I am, for the first time, attempting to set up an application on a remote/cloud VPS (I am using Digital Ocean if it matters). I am attempting to create an SSH tunnel from my client to the remote database. As this is not something I have attempted before, I referenced this, this, and this.
After looking over the articles, I ran the following on my client/local machine:
ssh -L 5433:localhost:5432 user#REMOTE_IP
then I tried to connect:
psql -h localhost -p 5433 postgres;
However, I receive the following error:
psql: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5433?
To my knowledge, my pg_hba.conf (on the remote server) is the default:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
I changed "listen_addresses" in postgresql.conf to *
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
I also tried substituting 127.0.0.1 forlocalhost with no success.
Any advice would be appreciated; SSH tunnels and the like are not something I am familiar with.
Thanks.
EDIT:
Per #drdaeman excellent advice, I ran the following:
sudo ssh -N -vvv -L 5433:localhost:5432 user#host
The last few debug lines are as follows:
debug1: Local forwarding listening on 127.0.0.1 port 5433.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
Output from sudo netstat -ltpn | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 5835/postgres
It stops there, unresponsive to any commands.
Thanks for any direction.
Based on your description, everything looks OK to me - don't see where the problem is, but the commands you're running and your configuration looks correct. Here are the general steps you can take to diagnose the issue:
First, check if your PostgreSQL server is actually listening. On your server, run this:
$ sudo netstat -ltpn | grep 5432
(Or you can use ss -ltpn from iproute2 instead of older netstat)
If you don't see anything, it means no process is listening on tcp/5432. You can try to see if PostgreSQL is listening anywhere at all:
$ sudo netstat -lpn | grep postgre
If it doesn't - check whenever your server is actually running (depends on the OS and distribution, but check ps aux output first) and check your server logs (probably in /var/log) if you see any problems there.
Then, make sure you don't accidentally run psql on your server (when you SSH, it also opens the shell session unless you specify the -N flag). You need to run it on your local machine ;)
Then, you may also consider adding -v (or even -vvv) to your ssh command - it'll spew a lot of useful debug information, e.g. a normal operation looks like this:
debug1: Connection to port 5433 forwarding to localhost port 5432 requested.
debug1: channel 3: new [direct-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 5433 for localhost port 5432, connect from ::1 port 60039 to ::1 port 5433, nchannels 4
If you see something like channel 3: open failed: connect failed: Connection refused instead, this means PostgreSQL had refused the connection - and you need to check its logs for the reasoning - possibly, after enabling log_connections and log_disconnections in the config (don't forget to reload the configuration).
Related
I have set up Postgresql on a remote server, and for some reason I cannot connect to the 5432 port on the server even after opening up the port, deactivating firewall, etc.
I have checked that the database is listening to all addresses with
listen_addresses = '*':
postgresql.conf:
SHOW listen_addresses:
changed pg_hba.conf:
checked that port number 5432 is open and listening with
netstat -nlp | grep 5432
checked that firewall is inactive with sudo ufw status
and still I get Operation timed out error message after performing both
nc -v [ip_address] 5432
watch "nc -v [ip_address] 5432"
Can anyone tell me what I can do to enable connection to the remote server from external network?
I'm struggling to enable remote connection on Postgres running on Ubuntu. I've done the following steps:
Opened up the firewall; running sudo netstat -ntlp | grep LISTEN gives me:
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2947/postgres
Added in listen_addresses to postgresql.conf:
listen_addresses='*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
Added in the connection table in pg_hba.conf as follows:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
I can connect locally but I cannot connect remotely; not even connecting via telnet works. It just says connection refused. Has anyone got an idea as to the cause of the problem?
Thanks.
Cheers,
Neil
Restart postgres
Check if it's listening on all interfaces
# netstat -lnp --tcp | grep postgres
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 6096/postgres
Add host line to pg_hba.conf:
host all all 0.0.0.0/0 md5
Add a password for your user
$ sudo -u postgres psql
postgres=# \password username
Please read before replying it as duplicate (as it perhaps can happen). I am running my postmaster (postgres) server. See below for 'sudo netstat -anp|grep 5432' output?
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 29606/postmaster
unix 2 [ ACC ] STREAM LISTENING 1650581 29606/postmaster /var/run/postgresql/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENING 1650582 29606/postmaster /tmp/.s.PGSQL.5432
I am able to connect from localhost using
psql -h localhost (OR 127.0.0.1) -d <DB> -U user -W
But when I try to connect from other hosts using tcp, by specifying
psql -h ip_add_postmaster -d <DB> -U user -W
It throws:
psql: could not connect to server: Connection refused
Is the server running on host XXXXXX and accepting TCP/IP connections on port 5432?
What's wrong here?
pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
In postgresql.conf,
listen_addresses = 'localhost, 127.0.0.1, ip_add_postmaster'
Note: ip_add_postmaster is same as my Elastic IP and not public DNS. If this information
matters.
What am I doing wrong here? Machine is hosted on Amazon EC2 and have open the port 5432.
As your netstat output indicates, it's listening at 127.0.0.1:5432 which is localhost. That is only connectable from localhost ;)
Set listen_addresses='*' in your config and it will work.
