I have got the vagrant machine with Postgres on it. I need to connect with this database using some external tools (eg. pgmodeler, keetle).
So i start tunnel using:
ssh -L 5433:127.0.0.1:5432 vagrant#192.168.56.140 -i puphpet/files/dot/ssh/id_rsa
Then I try to login with command:
psql -h 127.0.0.1 -p 5433 -U postgres postgres
And I get an error:
FATAL: password authentication failed for user "postgres"
I'm a little bit confused because it used to work, and now it doesn't. I've tried to set user password but it didn't work. Where should i look for a problem?
You need to adjust the pg_hba.conf file of your postgres server to tell postgres from where connections for which users are allowed. In debian-like distributions you'll find this file in /etc/postgresql/9.1/main/pg_hba.conf.
When developing with vagrant i usually use the following entry in pg_hba.conf which allows all users to connect from everywhere without a password
# IPv4 connections from everywhere:
host all all 0.0.0.0/0 trust
NEVER USE THIS LINE ON A PRODUCTION SERVER
On top there is the following line in my Vagrantfile to forward the port
Vagrant.configure(2) do |config|
# more stuff
config.vm.network "forwarded_port", guest: 5432, host: 5433, host_ip: "127.0.0.1"
end
Do not forget to set the host_ip to localhost, otherwise postgres binds to all network interfaces of your local machine.
Related
I installed PostgreSQL on my server today and quickly took notes. I hope that I have compiled the answers I found for my question beautifully for you.
UPDATE PG_HBA.CONF
If you are using an ubuntu distribution, the file path should be this way.
I use the 10 version and use the ubuntu distribution. This path may differ depending on your operating system. Find this file on your system. etc/postgressql/10/main/pg_hba.conf Using nano, you can open it directly with the command.
nano etc/postgresql/10/main/pg_hba.conf
here are two settings we need to make.
# "local" is for Unix domain socket connections only
local all all md5
# Remote connections for navicat
host samerole all 0.0.0.0/0 md5
don't touch the others, should look like this in its final form.
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
# Remote connections for navicat
host samerole all 0.0.0.0/0 md5
UPDATE POSTGRESQL.CONF
Open this file with nano, find the line below and update it as follows.
nano etc/postgresql/10/main/postgresql.conf
listen_addresses = 'localhost'
change it
listen_adresses = '*'
The settings required for the translate remote connection to work are only related to these two settings. But if your system has a Firewall, we need to whitelist the ports for PostgreSQL like UFW. Let's do this when we say it.
$ sudo ufw status
When you check the firewall status, if it is active, you will see an output like this. If disabled, inactive appears.
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
5432/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
5432/tcp (v6) ALLOW Anywhere (v6)
This place is very important! Make sure you have ssh permission when activating UFW. I will always let this habit. If you do not do this, you need to login to the system with root and interfere with ufw settings. you kind of lock yourself up :)
Let's continue with UFW permissions.
$ sudo ufw allow ssh
$ sudo ufw allow 5432/tcp
We also gave the necessary permissions. Let's do one more check. Let's make sure our PostgreSQL password is default postgres. Because it's a nonsense by the way. Let's secure our business. Time is cash.
CHECKING THE DEFAULT USERNAME AND PASSWORD (postgres, postgres, postgres)
$ sudo -u postgres psql
\password postgres
\q
just restart the postgres service.
$ sudo service postgresql restart
NOW WE START THE NAVICAT SETTINGS
Open your Navicat application and create a new connection that selects the PostreSQL connection from the new connection tab.
Two setting steps are waiting for you in the connection you created. General and SSH settings.
I enter my default PostgreSQL information in General settings. Just like in the picture.
Connection Name: Your Connection Name
Host: localhost
Port: 5432
Initial Database: postgres
User Name: postgres
Password: postgres
postgres is default database, username and password !
Let's set the SSH connection settings as follows.
Host: your droplet IP
Port: 22 is defeault SSH port
User Name: root (default root login)
Authentication Method: Public Key
Private Key: /Users/username/.ssh/id_rsa
Passphrase: your passhrase
If we have made our settings for Navicat, we can now test our connection. Click the Test Connection button and see if we connect.
Congratulations !!!
