I have a database in www.myweb.io, which has SSL. The version of mongo is 2.6.12 in the server: the version of mongo in local is 3.4.1. I want to dump it into my local machine, modify it, and then restore back.
I tried
mongodump --host www.myweb.io --port 22 --username myname --password "mypassword"
and it gave me an error:
2017-11-20T20:57:07.775+0100 Failed: error connecting to db server: no reachable servers
Does anyone know what host and post I should set?
PS: in my localhost, I can use the following setting in Robo 3T to connect to the database:
1) under Connection, specify localhost:27017
2) under SSH, check Use SSH tunnel, specify xxx.xx.xx.xx:22 as SSH Address
In /etc/nginx/sites-enabled/myweb.io, there is listen 443 ssl.
you are not connecting via SSL or TLS to the database.
Use an ssh tunnel to establish a connection to your mongodb
ssh -N -L 27018:localhost:27017 user#www.myweb.io
you can specify -f to let ssh go in the background
Verify that the tunnel is working
Using mongodb
mongo --port 27018
Or telnet
telnet localhost 27018
dumping the database
mongodump --host 127.0.0.1 --port 27018 --db <dbName>
restore it somewhere, do your modifications
dump your local modifications
reapply the local modifications remote for example with mongorestore or mongoimport
Related
I am trying to setup an SSH tunnel to a mongoDB cluster hosted In Atlas. I setup the tunnel with the below command
ssh -i <key_file> -N -L <localport>:<atlas_node_hostname>:<atlas_port> <remote_user>#<remote_ip>
And added the atlas_node_hostname in
/etc/hosts
From the machine where I created the SSH tunnel, I can connect to atlas db with the atlas_node_hostname mentioned in the string.
mongo --ssl "mongodb://<username>:<password>#<atlas_node_hostname>:<ssh_tunnel_local_port>/<db_name>?authSource=admin"
But I want to connect using 127.0.0.1 instead of the atlas_node_hostname, this is so that I can give devs access only to the machine where the tunnel is running and they can connect to the DB.
mongo --ssl "mongodb://<username>:<password>#<127.0.0.1:<ssh_tunnel_local_port>/<db_name>?authSource=admin"
But with the above attempt I get the below error
Error: couldn't connect to server 127.0.0.1:27779, connection attempt failed: SSLHandshakeFailed: The server certificate does not match the host name. Hostname: 127.0.0.1 does not match SAN(s): *.345ed5412fd76fb84cd13794.utkqs.mongodb.net, *.utkqs.mesh.mongodb.net, *.utkqs.mongodb.net, CN: *.utkqs.mongodb.net :
Is there any way I can get it working with the 127.0.0.1 instead of giving the atlas_node_hostname? Or any tool that can proxy Atlas MongoDB?
MongoDB is running on remote machine which is accessible through my machine. I try to give the command in my machine
telnet "remote machine ip" 27017
It can able to connect.
But if I connect in the client by giving this command
mongo "machine ip" --port 27017 -u sample -p sample --authenticationDatabase admin
I am getting "Authentication failed" error.
But using that user name and password I can able to connect in remote machine. also in mongod.cfg file enabled the property "bindIpAll" as true.
is there any point I am missing here?
When you get an "Authentication failed" error, then you are already connected MongoDB.
You must put db address to the end or specify as option, i.e.
mongo --port 27017 -u sample -p sample --authenticationDatabase admin "machine ip"
or
mongo --host "machine ip" --port 27017 -u sample -p sample --authenticationDatabase admin
c:\>mongo -h
MongoDB shell version v4.2.0
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
foo foo database on local machine
192.168.0.5/foo foo database on 192.168.0.5 machine
192.168.0.5:9999/foo foo database on 192.168.0.5 machine on port 9999
mongodb://192.168.0.5:9999/foo connection string URI can also be used
I need to use terminal to connect to MongoDB. I have almost precisely same issue as this StackExchange question.
In my case I can correctly use Robo3T to connect. As well as use command
mongo --host 111.111.111.111 --port 111 --authenticationDatabase DB --username USER --password PASS locally. With same command executed remotely I receive following error:
No connection could be made because the target machine actively refused it.
I wanted to precisely recreate my Robo3T connection setup to see if SSH tunnel solves my issue
I have a Lightsail AWS instance up and running with a MEAN stack. I have an existing MEAN stack running on a different network. At the moment the node server.js connects to localhost for the mongo bit (on same machine) and all I want to do is replace the localhost with a connection to my mongo running on my AWS remote server.