[edit]
Other things to check:
is the amazon firewall blocking anything?
is iptables blocking anything?
But first make sure the listening address is correct, your netstat output shows that it won't work like this.
listen_addresses='localhost, private_ip' fixed the issue. I was not able to start postmaster server on elastic IPs. Once postgres server started o localhost and private IPs, I was able to connect.
One other issue I have found was if you end up with two Postgres installations, the second one can choose non-default port (in my case it was 5433 i/o 5432). So checking the port in postgresql.conf might be a good idea.
I ran into this issue and tried all sorts of fixes I found across SO, and want to add a simple solution that worked for me after realizing it had to do with permissions in my case.
Simply, if you're running a psql server on Windows, you are initially restricted to the default postgres superuser for logging in, launching the server, and so on.
So, first try running from the command line:
psql -U postgres -h localhost -p 5432
and enter your password at the prompt. If you've managed to login and the server is up, then it was a permissions issues. From here, you can create a role for yourself that has login privileges to whatever database you are trying to run.
If the error persists, then consider checking postgresql.conf as mentioned above, to make sure default IP is set to * or localhost, and the port set to 5432 or whatever port you want as default.
I also ran into the same issue. On debugging, it was nothing related to the port, but due to some missing directories in the Postgres folder.
While updating Mac OS (from 10.13.1 -> 10.13.13), some folders in the directory /usr/local/var/postgres/ gets deleted. The fix was the adding the missing directories:
mkdir /usr/local/var/postgres/pg_tblspc
mkdir /usr/local/var/postgres/pg_twophase
mkdir /usr/local/var/postgres/pg_stat
mkdir /usr/local/var/postgres/pg_stat_tmp
mkdir /usr/local/var/postgres/pg_replslot
mkdir /usr/local/var/postgres/pg_snapshots
mkdir /usr/local/var/postgres/pg_logical/{snapshots,mappings}
I want to connect to postgresql from another server but occur below error. i search and find some result like below but after do these again error occured
in postgresql.conf change listen_addresses from localhost to *
in pg_hba.conf change 127.0.0.1/32 to 0.0.0.0/0
reboot server
Error:
could not connect to server: Connection refused.Is the server running
on host "Ip Number"
and accepting.TCP/IP connections on port 5432?
I suggest that you should do as the following steps.
Check your PostgreSQL SERVER is running.
Check the listen_addresses parameter ( postgresql.conf )
Check the port number of your postgresql ( The port parameter of
postgresql.conf )
Check your the firewall policy of your database server , set
that allow the port of your postgresql.
If you want to connect your db from another server, may be you
shoud set the pg_hba.conf as following :
# TYPE DATABASE USER CIDR-ADDRESS METHOD
local all all trust
host all all 0.0.0.0/0 md5
Try to check if the network traffic reaches the server. You can sniff the network traffic to see what happen. Meassure on client and server and check the communication.
sudo tcpdump -A -n -s 0 -w test_on_client.log port 5432
After you try your connect stop tcpdump with CTRL-C and inspect the log file with Wireshark.
This procedure will find every network connection problems.
I have a VM set up with Vagrant that has Postgres running on it (on port 5432), forwarded to port 8280 on the host machine.
I have set the password for the default user and I can connect locally just fine.
I have been trying to set up access from the host machine over port 8280, and I have been unable to get it working with 'MD5' as the trust method.
I have set up postgresql.conf to listen on all addresses:
# postgresql.conf
listen_addresses = '*'
and I have configured pg_hab.conf as follows:
# pg_hab.conf
#TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 0.0.0.0/0 md5
With all of these settings, if I run the following command from my host machine:
psql --host=127.0.0.1 --port=8280 --username=postgres -d mydb -c '\l'
I am prompted for the password, and then I get:
psql: FATAL: password authentication failed for user "postgres"
If I then change the METHOD from 'md5' to 'trust' I'm not asked for a password and I can connect as expected. My question is - why can't I connect using 'md5', which is what I want to be able to do? I know that the password I am entering is correct (I have changed it), but for some reason it isn't working.
I had the same exact problem. The issue was on the host side, basically the firewall was blocking the port I was using. So this is what I did (I am using OSX Mavericks)
Open the port (Host)
sudo ipfw add 7000 allow tcp from any to any dst-port 7001
Modify Vagrantfile in order to allow portforwarding
config.vm.network "forwarded_port", guest: 5432, host: 7001
Edit postgresql.conf (Guest)
listen_addresses = '*'
Edit pg_hba.conf (you might want to tune this better)
host all all 0.0.0.0/0 md5
Now, from the host connect normally using the port (in my case 7001) and 'localhost' as host address
You need to set a password for the postgres user. It does not have one by default, so you cannot connect.
ALTER USER postgres PASSWORD 'somepassword';
Your local connections probably work because they're using unix sockets with peer authentication, not TCP/IP. If you use:
psql -h 127.0.0.1 -U postgres postgres
on the VM, you'll probably find that that fails too, because you're actually testing TCP/IP based connections now.