[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-admin
Subject:    Re: Port 25060 failed: FATAL: pg_hba.conf rejects connection for host on Digital OCean
From:       Wilson Coelho <wilson.coelho () tecnisys ! com ! br>
Date:       2023-05-16 15:22:15
Message-ID: e95a0fa62630998c0603b12593e1d5a3 () tecnisys ! com ! br
[Download RAW message or body]

Uma, it seems that your pg_hba.conf doesn't have any rule for external
access to the databases hosted at the server.
Due to absence of that rule, postgresql only accept local connection.
Your pgadmin are installend on the postgresql server? 

regards
Wilson Coelho

---

Wilson Moraes Coelho 
Especialista

Sia Trecho 08, lotes 245 / 255 / 265 || 

Tel.:+55 (61) 3039-9700 - (61) 99989-8932 

71205-080 || Guará || Brasília, DF 0800-6020097 

www.tecnisys.com.br [4] 

Em 16/05/2023 10:48, Uma Annamalai escreveu:

> Hi PGSQL-Admin team,  
> 
> We did not have any issue but did not run the Digital ocean DB seeding for months \
> and when the team tried to re-do it, we experienced the below error within the \
> Pgadmin. We've been blocked for over 1 week now and tried so many things and \
> nothing works. This is stalling a lot of our work.  
> Full error: connection to server at "DBNAME.b.db.ondigitalocean.com [1]" (IP \
> address), port 25060 failed: FATAL: pg_hba.conf rejects connection for host "IP \
> address", user "NAME", database "NAME", SSL encryption connection to server at \
> "DBNAME.b.db.ondigitalocean.com [1]" (IP Address), port 25060 failed: FATAL: no \
> pg_hba.conf entry for host "IP Address", user "NAME", database "NAME", no \
> encryption 
> * Does the order that you type out the updated information into the pg_hba.conf \
>                 file matter? If so what is the correct order?
> * What are the steps that I can take to resolve the issue? Do any of the articles \
>                 referenced already actually provide the solution?
> * Is this error occurring because I'm not on md5 method and it is on the default \
> scram-sha-256? 
> The current pg_hba.conf file looks like this. After we tried making the changes \
> recommended in the links, our postgresql stopped working all together so we \
> reverted back to the original file. 
> # TYPE DATABASE USER ADDRESS METHOD
> # "local" is for Unix domain socket connections only
> local all all scram-sha-256
> # IPv4 local connections:
> host all all 127.0.0.1/32 [2] scram-sha-256
> # IPv6 local connections:
> host all all ::1/128 scram-sha-256
> # Allow replication connections from localhost, by a user with the
> # replication privilege.
> local replication all scram-sha-256
> host replication all 127.0.0.1/32 [2] scram-sha-256
> host replication all ::1/128 scram-sha-256
> 
> Articles referred and tried:
> https://dba.stackexchange.com/questions/83984/connect-to-postgresql-server-fatal-no-pg-hba-conf-entry-for-host \
> https://dba.stackexchange.com/questions/264560/need-help-understanding-the-error-message-error-connecting-to-database-fatal \
> https://dba.stackexchange.com/questions/161104/pgadmin-postgresql-no-pg-hba-conf-entry-for-host \
> https://dba.stackexchange.com/questions/320468/postgresql-fatal-no-pg-hba-conf-entry-for-host-ipv6-user-user-databas
>  
> We have looked into somewhat related articles on stack exchange. Tried changing it \
> to event listeners is * and changed to host all all 0.0.0.0/0 [3] with trusted per \
> user. Its still saying the same error and we expected the error to be resolved.  
> Also another thing is that in our Digital Ocean server - the SSL is default set to \
> required and it is not allowing a change. This same required is stuck and not \
> allowing it to be changed within the SSH portion of the Postgresql. Some folks have \
> indicated that the SSL needs to be changed to true or that the reason for the issue \
> is a mismatch between the SSL security in Digital Ocean versus Postgresql. But we \
> are not able to attempt a change.  
> * How would we be able to change the SSL to true if that is what will help resolve \
> the issue? 
> Uma
 

