I am trying to fetch data from the Postgres server which is remotely available from Amazon EC2 instance. When I try to telnet the remote server, it is connected.
But when I am running a kafka connector which connects to the remote Postgres server it throws an error stating
FATAL: no pg_hba.conf entry for host, SSL off for configuration Couldn't open a connection to jdbc:postgresql://<url>
I tried changing the connection string from
jdbc:postgresql://host:5432/schema_name?user=******&password=******&defaultFetchSize=250000&useCursorFetch=true
to
jdbc:postgresql://host:5432/schema_name?ssl=true&user=******&password=******&defaultFetchSize=250000&useCursorFetch=true
then it throws another error which is
The server does not support SSL. for configuration Couldn't open a connection to jdbc:postgresql://<url>
There is no SSL support in the Postgres server because I can connect to the server through any DB connector without ssh. I am sure it has to do something with the security access group of EC2(considering I can telnet to the server from the instance). Any help would be much appreciated.
Looks like error is in the pg_hba.conf. I would have put this as a comment but not enough rep.
When you telnet to the server did you use the db port?
Can you post your pg_hba.conf file. This is one off my home dev server. You'll need to add a line similar to this: host all all 192.168.1.1/24 md5 with your IP addr and details.
If you're using this in a corporate network I'd highly recommend looking at a amazon VPC and not to expose your database to the internet.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 10.10.187.1/24 md5
Related
I manage a postgresql DB on a windows server, the local connection with a client workstation on the postgresql server works perfectly, but when leaving the local network, the connection fails. I have tried several configurations offered on similar topics, but without success.
Here are some solutions already tried:
listen_addresses = '*'
port = 5432
host all all 0.0.0.0/0 md5 ... host all all 0.0.0.0/0 trust ... client side and server side postgresql
I disabled Windows Firewall and created specific inbound / outbound traffic rules for port 5432 ... client side and server windows side
I tried to create an ssh tunnel via psql, python or the pgAgmin interface but I got stuck on this message: "Failed to create the SSH tunnel. Error: Could not establish session to SSH gateway"
I am convinced that I am wrong on a configuration, but which one? This is the subject of my request ...
Does anyone know how to help me?
thank you,
I am pretty new to everything that is database management, remote connection etc... And I need this for a university project.
I have a local postgreSQL database on my Windows computer, which I access through localhost. What I want to do now is connect to this database using my laptop (which is in the same WLAN, don't know if that helps).
I changed the file pg_hba.conf, and added host all all 0.0.0.0/0 md5 and host all all ::0/0 md5. Also in the postgresql.conf file, there is one line listen_addresses = '*' which was the default, but as I understand it it is what it needs to be so a non-localhost can connect to the database.
How can I do this? On my laptop I tried running psql and for the server I put the IPv4 address of my PC(where the local database is stored), but it doesn't connect (Connection timed out)
I recently installed https://dbeaver.io/ on a Windows PC and wish to access a database on a remote Linux server from it.
My Linux username is my_username and I also have a system user psql_user. I also have two existing PostgreSQL databases with the same name as their respective user. Typically, only the psql_user is used and is access by a php-fpm pool listening to a Unix socket and running as user psql_user, and as such have configured /var/lib/pgsql/12/data/pg_hba.conf as:
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
host all all 127.0.0.1/32 ident
host all all ::1/128 ident
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
With the above configuration, after ssh'ing onto the server, I can access the my_username database by executing psql and can also access the psql_user database by executing sudo -u psql_user psql and do not need to use a password for either.
But now, how to connect from the remote Windows PC?
To attempt to do so, I first created ssh keys without passphrases on the Windows PC for both my_username and psql_user and added the public key to each Linux user's authorized_keys (had to manually create /home/psql_user/ because it is a systems user). I can can successfully PuTTY to the server as either using the ssh keys.
Next, on the DBeaver connection settings SSH tab, I checked "Use SSH Tunnel", entered the username and private key location and the Test tunnel configuration successfully shows connected with the client version as SSH-2.0-JSCH-01.54 and server version as SSH-2.0-OpenSSH_7.4. I also made no changes to the Advanced portion of this tab such as local and remote hosts and ports, and have also left the "You can use variables in SSH parameters" at their default values.
Using my server IP in the main tab, Authentication "Database Native", and leave password empty, I test the connection but get The connection attempt failed. syslog reports that connection to the IP on port 5432 failed which makes sense because I am set up using Unix sockets.
So, then I change the server IP on the main tab to 127.0.0.1 (or localhost) and try again but get FATAL: Ident authentication failed for user "my_username". Okay, a little closer, but not quite there.
