the below commands works
psql -h localhost -U <username> <dbname>
but
psql localhost -U <username> <dbname>
the above get psql: FATAL: Peer authentication failed for user
-h option lets you provide the hostname for your psql connection. If you remove -h option, then also remove localhost from your statement.
You can also check pg_hba.conf file for more debugging.
Because as #Lohit Gupta stated without -h psql ignores the hostname(localhost) and uses the default connection type. From docs:
https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
"
host
Name of host to connect to. If a host name begins with a slash, it specifies Unix-domain communication rather than TCP/IP communication; the value is the name of the directory in which the socket file is stored. The default behavior when host is not specified, or is empty, is to connect to a Unix-domain socket in /tmp (or whatever socket directory was specified when PostgreSQL was built). On machines without Unix-domain sockets, the default is to connect to localhost.
"
So in your case you have switched from connection type host to type local and a different set of connection rules will take over. As mentioned look in your pg_hba.conf file to see what those are. You should have also received the following error:
psql: warning: extra command-line argument "localhost" ignored
Related
I want to remotely connect to a Postgres instance. I know we can do this using the psql command passing the hostname
I tried the following:
psql -U postgres -p 5432 -h hostname
I modified the /etc/postgresql/9.3/main/pg_hba.conf file on the target machine to allow remote connections by default
I added the following line to the file
host all all source_ip/32 trust
I restarted the cluster using
pg_ctlcluster 9.2 mycluster stop
pg_ctlcluster 9.2 mycluster start
However, when I try to connect from the source_ip, I still get the error
Is the server running on host "" and accepting TCP/IP connections on port 5432?
What am I doing wrong here?
I resolved this issue using below options:
Whitelist your DB host from your network team to make sure you have access to remote host
Install postgreSQL version 4 or above
Run below command:
psql -h <REMOTE HOST> -p <REMOTE PORT> -U <DB_USER> <DB_NAME>
psql -h <IP_Address> -p <port_no> -d <database_name> -U <DB_username> -W
-W option will prompt for password. For example:
psql -h 192.168.1.50 -p 5432 -d testdb -U testuser -W
I figured it out.
Had to set listen_addresses='*' in postgresql.conf to allow for incoming connections from any ip / all ip
Step Wise below
Opening the Port - Make sure the PSQL Port is open to all remote connections or connections from a specific set of IPs as per your requirement. PSQL, in general, runs at port 5432, and it is configurable, so expose relevant Port accordingly.
Update Remote Server PSQL Configuration - Set listen_addresses = '*' in postgresql.conf file, path in general is /etc/postgresql/psql_version/main/postgresql.conf
Connect remotely - psql -U <db_username> -h <IP_address> - in case psql is running on a port other than 5432 on the remote server, specify port by adding -p <port_number>
A little plus below -
In case the IP has been mapped to a domain name, you can connect by replacing <IP_address> with <host_name>. To do this, add a new connection rule in pg_hba.conf file
Note -
All above explained can cause security issues - best practice always is to either keep your psql port closed, or only allow a list of IPs to connect through the port.
Note that "ident" in pg_hba.conf requires a "ident server" to be running on the client.
Postgresql server running and verified on 5432 on my localhost system:
If I type: psql -l I get the following response:
psql: could not connect to server: No such file or directory
Is the server running locally and accepting connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
If I type psql -h localhost -l, it works and gives me a list of the databases.
The pg_hba.conf file is wide open, showing:
TYPE DATABASE USER ADDRESS METHOD
The value "local" is for Unix domain socket connections only:
local all all trust
Allow any IP to connect without password:
host all all 0.0.0.0/0 trust
IPv4 local connections:
host all all 127.0.0.1/32 trust
IPv6 local connections:
host all all ::1/128 trust
What have I missed? On other systems the first call from the command line works fine.
It sounds like when you are running the command you are connecting to localhost, not the file socket.. try
psql -h localhost -p 5432
Default Admin Login sudo -u postgres psql
Login into specific db with privilages psql -h host -p port -U User_Name db_name
Is the server running locally and accepting connections on Unix domain
socket "/var/run/postgresql/.s.PGSQL.5432"?
