I have an AWS DocumentDB set up that I can connect to just fine through my jump box using:
mongo --ssl --host aws-host:27017 --sslCAFile rds-combined-ca-bundle.pem --username my_user --password <insertYourPassword>
I'd like to be able to connect to it through localhost for some testing. I cannot connect directly so I attempted to open a tunnel from my jump:
ssh -i ~/.ssh/my-key user#my_jump -L 27017:aws-host:27017 -N
After that I tried the basic MongoDB connect command:
mongo --ssl --host localhost:27017 --sslCAFile rds-combined-ca-bundle.pem --username my_user --password <insertYourPassword>
I get an error I understand:
The server certificate does not match the host name. Hostname: localhost does not match SAN(s)
I tried using export http_proxy to use http://my_jump:27017 and using the command above again with no luck.
Any suggestions or help on how to connect?
Try to disable ssl hostname validation:
mongo --ssl --sslAllowInvalidHostnames ...
Note --sslAllowInvalidHostnames is available from version 3.0.
If this does not work, try to remove --ssl entirely from the connection options, as according to the documentation:
The mongo shell verifies that the hostname (specified in --host option
or the connection string) matches the SAN (or, if SAN is not present,
the CN) in the certificate presented by the mongod or mongos. If SAN
is present, mongo does not match against the CN. If the hostname does
not match the SAN (or CN), the mongo shell will fail to connect.
Related
I'm new to Amazon Web Service (AWS).
I already created a PostgreSQL from AWS RDS:
Endpoint: database-1.XXX.rds.amazonaws.com
Port: 5432
Public accessibility: Yes
Availablity zone: ap-northeast-1c
After that, I will push my application that using the database to AWS (maybe deploy to EKS).
However, I want to try testing the database server from my local computer first.
I haven't tried testing from my laptop PC at home yet, but I think it will connect OK because my laptop PC is not using the HTTP proxy to connect to the network.
The problem is that I want to try testing from my company PC, which needs setup the HTTP proxy to connect to the internet. The PC spec:
Windows 10
Installed PostgreSQL 10
Firstly, I tried using psql command-line:
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://user:password#my_company_proxy:3128
set https_proxy=http://user:password#my_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://my_second_company_proxy:3128
set https_proxy=http://my_second_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
Then, I tried using the pgAdmin tool.
As from the internet post, it said that we can use "SSH Tunnel" for inputing proxy:
However, the error message will be shown:
So, anyone can help suggest if we can connect to the public PostgreSQL server through HTTP proxy?
I think problem is Postgres uses plain TCP/IP protocol and you are trying to use HTTP proxy. Also you're trying to create SSH tunnel against your HTTP proxy server which won't work.
So I'd suggest following solutions:
Use TCP proxy instead of HTTP proxy
Create an EC2 or any instance that has SSH access from your company network and has access to public internet. So that you can create SSH tunnel through that instance to achieve your goal.
NOTE: Make sure you PostgreSQL is accessible from public internet (although this is usually bad idea, but it's out of scope this question) sometimes security group configs prevent it to connect from public internet.
Just add all ports(5432,3128...) in the Security Group from your RDS and specify your IP. Don't forget "/32"
Let me add that "unknown host" is usually an indication that you're not resolving the DNS hostname. Also, your HTTP proxy should not interfere with connections to databases since they aren't on port 80 or 443. A couple of things you can try (assuming you're on windows) sub in your actual url:
nslookup database-1.XXXX.rds.amazonaws.com
telnet database-1.XXXX.rds.amazonaws.com 5432
You should also check the security group that is attached to your RDS and make sure you've opened up the ip address that you're originating from on port TCP/5432.
Lastly check that your VPC has DNS and Hostnames enabled. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-updating
I want to connect to an aurora serverless database from my local machine. Because the database is only accessible from within the aws cloud, I have setup an ec2 instance running microsocks:
./microsocks -p 8888
I now want to connect using mysql from my machine:
export ALL_PROXY=socks5h://xx.xx.xx.xx:8888
mysql --user=admin --password=XXXX -h database-XXXX.cluster-XXXX.eu-XXXX.rds.amazonaws.com
ERROR 2003 (HY000): Can't connect to MySQL server on 'database...com' (111)
If I run this command on the ec2 instance it succeeds. So I assume that mysql does not respect my proxy settings. If I run curl on my machine it respects the proxy settings.
Note that this is just for testing purposes and I know that this would not be a solution for production use.
