I'm having an issue with PostgreSQL
anytime I run
psql -h localhost
I get
psql: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
A. First make sure PostgreSQL server has been started to remote server.
# /etc/init.d/postgresql start
If it is running and you get above error, you need to add enable TCP/IP support. By default, the PostgreSQL server only allows connections to the database from the local machine or localhost. This is a security feature.
Step # 1: Allow remote IP address to access PostgreSQL
You need to open file called /var/lib/pgsql/data/pg_hba.conf. Login as postgres user using su command:
$ su - postgres
$ vi /var/lib/pgsql/data/pg_hba.conf
Now append following line. Let us say you would like to give access to 192.168.1.0/24 network:
host all all 192.168.1.0 255.255.255.0 trust
Please replace 192.168.1.0 and 255.255.255.0 to reflect the actual network IP address range of the clients system in your own network.
Save close the file.
Step # 2: Allow communication over TCP/IP
You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf
$ vi /var/lib/pgsql/data/postgresql.conf
Now bind and open TCP/IP port by setting tcpip_socket to true:
tcpip_socket = true
Save and close the file.
Step # 3: Restart PostgreSQL server
Restart the PostgreSQL server with the following command
# /etc/init.d/postgresql restart
This will open default port 5432.
Step # 4: Test your setup
Use psql command from client system as follows:
psql -h PostgreSQL-IP-ADDRESS -U USERNAME -d DATABASENAME
Connect to remote server by IP address 192.168.1.5 and login using vivek user to connect to sales database, use:
$ psql -h 192.168.1.5 -U vivek -d sales
Where,
-h 192.168.1.5 : Specifies the host name of the machine or IP address (192.168.1.5) on which the server is running.
-U vivek : Connect to the database as the vivek username instead of the default. You must have account and permission to connect as vivek user.
-d sales : Specifies the name of the database (sales) to connect to.
For anyone reading this and using Postgres.app, you may need host: localhost in your database.yml. http://postgresapp.com/documentation#toc_3
Related
So we've accumulated enough applications in our network that use MongoDB to justify building a dedicated server specifically for MongoDB. Unfortunately, I'm pretty new to mongodb (coming from SQL/MySQL derivatives). I have followed several guides on installing and configuring mongodb for my environment. None are perfect, but I think I'm close... I've have managed to get to a point that I can connect to the db server from the local server using the following command:
mongo -u user 127.0.0.1/admin
However, I'm NOT able to connect to the server using this from either the local OR a remote computer using it's network address, IE:
mongo -u user 192.168.24.102/admin
I've tried both with authentication enabled and disabled, and I've tried setting the bindIP to 192.168.24.102 and 0.0.0.0 with no love. Thinking it was a Firewall issue, I disabled the firewall entirely... same. no love...
so what's the secret sauce? how do I connect to a MongoDB server remotely?
Some notes to know: This server is on a local network only. There will be some NAT shenanigans at some point directing public traffic to it from remote application servers, but only specific ports (we will NOT be using 27017 when that happens) and it will sit behind a pretty robust firewall appliance, so I'm not worried about securing the server as I about securing MongoDB itself.
This answer assume a setup where a Linux server is completely remote and has MongoDB already installed.
Steps:
1. Connect to your remote server over SSH.
ssh <userName>#<server-IP-address>
2. Start Mongo shell and add users to MongoDB.
Add the admin;
use admin
db.createUser(
{
user: "AdminSammy",
pwd: "AdminSammy'sSecurePassword",
roles: [
{"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"}
]
}
)
Then add general user/users. Users are added to specific databases.
use some_db
db.createUser({
user: 'userName',
pwd: 'secretPassword',
roles: [{ role: 'readWrite', db:'some_db'}]
})
3. Edit your MongoDB config file, mongod.conf, that is found in etc directory.
sudo vim /etc/mongod.conf
Scroll down to the #security: section and add the following line. Make sure to un-comment the security: line.
security:
authorization: 'enabled'
After authorization has been enabled only those authenticated with password will access the database. In this case these are the ones added in step 2 above.
Note: Visual Studio code can also be used over SSH to edit the mongo.conf file.
4. Add remote server's IP address to mongod.conf file.
Look for the net line and add the IP address of the server that is hosting this MongoDB installation, example 178.45.55.88
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1, 178.45.55.88
5. Open port 27017 on your server instance.
This allows access to your MongoDB server from anywhere in the world to anyone who knows your remote server IP address. This is one reason to have authenticated users. More robust ways of handling security are really important! Consult MongoDB manual for that.
Check firewall status using ufw.
sudo ufw status
If its not active, activate it.
sudo ufw enable
Then,
sudo ufw allow 27017
Important: You also need to allow port 22 for your SSH communication with your remote server. Otherwise you will be locked out from your remote server. Assumption here is that SSH uses port 22 for communication, the default.
sudo ufw allow 22
6. Restart Mongo daemon (mongod)
sudo systemctl restart mongod
7. Connect to remote Mongo server using Mongo shell
You can now connect to the remote MongoDB server using the following command.
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port>
You can also connect to the remote MongoDB server with authentication:
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port> --authenticationDatabase <auth-db-name>
You can also connect to a specific remote MongoDB database with authentication:
mongo -u <user-name> -p <user-password> <remote-server-IP-address>:<mongo-server-port>/<db-name> --authenticationDatabase <auth-db-name>
At this moment you can read and write within the some_db database from your local computer without ssh.
Important: Put into consideration the standard security measures for any database. Local security practices should guide what to do at any of the above steps.
I have two vm's on Azure, let's call them test1 and test2.
postgresql-server is installed and running on test1 (server, where postgres user is), but I want to be able to use psql on test2 (target).
