I'm currently attempting to create a read-only user in MongoDB for a grader. The MongoDB instance is hosted remotely on AWS EC2, and the security groups are all set up properly.
I can SSH onto the remote machine and authenticate with the read-only account there, like so:
# On remote machine
mongo -u <read-only username> -p <read-only-pwd> <database>
However, as soon as I try to connect to that same instance from my local machine using mongo, I encounter authentication errors.
# On local machine
mongo -u <read-only username> -p <read-only pwd> <host>/<database>
What gives?
The read-only user exists on <database>, and has "read" permissions.
Check that you're not trying to authenticate with the wrong machine.
I'm an idiot.
Related
I can access the remote PostgreSQL server in the lab from both the terminal and using pgAdmin4 when connected to same private network.
From Terminal:
PC:~$ psql -h 193.13x.xx.xx -U myusername -W dbname
#then password after prompt
Using pgAmin4:
Host name/address: 193.13x.xx.xx
Port: 5432
Maintainance database: dbname
Username: myusername
Password: *******
However, when I switched to another network eduroam, I can only connect to the remote server via the terminal, not from pgAdmin4. So it is not very easy to work away from the lab.
Is there a workaround to enable connecting via pgAdmin4?
I can only connect to the remote server via the terminal, not from
pgAdmin4. So it is not very easy to work away from the lab.
Is there a workaround to enable connecting via pgAdmin4?
Yes. The generic answer to that is: use an SSH tunnel. It's very usual when you cannot access directly a database from outside a certain network, which appears to be your case based on the error message in the comments.
If you need specific advice for pgAdmin4, consider searching for "pgadmin4 ssh tunnel", there are many tutorials available online.
Normally, I would create create postgresql user like this.
sudo -u postgres psql
create user deploy_sample with password 'secret';
create database deploy_sample_production owner deploy_sample;
I tried to create the user through ansible script with this task
- name: Create database user
become: yes
become_user: postgres
postgresql_user:
user: user123
password: password123
encrypted: yes
state: present
This does create a user but i cant login using the creds.
I tried to login with this command psql --username=user123 --password. I get peer authenticate failuer error.
Ansible configuration looks correct, and may have nothing to do with the problem.
By the message we can see that it is trying to login with the Peer authentication method. This means that the O.S. user is being used to connect to the database instead of the provided password (see: https://www.postgresql.org/docs/10/auth-methods.html)
Two things you should look at:
How is your auth method configuration?
It is in the file: {data dir}/pg_hba.conf
It is possible that all local connections are configured to use peer (notice that are two types of local connections, one is called local = connection through unix socket, the other is host 127.0.0.1/32 = using network to reach localhost).
I would change the second one to use md5 method, this way you will be able to connect with user/pass using network, but still use peer for local connection - useful for the system user postgres
Connect with the application user using network
psql --username=user123 -> PSQL program will try to use local connections by default, meaning that the Peer authentication is used. You probably don't have the user user123 on the system so this will fail!
psql -h localhost --username=user123 -d <database> -> This way you will connect to local machine using network, thus allowing to authenticate with password.
I have a Bitnami MEAN instance running on EC2. After much finagling, I've been able to successfully connect to the DB using the local shell. I created authenticated users with all of the permissions necessary to access the data, and when I run the below code -- I am able to access the DB with no problem.
sudo mongo admin -u <USERNAME-p <PASSWORD>
That said, when I try to repeat this using a remote connection I am repeatedly given an "auth failed" error from MongoDB.
mongo <HOST>:<PORT>/<DATABASE> -u <USERNAME> -p <PASSWORD>
...
This is strange because I am using the exact same credentials as I do in running the local shell. The only difference is I'm including the host and port information. I've since also confirmed that my remote connection DOES work if I disable the auth parameter in mongodb.config.
mongo <HOST>:<PORT>/<DATABASE>
Obviously, in production I want to be able to authenticate. Do any of you have suggestions as to why there is a discrepancy between remote and local authentication?
I was facing the same issue.
The problem for me:
My local mongo shell was v2.6.10. It uses an authentication method called MONGODB-CR that has been deprecated.
My server version is v3.0.4. It uses an authentication method called SCRAM-SHA-1.