You may use proxychains.
yum install proxychains-ng
edit config file /etc/proxychains.conf, and add this:
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5 {your proxy.address} {your.proxy.port}
Lastly, you can run mysql like this:
proxychains mysql --user=admin --password=XXXX -h database-XXXX.cluster-XXXX.eu-XXXX.rds.amazonaws.com
I'm trying a simple setup with a docker postgres image, publishing a port for me to connect from the localhost.
docker run -p 5432:5432 --name postgres -e POSTGRES_PASSWORD=password -e POSTGRES_USER=postgres -d postgres
I'm able to connect just fine if I specify the docker external IP:
psql -h 192.1469.99.100 -p 5432 -U postgres -d postgres --password
However I get a password authentication failure when trying against localhost:
psql -h localhost -p 5432 -U postgres -d postgres --password
psql: FATAL: password authentication failed for user "postgres"
Do I need to set up some manual port forwarding manually? The weird thing is that it seems to connect to the postgres server just fine, it's just bizarrely telling me the password fails. I've done something wrong with the docker config perhaps?
The pg_hba.conf looks like:
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
The host machine is Windows 7.
Did you try another port than 5432? Try some free port so that there is no conflict between your local postgre and your docker postgre. To me it looks like your local postgre is having higher prio on localhost:5432, takes the traffic and so you are trying to login to your local postgre instead of your docker postgre, but obv. just a guess.
Did you check if you have this port allowed in the virtual machine or whatever you use for virtualization?
The container has its own network and its loopback address does not refer to the host and vice versa.
I have a Windows PostgreSQL installation.
According to some posts, there is no default password set for the 'postgres' user yet I can't connect using an empty password string.
I'm receiving this exception when I try to connect:
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "postgres"
The most relevant tip was this:
https://stackoverflow.com/a/25943227/1005607
Open pg_hba.conf
Change md5 -> TRUST
then restart PgAdmin.
I tried that and restarted PGAdmin but it still asks me for the password when I try to connect:
The task manager in Windows shows some PostgreSQL processes are running. I can't switch them off.
I have tried this and it failed:
pg_ctl restart
ERROR:
pg_ctl: no database directory specified and environment variable PGDATA unset
psql.exe postgres
Password: (none)
ERROR:
psql: fe_sendauth: no password supplied
How can I reset the default password for user 'postgres'?
Based on AK47's answer and some additional info I fixed it by doing the following,
1) Stop Postgres if currently running, command line below. Need to give it the 'data' dir. In my case C:\PostgreSQL\data
pg_ctl -D C:\PostgreSQL\data stop
2) Edit the file pg_hba.conf (it's also in the \data dir) as follows:
As AK40 wrote, change all MD5 references to trust , e.g.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
3) Now run
psql -U postgres
4) In the PG Command Prompt that appears type,
ALTER USER Postgres WITH PASSWORD '<newpassword>';
5) Save this by typing wq enter to exit the PG Prompt
6) Now start Postgres
pg_ctl -D C:\PostgreSQL\data start
7) Might want to revert the MD5 -> Trust change later in the pg_hba.conf.
Update your pg_hba.conf file to allow for trusted local connections
[root#server] vim pg_hba.conf
>> local all all trust
then restart your PostgreSQL server
[user#machine] pg_ctl -D C:\PostgreSQL\data restart (Windows)
[root#server] service postgresql restart (Linux)
at this point you can connect to your server as postgres user using a local connection without the need to enter a password (omitting the -h parameter when calling the psql command will use a local connection - if you pass -h then this will match the line host all all 0.0.0.0/0 <method> in your pg_hba.conf file)
[root#server] psql -U postgres
You can then alter the postgres user role and set the password to whatever you like using the following command in the psql terminal
[psql] alter role postgres password <new_password>;
Once this is done you can restart your PostgreSQL server again
[user#machine] pg_ctl -D C:\PostgreSQL\data restart (Windows)
[root#server] service postgresql restart (Linux)
and at this point your password should be changed to the new password
I was having the same issue and I couldn't use Postgres in the CLI on my windows machine but I managed to trace down where the passwords were stored via
%APPDATA%\PostgreSQL\pgpass.conf
NB: You must have selected store password option when creating a server or database in the pgAdmin.
I hope this helps. Thanks.
I can't connect to mysqlfabric on port 32275.
I am connecting on port 3306 to database so all the grants are in place . On port 32275 I get a message
ERROR 1044 (42000): [Fabric] Access denied
for user and in log I can see
[INFO] 1441810699.948011 - MySQL-RPC-Session-4 - User 'john'
denied access which suggests permissions issue.
I can log in to database if I use
mysql -u fabric -p -h localhost -P 32275
but if I use
mysql -u fabric -p -h host-ip-address -P 32275
I get above error. I can see in netstat that server is listening on that port.
What am I doing wrong ?
There are a couple of things to check in the fabric config.
Firstly try disabling RPC authenication until you have it up and running.
[protocol.xmlrpc]
disable_authentication = no
Also check your storage section and test you can connect using these settings.
[storage]
address = 192.168.0.1:3306
user = fabric_store
password = secret
database = mysql_fabric
auth_plugin = mysql_native_password
mysql -u fabric -psecret -h 192.168.0.1 -P 3306 fabric_store