who has administration rights in your database unless you also specify his static IP address.