Ident authentication failed on PostgreSQL through SSH tunnel - postgresql

I have PostgreSQL server and a seperate computer is a client of it. They are in one network. If I use psql command like
psql --host db_ip_address --port 5432 --user user base_name
connection goes fine and all works.
But if I'll open SSH tunnel to DB server like:
ssh -L 63333:localhost:5432 root#db_ip_address
and then try to do the same like:
psql --host localhost --port 63333 --user user base_name
than it suddenly output error message:
psql: FATAL: Ident authentication failed for user "user"
pg_hba.conf on server have this lines:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 192.168.0.49/32 trust
host all all 192.168.0.50/32 trust
host all all 192.168.0.48/32 trust
# IPv6 local connections:
host all all ::1/128 ident
I need to use SSH tunnels because I actually need one more tunnel for my own computer, and it is the only way to get connection for db on it.
And I don't want to change any configuration or base on PostgreSQL server, because it is working in real time server.
Hope for help.

Based on the error message and pg_hba.conf, the server resolves localhost to its IPv6 address, which is tied to ident authentication.
As a solution, you may either:
change pg_hba.conf to set trust method for ::1/128, as is already the case for 127.0.0.1/32
or run psql --host 127.0.0.1 --port 63333 [other options]... to force the IPv4 address.

Related

psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication failed for user "postgres" (Ubuntu)

When I try to open psql with this command:
psql -U postgres
I get this error:
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication failed for user "postgres"
But it connects successfully when I use:
sudo -u postgres psql
Can someone please explain what is happening and how to diagnose/fix this problem? My pg_hba.conf contains the following:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
You can edit your .conf files with privileges using an editor, for my case it is nano.
$sudo nano /etc/postgresql/14/main/pg_ident.conf
Map your user by adding this line
# MAPNAME SYSTEM-USERNAME PG-USERNAME
user1 <computer-username> postgres
Replace the <computer-username> with the System-Username, which can be found using the whoami command. Type in your terminal:
$whoami
Then go ahead to the pg_hba.conf
$sudo nano /etc/postgresql/14/main/pg_hba.conf
Add your postgre user, with method=peer, as shown below:
# TYPE DATABASE USER ADDRESS METHOD
local all postgres peer
This worked for me.
Peer authentication means that the connection is only allowed if the name of the database user is the same as the name of the operating system user.
So if you run psql -U postgres as operating system user root or jimmy, it won't work.
You can specify a mapping between operating system users and database users in pg_ident.conf.
step-1
vi /etc/postgresql/14/main# vi postgresql.conf
listen_addresses = '*'
step-2
vi /etc/postgresql/14/main# vi pg_hba.conf
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 0.0.0.0/0 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
step-3
sudo /etc/init.d/postgresql restart
step-4
After restart your changes
create your required database and database username
I don't think in production you wana bother yourself changing any files.
So, What you can do is temporarily make the username same to the username of your postgres which is usually postgres by passing command sudo -i -u postgres and then psql, now you successfully connected to postgres.

psql: error: FATAL: password authentication failed for user "user" on remote login

I'm trying to log in by passing the host's IP as a parameter, simulating a login from outside:
root#ubuntu-2gb-nbg1-1:/etc/postgresql/12/main# psql -h YYY.YYY.YYY.YYY -p 5433 -d myproject -U myproject
Password for user myproject:
psql: error: FATAL: password authentication failed for user "myproject"
FATAL: password authentication failed for user "myproject"
I then try to log in from the same host with the same password but with different options:
root#ubuntu-2gb-nbg1-1:/etc/postgresql/12/main# psql -h localhost -U myproject -d myproject
Password for user myproject:
psql (12.6 (Ubuntu 12.6-0ubuntu0.20.04.1), server 10.16 (Ubuntu 10.16-0ubuntu0.18.04.1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
myproject=>
I am using PostgreSQL 12 and trying to set up a remote login for a service which should write to the DB from the outside. I've already set up the listener in /etc/postgresql/12/main/postgresql.conf to also listen to my remote server and configured my /etc/postgresql/12/main/pg_hba.conf as follows:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all XXX.XXX.XXX.XXX/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
The problem I have is that when attempting to log in remotely, the password authentication fails. The same username and password is correct when logging in from within the host. It's very strange that the password is being rejected when attempting the remote login. Does anyone have any suggestions?
Laurenz Albe's comment actually led me to the solution. It turned out I was running two different instances of PostgreSQL and didn't notice. The one I connected to over localhost was postresql-10 and had the proper user and database and the one I had configured to listen to the outside over port 5433 was postgresql-12 and didn't have the same users and databases.
In the end it was a simple fix to remove one instance and set up everything on the single version 12.