Try to check your local shell and remote server versions with:
mongo --version
mongod --version
If they are different, upgrade your local shell to v3. (I had to uninstall and install it again.)
I had previously be installing MongoDB version 3.2.12 and was able to connect to a remote instance using:
mongo -u ‘<USERNAME>’ -p ‘<PASSWORD>’ --host <REPLICA_SET>/<HOST>:<PORT> admin
I am creating a new cluster with version 3.4.2 and was not able to connect with the same command. After trying many different options I was finally able to figure out that I needed to add --authenticationDatabase before the admin database.
mongo -u ‘<USERNAME>’ -p ‘<PASSWORD>’ --host <REPLICA_SET>/<HOST>:<PORT> --authenticationDatabase admin
If you're using more recent versions of MongoDB (server version 4.2.6 / shell version v3.6.9 in my case) you don't have to force them to match like in #Alexandre's example. For instance, if you're getting this error:
[thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1608:20
You can connect with this syntax:
mongo --host mongodb://username:password#IP:PORT/ --authenticationDatabase admin
Install the same version both on the server and on the client solved the problem for me.
As #Alexandre explained above, it is probably a problem of password encryption.
MongoDB version 3.2.7
I tried successfully with the two methods:
mongo --host "your_host" --port "your_port" --username "your_user" --password "your_pass" --authenticationDatabase "your_admin_db"
mongo "your_host:your_port/your_db" --username "your_user" --password "your_pass" --authenticationDatabase "your_admin_db"
Besides, make sure that your server is available for remote accesses. See details about net.bindIp at https://docs.mongodb.com/v3.2/reference/configuration-options/
This is mainly due to security reasons.
When you have access to the local environment, it is easy to supposed that you are an administrator of the system or a developer because you have access to the machine itself.
If you don't have access to the local machine, you can't guarantee this, and since a database security is really important (in most cases), it makes sense not to enable remote access. You can, of course, disable this, but it is not recommended.
Hope I helped.
Just in case someone bumps into the same problem, the authenticationDatabase is only required if you created the user in ANOTHER database. If you create the user in the database you connect to, no problems.
So be careful : use then create user .
If you happen to create your user in the admin database then yes you need the authenticationDatabase flag.
On the Server
I have the Mongod instance running on my server.
I created a User on admin, using which I created a user with readWrite role on the database that I wanted to access.
Updated the mongo /etc/mongod.conf file:
commented out the bind ip
uncommented auth=yes
Restarted Mongod using sudo service mongod restart
On the Client:
The db.auth(user,pass) command works fine on the remote server, but shows auth failure on the client (my home system).
I made sure that I was using the correct database with the use myDb command.
PS. I am able to connect to the mongo server using the mongo xx.xx.xx.xx:27017 command. But unable to Authenticate.
Please help. Mongo v3.0.3.
I am trying to connect Tableau to a postgres DB using a SSH tunnel. The steps I have taken are
Install postgres drivers (32 bit) on my desktop
Create the tunnel in putty (tunnel L5432 127.0.0.1:5432) and open up the terminal
From this session I can run Postgres from the command line psql -d mydb -U myuser
However, when trying to connect using Tableau I get the error message "Invalid username and Password"
If I try to connect to a DB that doesn't exists I get the same error message "Invalid username and Password"
I have also created a psql user with superuser privileges but no success. Note that the username for the ssh tunnel and the psql db are different.
I have seen a number of posts on the forum with no solution.
Can anyone help? Thanks.
Roger
I met with the same question, with slight difference, I didn't use PuTTY but instead using Cygwin Autossh.
The answer is that two tunnels need to be built, first an ssh tunnel from local host to server, and then from the server port to the database port. A possible solution is to set up ssh tunnel like this:
5432:localhost:5432 username#hostserverdomain
The first 5432 is the local port(Tableau or PGAdmin), the second localhost actually refers to the server(cuz once log in localhost means the server itself), the second 5432 is the database on the server. And in order to get access to the database, one has to log in the server.
The above is just the syntax to connect thru two tunnels using ssh.
At first I didn't understand what Roger means by two tunnels, and then I look into the underlying methodology and finally got all the setup work done. Thanks Roger!