I'm writing a shell script that will perform a pg_dump from one server, and later it will restore the dump into a database on another server.
To access the Postgres database on the first server, I use export PGPASSWORD in order to avoid a password prompt.
When I perform the restore on the Postgres database for the second server, I am prompted for a user password. I tried to re-declare export PGPASSWORD (since the password for this database is different), but this does not work. I'm suspecting it has something to do with the fact that I have to double SSH hop in order to access the second database:
export PGPASSWORD=******
perform pg_dump
...
export PGPASSWORD=********
cat out.sql | ssh -i .ssh/server1.pem root#dev.hostname.com "ssh -i .ssh/server2 \
0.0.0.0 psql -U postgres -h localhost -p 5432 DBNAME"
The above results in:
Password for user postgres:
psql: FATAL: password authentication failed for user "postgres"
Does anyone have any suggestions? Thanks!
You can create a file in your home directory with name .pgpass & give the password details there :
like :
cat .pgpass
hostname:port:database:username:password
localhost:2323:test_db:test_user:test123**
Try this one. Hope your problem will be solved.
The .ssh/environment file is what you want. I think that file needs to be on server1, though, and server2 needs to be configured to allow users to modify their environment (via the PermitUserEnvironment option. See man ssh under "ENVIRONMENT" for more details.
Related
I wanted to create a new user on my linux server so that he can access my postgres database through an ssh tunnel. However, I want him to restrict his access only to the ssh tunnel.
I followed these steps:
login on server as root
Create a new user with useradd new_user -M -s /bin/true
Set a password with passwd new_user
make sure that PasswordAuthentication yes is set and uncomment in /etc/ssh/sshd_config
Restart ssh with sudo systemctl reload sshd
Logout from server and login to server with new user with ssh -p 7822 new_user#my_address.com -N 5433:localhost:5432 (I am using a2hosting as a provider, where I need to use port 7822 for ssh)
However, when I try to login I get the error
Permission denied, please try again.
When I do everything like above but change step 2 into
useradd new_user -m -d /home/new_user
I can successfully login with the new user, however, I then have the possibility to actually access command line, which I try to avoid. What am I doing wrong here?
It could be that /bin/true is not available on the system. As an alternative, use the alternate /bin/false.
Both perform the same function but /bin/false tends to be used more.
I have seen all the questions here on stackoverflow about similar topic, but I would like to know why this happens, where is the problem, and what to do to set it up correctly. I am learning to code, so I apologize for any misunderstandings. Please, have patience with me.
My case is -
I cannot run psql command from terminal.
Respond is -
psql: FATAL: role "some_name" does not exist
after I write down and hit enter -
sudo -u postgres -i
everything just works and I can run psql command. I need to write sudo -u postgres -i command every time I open terminal, again and again.
I would like to kindly thanks to any respond.
If you got more questions I can give you more information.
Here see some additional info:
[postgres#localhost ~]$ psql
psql (9.6.6)
Type "help" for help.
postgres=# \du
List of roles
Role name | Attributes | Member
of
-----------+------------------------------------------------------------+-------
----
matus | | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
Another:
[postgres#localhost ~]$ whoami
postgres
So, I have two opened terminals, one as postgres and another as user_name where I can do other stuff, using db somehow.
from your description I suppose you have peer authentication in hba file. To check it connect to db with psql (your sudo -u postgres method) and:
t=# show hba_file ;
hba_file
---------------------
/pg/d10/pg_hba.conf
(1 row)
t=# \! grep local /pg/d10/pg_hba.conf | grep -v "#"
local all all peer
if you see peer above trust, or just peer, than this is the case. from manuals:
https://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PEER
The peer authentication method works by obtaining the client's
operating system user name from the kernel and using it as the allowed
database user name (with optional user name mapping)
formatting mine.
so in order to avoid
psql: FATAL: role "some_name" does not exist
just create such db user:
create user some_name;
or change peer to trust in hba.conf
I'm running a bash file from monit during boot, that bash file starts my postgres server.
if my database directory is not present, I do:
1- initdb (postgresql/data/)
su - edge -c '/usr/bin/initdb -D ${DBDIR}'
2- copy modified pg_hba.conf and postgresql.conf files to (postgresql/data/)
3- start my server
su - edge -c " /usr/bin/pg_ctl -w -D ${DBDIR} -l logfile start"
4- postgres createuser
- su - $User -c '${DBDIR} -e -s postgres'
after the execution of the bash file
postgresql/data/ is created
files are copied
server is started,
but user is not created so I cannot access my database
error : /usr/bin/psql -U postgres
psql: FATAL: role "postgres" does not exist
I can't decipher your step #4, but the reason why the postgres role does not exist is because the step #1 is run by a user edge and it doesn't ask for the creation of a postgres role through -U, so it creates an egde role as superuser instead.
Per initdb documentation:
-U username
--username=username
Selects the user name of the database superuser. This defaults to the name of the effective user running initdb. It is really not
important what the superuser's name is, but one might choose to keep
the customary name postgres, even if the operating system user's name
is different.
Either do initdb -U postgres, or if you prefer a superuser named edge, keep it like this but start psql with psql -U edge, or set the PGUSER environment variable to edge to avoid typing that each time.
I'm new to Postgres and Bash so I'm not sure what the difference is.
I'm trying to automate in a bash script updating a table in Postgres. I have the .sql file and I've created .pgpass file with 600.
The a script that is provided to me uses sudo -u postgres psql db -w < .sql and it fails because it can't find the pass.
Whereas, sudo psql -U postgres db -w < .sql doesn't prompt for a pass and is able to update.
So what's the difference? Why can't the first command get the pass from the .pgpass?
sudo -u postgres is running the rest of the command string as the UNIX user postgres
sudo psql -U postgres db -w is running the command as the UNIX user root and (presumeably) connecting to postgres as the user "postgres"
Probably the .pgpass file doesn't exist for the unix user postgres.
It is a case of peer autentication. If you're running user x and you have user x on your database you're trusted by postgres so you don't have to use password (default settings of instalation). Running sudo psql -u x you're trying to connect from user root to database as user x... root!=x so you need password. Client authentication is controlled by a configuration file pg_hba.conf You can also provide password via .pgpass file. You'll find all needed informations in PostgreSQL documentation.
I use PuTTy to connect a remote Ubuntu. I want to transfer a table from another windows computer into a database in the Ubuntu.
I searched in the Internet and the code is
pg_dump -C -t table_name -h 192.168.1.106 -p 5432 database_name1| psql -h localhost -p 5432 -U postgres database_name2
But the PuTTy shows:
Password for user postgres: Password:
I need to input two password: one is the Ubuntu user postgres pw, and the other is windows computer user postgres pw.
I guess the right way is to input Ubuntu user pw first, and then the computer pw. But it shows:
pg_dump: [archiver (db)] connection to database "database_name1" failed
Is this error caused by PuTTY? What would it be like if I use the Ubuntu computer directly?
I also used the separated way: first pg_dump, then psql. It worked.
Can anyone tell me why I can not transfer a table using pg_dump | psql directly?
This won't work well because both programs are trying to read from the same terminal input stream at the same time. Some of them get some parts of each of what you type, so passwords are mangled.
Use a ~/.pgpass file to supply the passwords, or use the PGPASSWORD environment variable:
PGPASSWORD='pw_for_dump' pg_dump .... | PGPASSWORD='pw_for_restore' pg_restore ...
The .pgpass file is preferable.