So far, I've edited the pg_hba.conf, to have the target's IP address in it's list of hosts:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all XX.XXX.XX.XXX/32 trust
Where XX.XXX.XX.XXX is the public IP address of my target machine, test2.
Then, I edited the postgresql.conf file, to listen to all addresses instead of just localhost:
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432
I reload the server on my host server machine to grab the changes:
pg_ctl -D /path/to/data/ -l logfile reload
As far as I've researched, now I should be able to be on test2, and simply run something like:
psql -h 127.0.0.1 -U postgres -p 5432
But whenever I do, I get:
-bash: psql: command not found
What is going on??? Also a test connection to a Hive db (already set up) keeps failing as it could not connect to the database.
As Islingre commented:
Installing postgresql on the target (test2), allowed me to run:
psql -h test1ip -p 5432
It worked.
I have found that setting up the pg_hba.conf file to be very tough. Here's the common case that wastes my time. What do I need to do?
First, setup a virtual machine at Amazon, Digital Ocean or a freshly installed Linux distro on my own hardware. I usually use Fedora or CentOS and then get Postgres via this method:
rpm -Uvh http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
yum install postgresql96 postgresql96-server postgresql96-contrib postgresql96-devel -y
/usr/pgsql-9.6/bin/postgresql96-setup initdb
systemctl enable postgresql-9.6
systemctl start postgresql-9.6
echo export PATH=/usr/pgsql-9.6/bin:"$PATH" >> /etc/profile.d/postgresql96.sh
yum update -y
Just to rule a few things out, pop a hole in the firewall (this is dev -- it's OK)
firewall-cmd --permanent --add-port=5432/tcp
firewall-cmd --reload
Create a database user
su postgres
createuser --interactive -W bob
<answer yes to make bob a superuser>
psql
ALTER USER bob PASSWORD 'whatever';
Edit /var/lib/pgsql/9.6/data/postgresql.conf and change #listen_addresses = 'localhost' to listen_addresses = '*'
Restart
systemctl restart postgresql-9.6
Now, here's where things always go sideways.
su postgres
psql -U bob -W
<enter password>
psql: FATAL: Ident authentication failed for user "bob"
I know I need to do something in pg_hba.conf -- but what to write in there? By default it says this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident
I have tried this:
host all bob all md5
But that doesn't work.
I've tried
host all bob all ident
But that doesn't work.
I've tried to connect with pgadmin3 over TCP/IP from a remote box, but that doesn't work either, not that it would since it doesn't work locally.
In the end, I want to be able to login as bob locally and via pgadmin3 remotely.
UPDATE: Is there a webpage out there that cleanly explains how to setup the pg_hba.conf file for some typical use-cases?
ident is useless, and I don't know why it's still used in the packages. Please report a bug to pgsql-bugs about the RPM packages to complain that they default to ident on localhost tcp/ip connections.
host all bob all md5 should be fine, though I'd usually write
host all bob 0.0.0.0/0 md5
host all bob ::/128
So... are you sure you reloaded PostgreSQL's configuration?
pg_ctl reload, restart the database, or SELECT pg_reload_conf().
Alternately, could there be any earlier, not-commented-out, entries that match and result in masking your entry?
Using Docker 1.12.1, I face a strange behaviour trying to access a host port created with ssh -R.
Basically I try to access a service running on port 12345 on my local machine from a docker container running on a server.
I opened a ssh connection with ssh -R *:12345:localhost:12345 user#server to open a port 12345 on server that forwards to port 12345 on my local machine.
Now when I try curl https://172.17.42.1:12345 inside the container (172.17.42.1 is the IP to access the docker host from the docker container) I get :
root#f6873fe1109b:/# curl https://172.17.42.1:12345
curl: (7) Failed to connect to 172.17.42.1 port 12345: Connection refused
But on server the command curl http://localhost:12345 succeeds (eg. no Connection refused)
server$ curl http://localhost:12345
curl: (52) Empty reply from server
I don't really understand how the port binding done with ssh differs from a test with nc on server (it works) :
# on server
nc -l -p 12345
# inside a container
root#f6873fe1109b:/# curl http://172.17.42.1:12345
curl: (52) Empty reply from server
NB: the container was started with docker run -it --rm maven:3-jdk-8 bash.
What can I do to allow my container to access the host port corresponding to a ssh binding ?
From man ssh:
-R [...]
... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled
And man sshd_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
This means that a default sshd server installation only allows to create forwards that bind to the local interface. If you want to allow forwards to other interfaces then loopback, you need to set the GatewayPorts option to yes or clientspecified in your /etc/ssh/sshd_config
I have been trying to monitor a remote server using Nagios-Nrpe.
The remote host is the Amazon Ec2 instance where I have installed npre daemon on xinetd.
I have added my nagios server IP to "only-from" property in /etc/xinet.d/nrpe file.
I have added the entry in /etc/services.
I have made changes in iptables also.
I have added an entry for TCP port 5666 in my security group too.
These commands work properly:
$ netstat -at | grep nrpe
$usr/local/nagios/libexec/check_nrpe -H localhost
I have setup the nagios server and nrpe_check plugin on my local machine.
But whenever I am doing:
/usr/local/nagios/libexec/check_nrpe -H <"amazon-ec2-IP-address">
I get the following error:
connect to address <"amazon-ec2-IP-address"> port 5666: Connection refused ......
connect to host <"amazon-ec2-IP-address"> port 5666: Connection refused
I have tried making the nrpe client on another linux on my LAN and the command worked, but not for Amazon Ec2.
If anyone has the solution for this issue, please do share ASAP.
Make sure you have,
Opened up port 5666 in the Security Group linked to the EC2-instance.