I am attempting to connect to Amazon DocumentDB cluster via SSH port forwarding as described here. I can connect using this command ...
mongosh --host localhost:27017 --ssl --sslAllowInvalidHostnames --sslCAFile rds-combined-ca-bundle.pem --username REDACTED --password REDACTED
... but not this command ...
mongosh mongodb://REDACTED:REDACTED#localhost:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem
It fails with the error message "unable to get local issuer certificate." At least one problem is that I have not been able to find any documentation on how to translate the --sslAllowInvalidHostnames option into the connection string format. I found this, but adding &sslVerifyCertificate=false doesn't change anything so there might be something else I'm doing wrong here.
I figured it out (sort of). I never got the connection string working via mongosh, but when using it to connect in code, which was my ultimate goal, there are language-specific steps you have to take to install the CA cert. Then you can connect your app with a connection string like this.
mongodb://REDACTED:REDACTED#localhost:27017?tls=true&tlsInsecure=true
Related
I'm really confused. I'm able to connect to mongodb with the shell but not compass via connection string or manually typing fields (the option at top right).
Here's the shell connection:
mongo --username myAdminUser --password password123 --authenticationDatabase myAdminDatabase --host localhost --port 27020
I've tried a few connection strings /?authSource=myAdminDatavase, /myAdminDatabase, I've even tried them together...
I'd love a single connection string that I can use in compass.
Here is the connection string the shell outputs once it connects:
mongodb://localhost:27020/isMaster?authSource=myAuthDatabase&compressors=disabled&gssapiServiceName=mongodb
I tried this with credentials also.
My environment is a little odd, but cannot be changed. I'm in a virtual machine, with a local k8s cluster hosting the mongo instance in a pod. These connections are all forwarded through to my host, which I use to connect to mongo from the shell and it works successfully.
The shell is fine, but sometimes just tweaking a document slightly via compass is convenient and a more pleasant experience.
If anyone could shed any light on this I'd massively appreciate it!
Managed to resolve it, SSL only supports single way tunneling, so I had to turn SSL off in my mongo instance and disable it on my connection string, this worked fine. Hopefully this helps anyone else working remotely and struggling.
I am trying to connect to a mongodb service hosted on IBM Cloud following this instructions.
When I run the following command
mongo -u $USERNAME -p $PASSWORD --ssl --sslCAFile c5f07836-d94c-11e8-a2e9-62ec2ed68f84 --authenticationDatabase admin --host replset/bdb98a3ac10-0.b8a5e798d2d04f2e860d042c915.databases.appdomain.cloud:30484,bd576-96db98a3ac10-1.b8a5e4e5d042c915.databases.appdomain.cloud:30484
I get this error on macOs, while on Windows 10 the connection is correctly estiblished:
SSL peer certificate validation failed: Certificate trust failure:
Invalid Extended Key Usage for policy; connection rejected
If I connect via MongoDB Compass instead of using the terminal the connection works
I had to add --sslAllowInvalidCertificates flag
https://docs.mongodb.com/manual/reference/configuration-options/#net.ssl.allowConnectionsWithoutCertificates
I need to use terminal to connect to MongoDB. I have almost precisely same issue as this StackExchange question.
In my case I can correctly use Robo3T to connect. As well as use command
mongo --host 111.111.111.111 --port 111 --authenticationDatabase DB --username USER --password PASS locally. With same command executed remotely I receive following error:
No connection could be made because the target machine actively refused it.
I wanted to precisely recreate my Robo3T connection setup to see if SSH tunnel solves my issue
I have a Bitnami MEAN instance running on EC2. After much finagling, I've been able to successfully connect to the DB using the local shell. I created authenticated users with all of the permissions necessary to access the data, and when I run the below code -- I am able to access the DB with no problem.
sudo mongo admin -u <USERNAME-p <PASSWORD>
That said, when I try to repeat this using a remote connection I am repeatedly given an "auth failed" error from MongoDB.
mongo <HOST>:<PORT>/<DATABASE> -u <USERNAME> -p <PASSWORD>
...
This is strange because I am using the exact same credentials as I do in running the local shell. The only difference is I'm including the host and port information. I've since also confirmed that my remote connection DOES work if I disable the auth parameter in mongodb.config.
mongo <HOST>:<PORT>/<DATABASE>
Obviously, in production I want to be able to authenticate. Do any of you have suggestions as to why there is a discrepancy between remote and local authentication?