I think it might be because DBeaver is passing the port so I attempt to disable this part by got to the Edit Driver tab and changing jdbc:postgresql://{host}[:{port}]/[{database}] to jdbc:postgresql://{host}/[{database}], but now get Connection to 127.0.0.1:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
Not sure where to go next. When I PuTTY into the Linux machine, all is good but not when connecting remotely using DBeaver, and thought it would be the same if I am using SSH to connect DBeaver to the server. How can this be accomplished?
As pointed out in the other answer, DBeaver's SSH tunnel option doesn't support sockets currently. It is always TCP port based, so only connections using the host options in pg_hba.conf can be made (I've placed a feature request for SSH socket forwarding in DBeaver).
Here's how to set up forwarding of a local TCP port to a remote Unix socket. This allows you to use peer authentication over the Unix socket, so you don't have to provide a password for the PostgreSQL role:
ssh username#dbserver.example.com -L 5555:/var/run/postgresql/.s.PGSQL.5432 -fN
While I think that ssh tunnelling can be set up to connect to a unix socket rather than a port, I don't think dbeaver offers a way to do that, so you would have to set it up separately.
Although ident should also work if your server runs the identd service. I think most linux don't do that by default, but just apt install oidentd or whatever the equiv would be on your package manager should fix that.
The easier solution would be to just change the method from ident to md5 or scram, and assign a password (which dbeaver offers to memorize).
Provisioned an IBM Cloud Compose PostgreSQL instance. Then tried to connect the instance to the Watson Studio.
Although establishing a connection works fine, when I try to save retraining configuration getting the following error message.
Error: Unhandled exception of type PSQLException with message: FATAL: no pg_hba.conf entry for host "", user "", database "", SSL off
I do not think I can ssh to the db host and just change the pg_hba.conf file.
I do not think this is a possibility as the IBM Cloud Compose PostgreSQL is server less instance (I think).
How do I resolve this ?
How do you connect? Do you use a connection asset? Is this connection asset using the "Compose for PostgreSQL" or "PostgreSQL" type of connection? The "Compose for PostgreSQL" type of connection asset uses TLS, so should work.
This error message means you are trying to connect to the Database without TLS. Databases for PostgreSQL will reject unsecured connections.
https://cloud.ibm.com/docs/services/databases-for-postgresql?topic=databases-for-postgresql-security-compliance#protection-against-unauthorized-access
https://cloud.ibm.com/docs/services/databases-for-postgresql?topic=databases-for-postgresql-external-app
You have to add all the nodes accessing Postgres to pg_hba.conf file in the postgres server. For example,if the CIDR for the nodes connecting to Postgres is 192.168.1.0/24, then an entry like the following is required.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only local all all peer
# IPv4 local connections:
#host all all 127.0.0.1/32 ident host all all 192.168.1.0/24 trust
You have to find where to do this in IBM Cloud
So I been developing a web application which connected to a postgresql server on another machine. Everything works fine.
Then I deployed the web application to the the same machine running the postgresql server and got an error message:
FATAL: 28000: no pg_hba.conf entry for host "fe80::ccee:154f:18f5:418f%11", user "myuser", database "mydb", SSL off
My pg_hba-conf already has this line:
# IPv6 local connections:
host all all ::1/128 md5
Thats supposed to be the loopback address for ipv6 right?
I can fix it by adding this line(pure guessing):
#host all all fe80::/16 md5
I suspect this works by letting everyone connect?
So question is why would it use ipv6 instead of ipv4?
And why does the loopback not work?
When you connect using a hostname, one of the first things that happens is that libpq (the postgresql client library) will attempt to resolve the hostname. In most cases this will mean looking it up via DNS. Whatever address comes back will then be used for the connection.
I am guessing that in your case the address that the hostname resolves to is an IPv6 address. Your experiments with ping would seem to back up that assumption.
So, despite being on the same machine, it is connecting via the IPv6 address of the host. As far as the server is concerned, it sees the connection coming in from the IPv6 address of the host. This address is not ::1/128 (localhost) so it does not match that entry in pg_hba.conf.
One way to resolve this would be to change the connection string of your appication to localhost (or ::1/128, or even 127.0.0.1). That would cause the loopback entries in the pg_hba.conf to be selected.
If you were using a platform that supports UNIX domain sockets, and as you are connecting to the server on the same host, you would be better off to remove the host parameter from the connection string altogether. In that case libpq would use local UNIX domain sockets to connect to the server, which would be more efficient than connecting locally via an IP address anyway. However since you are using .NET that solution probably does not apply.