I have setup mongodb to listen on 27017 on 127.0.0.1 only. I need to keep it this way to have security on my database. Though i need to be able to connect to mongodb remotely using the Robo 3T. Is there any way to connect using the ssh connection to tunnel the connection to the localhost listening mongodb using my ssh credentials?
P.S. I kinda beginner to the mongoDB. Thanks in advance...
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
On Ubuntu server, to open mongo shell run:
$ mongo
Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser({user:"admin", pwd:"password", roles:[{ role: "root", db: "admin" }]});
By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1
Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabled
Save and exit the mongod.conf file and restart mongodb server.
$ sudo service mongod restart
Download and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
Yes, you can use SSH tunnel.
Go to: MongoDB Connections (Ctrl + N) > Create / Edit > SSH tab
Just achieved that
No need to change nothing in your mongodb settings
In robomongo use localhost:27017 as you db address
In SSH tab add your login details.
Related
I just installed MongoDB 4.4 on Ubuntu 20.04. Now, I want one user with a password to have full access (create database, write to it, delete it, etc.) over TCP port 27017. How can I do this?
First, I changed 127.0.0.1 to 0.0.0.0 in /etc/mongodb.conf.
Then, I created a new user:
$ mongo
use admin
db.createUser({user:"admin",pwd:"foo",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})
Then, added these lines to /etc/mongod.conf:
security:
authorization: enabled
Then, restarted it:
$ sudo service mongod restart
Finally, I was able to connect to it both from the server and remotely (after adding TCP port 27017 to the list of inbound rules of my AWS EC2 security group):
$ mongo localhost:27017 -u admin -p foo
I'm trying to use Robomongo (or Robo 3T) under Mac to control my mongodb in the remote Ubuntu & Nginx server.
Normally, I need to ssh xxx.xx.xx.xx in a terminal with a username and a password to connect to the server. in /etc/nginx/sites-enabled/myweb.io, there is listen 443 ssl.
In Robo 3T, I tried to set up the connection with Use SSH tunnel. I tried the port number 443 or 80. But it gave me an error: Error: Resource temporarily unavailable. Error when starting up SSH session: -13. (Error #35)
Does anyone know how to fix this?
The correct setting is
1) under SSH, check User SSH tunnel, use port 22
2) and under Connection, write 127.0.0.1:27017
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
On Ubuntu server, to open mongo shell run:
$ mongo
Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser({user:"admin", pwd:"password", roles:[{ role: "root", db: "admin" }]});
By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1
Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabled
Save and exit the mongod.conf file and restart mongodb server.
$ sudo servcie mongod restart
Download and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
Connect to remote MongoDB using Roto3t
Firstly, we should check the standard URI connection scheme
for mongodb
mongodb://[username:password#]host1[:port1][,...hostN[:portN]]][/[database][?options]]
We make a SSH Connection to the remote MongoDB on Cloudfoundry
in my case
cf ssh -L port_forwarding:HOST_NAME:Port NAME_OF_APP
(1) In the Connection tab in Robo3T we choose
Type: direct connection
Name: choose_any_connection_name
Address: localhost and port is 'port_forwarding' we choose in the SSH connection we made.
(2) in the Authentication tab, we should add database, username, password, and Auth Machanism: SCRAM-SHA-1
(3) in the SSH Tab we will uncheck use SSH tunnel as we made it manually.
Now, if you click test the connection should be successfully done.
Note: If we use Studio 3T it will parse the URI and fill all these fields for us.
I installed MongoDB 3.2.4 on CentOS 7. I keep the default configure except comment the bindIp: 127.0.0.1 to access the db via 3T MongoChef 3.4.1 from local machine.
I create two new users for db admin. One is root and one is userAdmin.
I tried to access the db via 3T MongoChef but failed. If I leave the Authentication none, I would get this:
But if I set it :
then I get:
I have no idea how to fix this. Please help.
It seems like commenting the bindIp out is not enough to change the allowed inbound connections for mongod. Try to change it to 0.0.0.0 instead.
Also, check this post out: mongodb.conf bind_ip = 127.0.0.1 does not work but 0.0.0.0 works
Regards
In the production environment, lock the IP down to white list server and don't open up using `
0.0.0.0
To Whitelist IPs, modify the mongod.conf
vim /etc/mongod.conf
Add the IPs in the following format
[x.x.x.x,x.x.x.x]
Ex.