I am trying to connect to Postgresql using the PGAdmin III client in Windows 8.1. Postgresql is installed in a local copy of Vagrant (Ubuntu 14.04) on my Windows machine. It's up and running on Vagrant:
LISTENING
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 814/postgres
VERIFIED USER/PASS/LOCAL CONNECTION
I can access Postgresql locally in Vagrant via SSH in Windows:
vagrant#precise32:/etc/postgresql/9.1/main$ psql -h localhost testdb myuser
Password for user myuser:
psql (9.1.15)
SSL connection (<removed)
Type "help" for help.
testdb=> \quit
PG_HBA.CONF
I added this to my pg_hba.conf file:
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all <my IP> md5
VAGRANT CONFIG
My Vagrant config is set to port forward to 5432:
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
config.vm.network "forwarded_port", guest: 5432, host: 15432
POSTGRESQL.CONF
And my postgresql.conf file is set to listen on all IP's:
#listen_addresses = '*' # what IP address(es) to listen on;
PGADMIN ERROR
So, what am I missing here when I try to connect as a guest via PGAdmin to the host and I get the following message, which indicates it sees it but something is not letting me through?:
An error has occurred:
Error connecting to the server: server closed the connection unexpectedly
This probably means the server terminated abnormally before or while processing the request.
PGADMIN CONNECTION INFO
Host: localhost
Port: 15432
Service: <blank>
Maintenance DB: postgres
Username: Myuser (verified)
Password: ****** (verified)
Store password:
Colour: <blank>
Group: Servers
In your Vagrant config add a IP (if not set) eg:
config.vm.network :forwarded_port, host: 15432, guest: 5432
config.vm.network :private_network, ip: "192.168.111.222"
Now from PGAdmin in Windows connect to host 192.168.111.222, port 5432.
Worked for me although I'm not know why.. :P
I dont know what you mean with in pg_hba.conf but in vagrant enviroment you should use ip like 10.0.2.2/24 instead your machine network address.
I had the same problem in linux, and i think in windows this can happen too. In my postgresql.conf the port variable was defined in two places. First with 5432 value, and second with 5435 value.
Running telnet vm_ip 5435, i was able to connect to the server running in the vm.
In my case my vm was running with public_network option, so i have a external ip. In this case, you don't need to forward a port, once you will access the vm,for example, with 192.168.60.15:5435 address.
Please read before replying it as duplicate (as it perhaps can happen). I am running my postmaster (postgres) server. See below for 'sudo netstat -anp|grep 5432' output?
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 29606/postmaster
unix 2 [ ACC ] STREAM LISTENING 1650581 29606/postmaster /var/run/postgresql/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENING 1650582 29606/postmaster /tmp/.s.PGSQL.5432
I am able to connect from localhost using
psql -h localhost (OR 127.0.0.1) -d <DB> -U user -W
But when I try to connect from other hosts using tcp, by specifying
psql -h ip_add_postmaster -d <DB> -U user -W
It throws:
psql: could not connect to server: Connection refused
Is the server running on host XXXXXX and accepting TCP/IP connections on port 5432?
What's wrong here?
pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
In postgresql.conf,
listen_addresses = 'localhost, 127.0.0.1, ip_add_postmaster'
Note: ip_add_postmaster is same as my Elastic IP and not public DNS. If this information
matters.
What am I doing wrong here? Machine is hosted on Amazon EC2 and have open the port 5432.
As your netstat output indicates, it's listening at 127.0.0.1:5432 which is localhost. That is only connectable from localhost ;)
Set listen_addresses='*' in your config and it will work.
[edit]
Other things to check:
is the amazon firewall blocking anything?
is iptables blocking anything?
But first make sure the listening address is correct, your netstat output shows that it won't work like this.
listen_addresses='localhost, private_ip' fixed the issue. I was not able to start postmaster server on elastic IPs. Once postgres server started o localhost and private IPs, I was able to connect.
One other issue I have found was if you end up with two Postgres installations, the second one can choose non-default port (in my case it was 5433 i/o 5432). So checking the port in postgresql.conf might be a good idea.
I ran into this issue and tried all sorts of fixes I found across SO, and want to add a simple solution that worked for me after realizing it had to do with permissions in my case.
Simply, if you're running a psql server on Windows, you are initially restricted to the default postgres superuser for logging in, launching the server, and so on.
So, first try running from the command line:
psql -U postgres -h localhost -p 5432
and enter your password at the prompt. If you've managed to login and the server is up, then it was a permissions issues. From here, you can create a role for yourself that has login privileges to whatever database you are trying to run.
If the error persists, then consider checking postgresql.conf as mentioned above, to make sure default IP is set to * or localhost, and the port set to 5432 or whatever port you want as default.
I also ran into the same issue. On debugging, it was nothing related to the port, but due to some missing directories in the Postgres folder.
While updating Mac OS (from 10.13.1 -> 10.13.13), some folders in the directory /usr/local/var/postgres/ gets deleted. The fix was the adding the missing directories:
mkdir /usr/local/var/postgres/pg_tblspc
mkdir /usr/local/var/postgres/pg_twophase
mkdir /usr/local/var/postgres/pg_stat
mkdir /usr/local/var/postgres/pg_stat_tmp
mkdir /usr/local/var/postgres/pg_replslot
mkdir /usr/local/var/postgres/pg_snapshots
mkdir /usr/local/var/postgres/pg_logical/{snapshots,mappings}
I have a VM set up with Vagrant that has Postgres running on it (on port 5432), forwarded to port 8280 on the host machine.