This just means that the unix_socket_directory configuration parameter on the server differs from the default of the client-side psql.
/var/run/postgresql is the default Unix domain socket path for Debian-based packages. For a self-compiled server, it is /tmp. It may also be a custom path specified in postgresql.conf or through a start directive.
Assuming it's /tmp you could do psql -l -h /tmp. The command knows that the parameter following -h is to be interpreted as a directory and not as a hostname because it starts with a slash.
I can't connect to my local Postgresql database on my Linux Fedora setup using an account I've created (alex). I've tried lots of different things including changing the 'method' to md5 and such. Here's a copy of my pg_hba.conf file:
local all all peer
local project alex peer
host all all 127.0.0.1/32 ident
host all all ::1/128 ident
The user 'alex' has login permissions and replication permissions along with a password (encrypted).
psql -U alex -d project -h 127.0.0.1
psql: FATAL: Ident authentication failed for user "alex"
Forcing password input with the '-W' switch causes this to happen:
psql -U alex -d project -h 127.0.0.1 -W
Password for user alex:
psql: FATAL: Ident authentication failed for user "alex"
You're using TCP/IP (-h 127.0.0.1 or -h localhost) so it's using the host lines. The local lines are for unix sockets and do not apply to TCP/IP.
So it's choosing ident authentication, which expects that the connecting user have the same unix user name as the PostgreSQL user they're connecting to. It's also not well supported in modern operating systems. (I personally think that defaulting to ident authentication is effectively a bug).
I suggest using md5 password authentication instead of ident. Remember to reload the configuration to make change take effect.
Alternately, omit the -h 127.0.0.1 to use peer authentication over a unix socket, if your current unix user name matches the name of the PostgreSQL user you wish to connect as.
Fixed it, I guess the higher that the entry is then the higher the priority it is inside the pg_hpa.conf file. I removed the top peer entry, and problem solved.
when i create a new user, but it cannot login the database.
I do that like this:
postgres#Aspire:/home/XXX$ createuser dev
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) y
then create a database:
postgres#Aspire:/home/XXX$ createdb -O dev test_development
after that, I try psql -U dev -W test_development to login, but get the error:
psql: FATAL: Peer authentication failed for user "dev"
I tried to solve the problem but failed.
Try:
psql -U user_name -h 127.0.0.1 -d db_name
where
-U is the database user name
-h is the hostname/IP of the local server, thus avoiding Unix domain sockets
-d is the database name to connect to
This is then evaluated as a "network" connection by Postgresql rather than a Unix domain socket connection, thus not evaluated as a "local" connect as you might see in pg_hba.conf:
local all all peer
Your connection failed because by default psql connects over UNIX sockets using peer authentication, that requires the current UNIX user to have the same user name as psql. So you will have to create the UNIX user dev and then login as dev or use sudo -u dev psql test_development for accessing the database (and psql should not ask for a password).
If you cannot or do not want to create the UNIX user, like if you just want to connect to your database for ad hoc queries, forcing a socket connection using psql --host=localhost --dbname=test_development --username=dev (as pointed out by #meyerson answer) will solve your immediate problem.
But if you intend to force password authentication over Unix sockets instead of the peer method, try changing the following pg_hba.conf* line:
from
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
to
# TYPE DATABASE USER ADDRESS METHOD
local all all md5
peer means it will trust the identity (authenticity) of UNIX user. So not asking for a password.
md5 means it will always ask for a password, and validate it after hashing with MD5.
You can, of course, also create more specific rules for a specific database or user, with some users having peer and others requiring passwords.
After changing pg_hba.conf if PostgreSQL is running you'll need to make it re-read the configuration by reloading (pg_ctl reload) or restarting (sudo service postgresql restart).
* The file pg_hba.conf will most likely be at /etc/postgresql/9.x/main/pg_hba.conf
Edited: Remarks from #Chloe, #JavierEH, #Jonas Eicher, #fccoelho, #Joanis, #Uphill_What comments incorporated into answer.