valentina db doesn't allow me to use ssh into a postgres even though i can do it normally

I have a AWS server which I can access using SSH with a .pem key.
Using valentina, i tried to access the postgres this way
I keep getting a failed Ident message.
I used that same .pem file and ssh into the server.
Used the same postgres user and password to access using psql client.
It works.
What do I need to do to make the Valentina Studio work as well?
UPDATE:
I have changed my pg_hba.conf to the following:
host all all * ident
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
I can run psql -U postgres on the postgres server.
I cannot run psql -h localhost -U postgres on the the postgres server.
UPDATE 2:
# "local" is for Unix domain socket connections only
local all postgres peer
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
This solves the issue
I keep getting a failed Ident message.
This suggests that you can in fact ssh in fine.
At a guess, your manual tests are along the lines of:
psql mydb
which will generally use a unix socket, which appears as local entries in pg_hba.conf.
By contrast your application will be connecting over TCP/IP, probably to a socket forwarded over ssh to localhost. This authenticates with host entries in pg_hba.conf.
So I think you're testing a different thing when logging in directly.
Try manually:
psql -h localhost mydb
i.e. force a TCP/IP connection to be used. You'll get the same error, and it's because of your setup in pg_hba.conf choosing ident as the auth method for host connections from localhost, and presumably there's no identd running or other mechanism to allow proper ident. You probably want to use md5 auth.

psql: FATAL: Ident authentication failed for user "postgres"

I have setup a Ubuntu VPS as per the railcast episode #335. I've worked through a few issues but can't get past the error above when starting Unicorn. I have been testing with this command to connect to the db since.
psql -U postgres -W
I have edited /etc/postgresql/8.4/main/pg_hba.conf as follows
# Database administrative login by Unix domain socket
local all postgres trust
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
It doesn't seem to matter what METHOD I use (trust, md5, password) the error is the same.
Any ideas would be appreciated.
Try using psql -U postgres -h localhost
As Per my setting plz use below setting can help this setting dear...
host all all 0.0.0.0/0 md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
You usually connect as the postgres user with sudo -u postgres psql. Note that sudo prompts for the current users password (unless you are root), not a user from the database.

postgres hba.conf for jdbc

I'm trying to set up a JDBC connection to postgres from another program.
When I run the program, I get the following error:
[2013-03-24 03:14:10,542][ERROR][org.elasticsearch.river.jdbc.strategy.simple.SimpleRiverSource] while opening read connection: jdbc:postgresql://[my postgres server's ip address]:5432/[my database name] FATAL: no pg_hba.conf entry for host "[my client ip address]", user "postgres", database "[my database name]", SSL off
I can connect to the server successfully with a command line client by running:
psql -d [my database name] -U postgres -p 5432 -h [my postgres server ip address]
I think then that I have a unix socket connection that works but need to enable tcp connection in the pg_hba.conf, but it looks like I already have several tcp connections allowed in the pg_hba.conf file below... can anyone advise what I may be doing wrong?
My pg_hba.conf contains the following uncommented lines:
hostssl all all 0.0.0.0/0 md5
host all all 10.0.0.0/8 md5
local all postgres peer
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
If doing devel on local computer and booth program and DB run on the same machine go with:
# IPv4 local connections:
host all all 127.0.0.1/32 trust