I have set the password for the default user and I can connect locally just fine.
I have been trying to set up access from the host machine over port 8280, and I have been unable to get it working with 'MD5' as the trust method.
I have set up postgresql.conf to listen on all addresses:
# postgresql.conf
listen_addresses = '*'
and I have configured pg_hab.conf as follows:
# pg_hab.conf
#TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 0.0.0.0/0 md5
With all of these settings, if I run the following command from my host machine:
psql --host=127.0.0.1 --port=8280 --username=postgres -d mydb -c '\l'
I am prompted for the password, and then I get:
psql: FATAL: password authentication failed for user "postgres"
If I then change the METHOD from 'md5' to 'trust' I'm not asked for a password and I can connect as expected. My question is - why can't I connect using 'md5', which is what I want to be able to do? I know that the password I am entering is correct (I have changed it), but for some reason it isn't working.
I had the same exact problem. The issue was on the host side, basically the firewall was blocking the port I was using. So this is what I did (I am using OSX Mavericks)
Open the port (Host)
sudo ipfw add 7000 allow tcp from any to any dst-port 7001
Modify Vagrantfile in order to allow portforwarding
config.vm.network "forwarded_port", guest: 5432, host: 7001
Edit postgresql.conf (Guest)
listen_addresses = '*'
Edit pg_hba.conf (you might want to tune this better)
host all all 0.0.0.0/0 md5
Now, from the host connect normally using the port (in my case 7001) and 'localhost' as host address
You need to set a password for the postgres user. It does not have one by default, so you cannot connect.
ALTER USER postgres PASSWORD 'somepassword';
Your local connections probably work because they're using unix sockets with peer authentication, not TCP/IP. If you use:
psql -h 127.0.0.1 -U postgres postgres
on the VM, you'll probably find that that fails too, because you're actually testing TCP/IP based connections now.
I have a database server (192.168.1.50) running postgres. I have created a database named "testdb" and a user "testuser" with password "testuserpw".
Locally, I can connect to the db using:
psql -d testdb -U testuser
When I issue the command from another host (192.168.1.60):
psql -h 192.168.1.50 -d testdb -U testuser
I have the error:
psql: could not connect to server: Connection refused
Is the server running on host "192.168.1.50" and accepting
TCP/IP connections on port 5432?
Any idea ?
Check the setting of listen_addresses in your postgresql.conf file. Many distributions make it default to 127.0.0.1, i.e. listen only to connections coming in from localhost. It should be set to '*' to listen for connections on all interfaces.
If you are still having trouble, use lsof to see what network sockets the postgres process is listening on.
On Ubuntu, I noticed that remote access at some point stopped working (currently using 9.1.9). The reason is, that postgres is no longer started with the -i switch [1] so no matter what you configure for listen_addresses, it will be ignored.
Fortunately, adding the following line to /etc/environment solves the problem after logging out and in again (or reboot):
PGOPTIONS="-i"
See [2] for more options. Note, that adding this to /etc/postgresql/9.1/main/environment did NOT work for me.
Now, when doing nmap ip-of-my-remote-server I finally get this again:
5432/tcp open postgresql
Yay!
[1] http://www.postgresql.org/docs/9.1/static/runtime-config-short.html
[2] http://www.postgresql.org/docs/9.1/static/libpq-envars.html
Is the firewall letting the connections through? Or, check if pg_hba.conf allows connecting from addresses other than localhost.
The listen_address configvar in postgresql.conf is not the only way to get postgres to listen on the non-local IP-address (or addresses).
Use option "-o -h *" if you start postgres from pg_ctl, otherwise do add "-h" "*" to the postgres command line, like e.g.
/usr/local/pgsql/bin/postgres -D /pg/data "-h" "*"
Of course /pg/data must be changed to your current datapath.
This is especially useful when experimenting.
I came across the same problem as yours, and my source of problem is the firewall settings.
If you're using Ubuntu, print your firewall status:
sudo ufw status verbose
It may looks like this:
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
...
The default rule of incoming connection is "deny", so you need to specify the "allow"ed port.
type:
sudo ufw allow 5432/tcp
reference:
https://www.vultr.com/docs/how-to-configure-ufw-firewall-on-ubuntu-14-04
Connection refused (0x0000274D/10061) i fixed here with:
Open the terminal and type:
VIM /var/lib/pgsql/data/postgresql.conf
Edit the "listen_adresses", it should be set to '*'
After this, rest it on terminal:
/scripts/restartsrv_postgres