I understand, that for security reasons, it is best to ssh tunnel this connection, which I think I am familiar with.
What I have done so far is this:
In a console on the machine hosting the node server (remote to the db) I have run:
ssh -L 8181:127.0.0.1:80 -i ~/LightsailDefaultPrivateKey-eu-west-2.pem bitnami#31.16.56.125 -N
I can then browse to the RockMongo UI from the local machine using localhost:8181/rockmongo ...yay.
If I then run the following:
ssh -L 8181:127.0.0.1:27017 -i ~/LightsailDefaultPrivateKey-eu-west-2.pem bitnami#31.16.56.125 -N
(27017 being the mongo port)
Then try and access the db from my remote machine using:
mongo --username XXXXXX --password XXXXXX 31.16.56.125:8181/testdata
I get the following error:
~]
2017-12-28T22:11:09.791+0000 Error: couldn't connect to server 31.16.56.125:8181 (31.16.56.125), connection attempt failed at src/mongo/shell/mongo.js:148
exception: connect failed
Am I doing this wrong? i.e. is the tunnel only for http connections and not mongo command line use? Do I need to test the connection some other way?
I've Googled all over the place for this and not had much luck (a lot of the AWS docs suggest punching a hole in the firewall - which one can no longer do!)
OK I've (partially) solved this, there were a few things wrong.
1) The mongo client was 2.6 and mongo running on AWS was 3.4. Upgrading this solved some issues - in that I was getting a more meaningful error message.
One thing I did have trouble with is that apt-get seemed to perform an update, yet the version reported when issuing the mongo command was still 2.6.
To solve this I had to run sudo apt-get purge mongodb-org* (note the asterisk). Then perform the update.... If you need to do this then follow these instructions:
https://docs.mongodb.com/v3.2/tutorial/install-mongodb-on-ubuntu/
2) This command
mongo --username XXXXXX --password XXXXXX 31.16.56.125:8181/testdata
won't work as I've omitted 'admin' from it and not specified localhost!
but
mongo admin --username XXXXXX --password XXXXXX localhost:8181/testdata
doesn't work either and gives the following output.
2018-01-03T22:00:42.380+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: errno:111 Connection refused
2018-01-03T22:00:42.380+0000 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:229:14
#(connect):1:6
The only command I could get to work is:
mongo admin --username XXXXXX --password XXXXXX --port 8181
The default host is localhost, so in this case it uses the tunnel, this will also just connect to the test db, you can then admin from there.
What I haven't got to the bottom of is the specification of the host:port/db as an argument as per the output from running mongo --help
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
foo foo database on local machine
192.169.0.5/foo foo database on 192.168.0.5 machine
192.169.0.5:9999/foo foo database on 192.168.0.5 machine on port 9999
Getting mongodump and mongorestore work with security quite troublesome.
I have mongod v3.4.1 with requireSSL running at 192.168.99.100. It is IP address of VirtualBox docker machine running on my Windows. It is just for testing of-cause.
The instance already configured to use TLS/SSL both server and client signed with the same CA. I use the IP address for mongod Common Name to allow hostname validation. The authentication already enabled to accept my client certificate.
So everything is working. I can connect to it like this:
mongo --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem
but now I can't get both mongodump and mongorestore working:
mongodump --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem -d olddb
mongorestore --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem -d newdb --dir=dump/olddb
Both return this error:
2017-01-13T04:28:03.881+0800 Failed: error connecting to db server: no reachable servers, openssl error: Host validation error
I have been trying to turn off client certificate, use username/password but still did not work. I need to remove the SSL in order to make it work.
That means I can only use preferSSL in production.
There is no way to bypass SSL in localhost if I stick with requireSSL.
Anyone getting the same error? Is it a known issue?
Add this option to the command-line:
--sslAllowInvalidHostnames
Full connection sample:
mongo --host 192.168.99.100 --username luke
--password skywalker --authenticationDatabase admin --ssl --sslCAFile rootCA.pem --sslPEMKeyFile me.pem --sslAllowInvalidHostnames
First check your logs at path /var/log/mongodb/mongod.log
Also there is default path of SSL Certificates. And for unix based systems given an SSL certificate located at /etc/ssl/mongodb.pem
As per my understanding for this problem, i would say certificate path needs to be checked. SSL certificate is not located in your windows environment. Try adding full path of certificate.
Also look into this https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/
Happy coding