I am trying to run some postgresql commands through a fabric script. When I execute the script I get:
out: psql: FATAL: Peer authentication failed for user "sparc2"
This is how my pg_hba.conf file looks like:
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
# added
local sparc2 sparc2 md5
host sparc2 sparc2 127.0.0.1/32 md5
host sparc2 sparc2 10.0.2.2/32 md5
host all all all password
I have also modified the postgresql.conf file with adding this line:
listen_addresses = '*'
After applying the changes I restarted postgresql. But the error is still the same.
PostgreSQL has 2 connection entry points:
TCP/IP (host in pg_hba.conf)
Unix sockets (local in pg_hba.conf)
Your server is configured to use peer auth which works only for Unix sockets, and means - ask the kernel if the OS username matches DB username.
You have following options:
change pg_hba.conf to use md5 auth for local socket connections, or
change connection settings in your script to use IP connection (127.0.0.1 should work) instead of socket connection. [ This may not require editing the files - sometimes setting PGHOST variable is enough ], or
make your script to run from OS user sparc2, not postgres.
Risks / drawbacks
if you change peer to md5, some automation scripts that run from "postgres" OS user, and rely on "peer" auth, will stop working. They will start asking for password
if you change peer to md5, and forget database superuser password, you may have to re-enable peer auth to reset it.
In general, the "peer" auth is OK. Ease and security of kernel-based local auth is the reason why many distributions choose it for local admin connections. It is useful especially on multi-user shell servers. You can disable it for selected accounts only:
#CHANNEL DB USER METHOD
local all sparc2 md5
local all all peer
More details: here and here.
Related
We use PostgreSQL for our database of Speedy Net. I had a production server with PostgreSQL 13, and I backed up my database with the following command:
pg_dump -U postgres -h localhost "speedy_net" | gzip > <file_name>.sql.gz
It worked with PostgreSQL 13, but recently I upgraded my server to Ubuntu 22.04.1 LTS and PostgreSQL 14. I loaded the database from SQL and everything works properly, but now I can't backup the database - I get the following error message:
pg_dump: error: connection to server at "localhost" (::1), port 5432 failed: fe_sendauth: no password supplied
Now, something has changed in the configuration file from PostgreSQL 13 to 14. In PostgreSQL 13, the file /etc/postgresql/13/main/pg_hba.conf was:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
And in PostgreSQL 14 the file /etc/postgresql/14/main/pg_hba.conf is:
# Database administrative login by Unix domain socket
local all postgres peer
local all speedy_net trust
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256
Notice, the line local all speedy_net trust is new. Is this line causing problems? I had to add it because otherwise I couldn't load the database from SQL.
Do you know how I fix it so that backups will work? If I run the command pg_dump -U postgres -h localhost "speedy_net" manually I get prompted for password, but there is no password and it worked with PostgreSQL 13.
Maybe I need to change the password? How do I do it?
The line that is causing the problems in the new file is
host all all ::1/128 scram-sha-256
That requires you to supply a password. You have two choices:
Use a different authentication method. trust would allow you to login without a password (since you are using it with “localhost” in IPv4, why not with IPv6?). If you don't want that, certificate authentication would be an option.
Create a password file on the new machine. Since you forced password authentication on the old machine, that's probably what you used there.
So I'm editing my original post and reducing it a bit.
I have a server running Ubuntu 22.04LTS and postgresql 10. I have installed an application on it that requires access to the dbase via it's own dbase user, password and the dbase "gitea".
I created a user "gitea" with a password in postrgesql and I can access it locally using the following command:
psql gitea gitea
My pg_hba.conf file is:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
host all bugs 127.0.0.1 255.255.255.255 md5
host all gitea 127.0.0.1 255.255.255.255 md5
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256
So why does this allow me to access the dbase without a password? Is it an easy change to make sure that the user "gitea" always has to use a password whether it's local or remote?
Cheers!!
I get following error when I try to connect using Beekeeper-Studio :
no pg_hba.conf entry for host "105.104.156.80", use"sdgij;sdhfhhuih", database"uhoidfgiosdff", no encryption
Here is my pg_hba.conf file:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
Your database server is only accepting connections from local clients:
host all all 127.0.0.1/32 md5
You need to add a line to pg_hba.conf that allows connections from your local network, something like so:
host all all 105.104.156.0/24 md5
But you should be VERY cautious with making changes to pg_hba.conf as you can let in hackers on your server if not careful. See the documentation for details. In particular, you should reduce the allowed address range, the database to connect to and possibly the list of allowed users.
When ever I am trying to run psql in the command line, it is asking for a Password: .
I'm not too sure what the username and password is.
I installed postgresql by brew install postgres
pg_hba.conf
# the database superuser. If you do not trust all your local users,
# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication AustinTruong trust
#host replication AustinTruong 127.0.0.1/32 trust
#host replication AustinTruong ::1/128 trust
Let me know if there is any confusion in my question.
Edit
In other posts, it mentions if I change pg_hba.conf file to local all all trust, I shouldn't require a password. But it is still requesting for a password.
When I run brew info postgres
I've followed the steps from Postgresql: password authentication failed for user "postgres", but i'm still having the same issue. I added the line
local all postgres ident
If you want to create a new database account from you own OS account use:
/usr/local/bin/createdb someusername
See if this works.
Also this other SO Question might help.
Edit:
Use brew info postgres for more information about your version.
I'm trying to deploy my Rails application through Capistrano 3.
On my own server everything was working but with my new one, I have some problem to access to the database :
DEBUG [05c115bf] FATAL: no pg_hba.conf entry for host "ip.address.of.the.server", user "postgres", database "my_database", SSL on
DEBUG [05c115bf] FATAL: no pg_hba.conf entry for host "ip.address.of.the.server", user "postgres", database "my_database", SSL off
I know that the problem comes form pg_hba but I cannot find where exactly.
This is what I've tried :
# Database administrative login by Unix domain socket
local all postgres md5
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
hostssl all all ip.address.of.the.server/24 md5
hostnossl all all ip.address.of.the.server/24 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
Currently I'm blocked at this point.
put real IP address of the server with which you want to connect instead if ip.address.of.the.server for more info visit pg_hba.conf
The problem came from my deploy.rb where I made a mistake on the host... Simply.
After hours of researches, this problem is finally fixed. Thank you for your help.