I was facing the same issue.
The problem for me:
My local mongo shell was v2.6.10. It uses an authentication method called MONGODB-CR that has been deprecated.
My server version is v3.0.4. It uses an authentication method called SCRAM-SHA-1.
Try to check your local shell and remote server versions with:
mongo --version
mongod --version
If they are different, upgrade your local shell to v3. (I had to uninstall and install it again.)
I had previously be installing MongoDB version 3.2.12 and was able to connect to a remote instance using:
mongo -u ‘<USERNAME>’ -p ‘<PASSWORD>’ --host <REPLICA_SET>/<HOST>:<PORT> admin
I am creating a new cluster with version 3.4.2 and was not able to connect with the same command. After trying many different options I was finally able to figure out that I needed to add --authenticationDatabase before the admin database.
mongo -u ‘<USERNAME>’ -p ‘<PASSWORD>’ --host <REPLICA_SET>/<HOST>:<PORT> --authenticationDatabase admin
If you're using more recent versions of MongoDB (server version 4.2.6 / shell version v3.6.9 in my case) you don't have to force them to match like in #Alexandre's example. For instance, if you're getting this error:
[thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1608:20
You can connect with this syntax:
mongo --host mongodb://username:password#IP:PORT/ --authenticationDatabase admin
Install the same version both on the server and on the client solved the problem for me.
As #Alexandre explained above, it is probably a problem of password encryption.
MongoDB version 3.2.7
I tried successfully with the two methods:
mongo --host "your_host" --port "your_port" --username "your_user" --password "your_pass" --authenticationDatabase "your_admin_db"
mongo "your_host:your_port/your_db" --username "your_user" --password "your_pass" --authenticationDatabase "your_admin_db"
Besides, make sure that your server is available for remote accesses. See details about net.bindIp at https://docs.mongodb.com/v3.2/reference/configuration-options/
This is mainly due to security reasons.
When you have access to the local environment, it is easy to supposed that you are an administrator of the system or a developer because you have access to the machine itself.
If you don't have access to the local machine, you can't guarantee this, and since a database security is really important (in most cases), it makes sense not to enable remote access. You can, of course, disable this, but it is not recommended.
Hope I helped.
Just in case someone bumps into the same problem, the authenticationDatabase is only required if you created the user in ANOTHER database. If you create the user in the database you connect to, no problems.
So be careful : use then create user .
If you happen to create your user in the admin database then yes you need the authenticationDatabase flag.
I have a MongoDB database on my Linux server. I want to access it from another server. I tried to make a connection from my local computer with the Robomongo. The connection is succesfull, but the authentication fails.
How can I get the authentication credentials? Or should I change something in MongoDB before I can acces the database from another server / pc?
Someone else have set up this database, and there is no possibility to ask him this questions.
I have found the solution by my self:
The File etc/mongod.conf has a line 'bind_ip'. In this line, you originally have to add the IP address which you want to access your database. But, it don't work! You should better comment this line.
But, you don't have any authentication now, so you have to add authentication. Here you have an tutorial about this: http://ghosttx.com/2012/03/how-to-connect-to-a-remote-mongodb-server-with-mongohub-for-mac/
When you have done that, you have to enable authentication. You can do this by editing etc/mongod.conf again, and uncomment the line 'Auth = true'.
Now you can connect with you Mongo Database ;)
Ive sorted it by adding ssh option to RoboMongo following this link:
http://www.mongovue.com/2011/08/04/mongovue-connection-to-remote-server-over-ssh/
Im on OSX and connecting to Ubuntu 14 / Mongo 2.6.7 on VPS and when Ive added my ssh details to the Robomongo all seem to work ok (Ive also changed the mongo config to remove the ip_bing and enabled port 27017)
If you do not like to bother with authentication and stuff just make an SSH Tunnel:
ssh -fN -l username -i .ssh/id_rsa -L 9999:localhost:27017 remote.com
Just connect to mongodb on localhost:9999 and it will establish a connection to your mongodb on port 27017 on your server at remote.com.
Run your mongodb with following command to access mongodb from other servers
mongod --port 10945 --bind_ip 0.0.0.0
I was not able to use Robomongo with MongoDB 3.0 too (connecting from a Windows machine to a Linux one, using SSH). The only tool that works for me is MongoChef (http://3t.io/mongochef/).