Peer authentication means that postgres asks the operating system for your login name and uses this for authentication. To login as user "dev" using peer authentication on postgres, you must also be the user "dev" on the operating system.
You can find details to the authentication methods in the Postgresql documentation.
Hint: If no authentication method works anymore, disconnect the server from the network and use method "trust" for "localhost" (and double check that your server is not reachable through the network while method "trust" is enabled).
When you specify:
psql -U user
it connects via UNIX Socket, which by default uses peer authentication, unless specified in pg_hba.conf otherwise.
You can specify:
host database user 127.0.0.1/32 md5
host database user ::1/128 md5
to get TCP/IP connection on loopback interface (both IPv4 and IPv6) for specified database and user.
After changes you have to restart postgres or reload it's configuration.
Restart that should work in modern RHEL/Debian based distros:
service postgresql restart
Reload should work in following way:
pg_ctl reload
but the command may differ depending of PATH configuration - you may have to specify absolute path, which may be different, depending on way the postgres was installed.
Then you can use:
psql -h localhost -U user -d database
to login with that user to specified database over TCP/IP.
md5 stands for encrypted password, while you can also specify password for plain text passwords during authorisation. These 2 options shouldn't be of a great matter as long as database server is only locally accessible, with no network access.
Important note:
Definition order in pg_hba.conf matters - rules are read from top to bottom, like iptables, so you probably want to add proposed rules above the rule:
host all all 127.0.0.1/32 ident
While #flaviodesousa's answer would work, it also makes it mandatory for all users (everyone else) to enter a password.
Sometime it makes sense to keep peer authentication for everyone else, but make an exception for a service user. In that case you would want to add a line to the pg_hba.conf that looks like:
local all some_batch_user md5
I would recommend that you add this line right below the commented header line:
# TYPE DATABASE USER ADDRESS METHOD
local all some_batch_user md5
You will need to restart PostgreSQL using
sudo service postgresql restart
If you're using 9.3, your pg_hba.conf would most likely be:
/etc/postgresql/9.3/main/pg_hba.conf
This works for me when I run into it:
sudo -u username psql
I simply had to add -h localhost
The easiest solution:
CREATE USER dev WITH PASSWORD 'dev';
CREATE DATABASE test_development;
GRANT ALL PRIVILEGES ON DATABASE test_development to dev;
ALTER ROLE dev CREATEROLE CREATEDB;
In my case I was using different port. Default is 5432. I was using 5433. This worked for me:
$ psql -f update_table.sql -d db_name -U db_user_name -h 127.0.0.1 -p 5433
For people in the future seeing this, postgres is in the /usr/lib/postgresql/10/bin on my Ubuntu server.
I added it to the PATH in my .bashrc file, and add this line at the end
PATH=$PATH:/usr/lib/postgresql/10/bin
then on the command line
$> source ./.bashrc
I refreshed my bash environment. Now I can use postgres -D /wherever from any directory
pg_dump -h localhost -U postgres -F c -b -v -f mydb.backup mydb
Try in terminal:
>> psql -U role_name -d database -h hostname.<domain>.com -W
I have Postgres installed in my local machine.
When I execute
psql -U postgres -d buzzsumo
it correctly asks for my password to the user postgres.
However, when I run
psql -U postgres -d buzzsumo -h localhost
it gives me this error message:
psql: FATAL: role "postgres" does not exist
Why is this the case, when in the first example I am connecting to my local server, which is equivalent to passing in localhost?
You don't say but I'm guessing you're running postgres on either on MacOS or Linux.
The first form (with no -h) connects via a "unix socket". The second form, with "-h localhost" connects via TCP/IP to localhost (IP address 127.0.0.1).
Postgres treats these two types of connections differently - or at least, it can do so. If you check the "pgsql/data/pg_hba.conf" file to see what authentication mechanisms are configured for the two types of connections.
Your first example connects via Unix socket, the second one via TCP/IP local loop (localhost).
For the first example, you need the connection type local in pg_hba.conf, for the second lines starting with host are relevant. You probably have defined different authentication methods for these classes of connections.