Save and cycle the Mongod
In RHEL;
systemctl restart mongod
I have a MongoDB database on my Linux server. I want to access it from another server. I tried to make a connection from my local computer with the Robomongo. The connection is succesfull, but the authentication fails.
How can I get the authentication credentials? Or should I change something in MongoDB before I can acces the database from another server / pc?
Someone else have set up this database, and there is no possibility to ask him this questions.
I have found the solution by my self:
The File etc/mongod.conf has a line 'bind_ip'. In this line, you originally have to add the IP address which you want to access your database. But, it don't work! You should better comment this line.
But, you don't have any authentication now, so you have to add authentication. Here you have an tutorial about this: http://ghosttx.com/2012/03/how-to-connect-to-a-remote-mongodb-server-with-mongohub-for-mac/
When you have done that, you have to enable authentication. You can do this by editing etc/mongod.conf again, and uncomment the line 'Auth = true'.
Now you can connect with you Mongo Database ;)
Ive sorted it by adding ssh option to RoboMongo following this link:
http://www.mongovue.com/2011/08/04/mongovue-connection-to-remote-server-over-ssh/
Im on OSX and connecting to Ubuntu 14 / Mongo 2.6.7 on VPS and when Ive added my ssh details to the Robomongo all seem to work ok (Ive also changed the mongo config to remove the ip_bing and enabled port 27017)
If you do not like to bother with authentication and stuff just make an SSH Tunnel:
ssh -fN -l username -i .ssh/id_rsa -L 9999:localhost:27017 remote.com
Just connect to mongodb on localhost:9999 and it will establish a connection to your mongodb on port 27017 on your server at remote.com.
Run your mongodb with following command to access mongodb from other servers
mongod --port 10945 --bind_ip 0.0.0.0
I was not able to use Robomongo with MongoDB 3.0 too (connecting from a Windows machine to a Linux one, using SSH). The only tool that works for me is MongoChef (http://3t.io/mongochef/).
we have an EC2 MongoDB 2.4 instance from Amazon MarketPlace.
when i try to access it from my computer using the mongo command like so:
mongo xx-xx-xx-xx-xx.compute-1.amazonaws.com
i get the following error
Error: couldn't connect to server xx-xx-xx-xx-xx.compute-1.amazonaws.com:27017 at src/mongo/shell/mongo.js:147
exception: connect failed
i can connect to the remote instance using ssh so it is reachable.
the port is the default port 27017.
mongod is running and working on the remote instance.
any suggestions on how to fix this?
As frisky said, you have to open the port 27017 at the EC2 Security Group Console.
(To know more about how to do that: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html)
But you also need to change the bind_ip variable at the /etc/mongodb.conf file. You need to comment the line or assign the ip that will be able to connect the DB to it.
The following two steps enabled the remote connection for me:
Opening the inbound rould for my VPC at port 27017
VPC -> Security -> Security Groups -> choose your instance's TCP roule -> click "Edit Rules" -> add a rule with Type: "Custom TCP Rule", Protocol: TCP, Port Range: 27017, Source: Custom 0.0.0.0/0 -> save
SSH into your instance -> sudo vi /etc/mongod.conf -> set bindIp: 0.0.0.0 -> save -> sudo service mongod restart
After that you will be able to connect into you remote mongo instance with mongo --host YOUR_INSTANCE_IP
Since mongod is running and working on the remote instance, you can access your MongoDB content via
mongo xx-xx-xx-xx-xx.compute-1.amazonaws.com or
mongo machine_elastic_IP
Before that you need to open Inbound port for that machine.By-default port 27017 is closed for external world.
For more info refer : http://docs.aws.amazon.com/gettingstarted/latest/wah/getting-started-security-group.html
Amazon created mongo security group without 27017 open.
opening port 27017 to my pc fixed the issue.
Try to access xx-xx-xx-xx-xx.compute-1.amazonaws.com:27017 from browser, if it works then ssh into the instance.
Stop the mongodb server
Remove the file /var/lib/mongodb/mongod.lock
start the mongodb server again, and check if typing mongo takes into a mongo shell or gives any error.
If the error is present, exit from the instance and again ssh to check for $mongo, if it opens a mongo shell. Try a reboot after this changes if the error still exists after the above changes.
The only concern here is, before accessing it from any application. Mongodb should work independently in the terminal.
EC2 controls access using security group, so make sure that box accessing mongo db host is in the security group allowed to access this box and port is enabled for the same security group.
Another problem can be iptables. Check sudo service iptables status on the mongodb box and see what are the rules there.
Make sure there you enable appropriate ports as per security requirement of the box.