Links:
------
[1] http://DBNAME.b.db.ondigitalocean.com
[2] http://127.0.0.1/32
[3] http://0.0.0.0/0
[4] http://www.tecnisys.com.br


[Attachment #3 (multipart/related)]

[Attachment #5 (unknown)]

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" \
/></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'> \
<p>Uma, it seems that your pg_hba.conf doesn't have any rule for external access to \
the databases hosted at the server.<br />Due to absence of that rule, postgresql only \
accept local connection.<br />Your pgadmin are installend on the postgresql \
server?</p> <p>regards<br />Wilson Coelho</p>
<div>---<br />
<table style="margin-left: 0; width: 550px; color: #003087; font-family: \
Calibri,Helvetica,Verdana; font-size: 10pt; letter-spacing: 0.1px;"> <tbody>
<tr>
<td><img style="width: 5px; height: 225px;" \
src="cid:f62593aa02f7ca1140303fb9eff147bc@tecnisys.com.br" /></td> <td \
style="vertical-align: middle; padding: 15px;"> <p><strong>Wilson \
</strong>Moraes<strong> Coelho</strong> <br />Especialista<br /><br /> <img \
style="height: 35px;" src="cid:04237a95e4ba3d087c62288085bb774d@tecnisys.com.br" \
alt="Logo Tecnisys" /><br /><br /> Sia Trecho 08, lotes 245 / 255 / 265 ||</p>
<p><span style="font-size: inherit; letter-spacing: 0.1px;">Tel.:+55 (61) 3039-9700 - \
(61) 99989-8932</span></p> <p>71205-080 || Guar&aacute; || Bras&iacute;lia, DF \
0800-6020097 <br /><br /> <a style="text-decoration: none;" title="Tecnisys" \
href="http://www.tecnisys.com.br">www.tecnisys.com.br</a></p> </td>
</tr>
</tbody>
</table>
</div>
<p><br /></p>
<p>Em 16/05/2023 10:48, Uma Annamalai escreveu:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; \
margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ignored --> <div \
dir="ltr">Hi PGSQL-Admin team,&nbsp; <div>&nbsp;</div>
<div>We did not have any issue but did not run the Digital ocean DB seeding for \
months and when the team tried to re-do it, we experienced the below error within the \
Pgadmin. We've been blocked for over 1 week now and tried so many things and nothing \
works. This is stalling a lot of our work.</div> <div><br />Full error: connection to \
server at "<a href="http://DBNAME.b.db.ondigitalocean.com" target="_blank" \
rel="noopener noreferrer">DBNAME.b.db.ondigitalocean.com</a>" (IP address), port \
25060 failed: FATAL: pg_hba.conf rejects connection for host "IP address", user \
"NAME", database "NAME", SSL encryption<br />connection to server at "<a \
href="http://DBNAME.b.db.ondigitalocean.com" target="_blank" rel="noopener \
noreferrer">DBNAME.b.db.ondigitalocean.com</a>" (IP Address), port 25060 failed: \
FATAL: no pg_hba.conf entry for host "IP Address", user "NAME", database "NAME", no \
encryption<br /><br /> <ul>
<li>Does the order that you type out the updated information into the pg_hba.conf \
file matter? If so what is the correct order?</li> <li>What are the steps that I can \
take to resolve the issue? Do any of the articles referenced already actually provide \
the solution?</li> <li>Is this error occurring because I'm not on md5 method and it \
is on the default scram-sha-256?</li> </ul>
The current pg_hba.conf file looks like this. After we tried making the changes \
recommended in the links, our postgresql stopped working all together so we reverted \
back to the original file.<br /><br /># TYPE DATABASE USER ADDRESS METHOD<br /># \
"local" is for Unix domain socket connections only<br />local all all \
scram-sha-256<br /># IPv4 local connections:<br />host all all <a \
href="http://127.0.0.1/32" target="_blank" rel="noopener noreferrer">127.0.0.1/32</a> \
scram-sha-256<br /># IPv6 local connections:<br />host all all ::1/128 \
scram-sha-256<br /># Allow replication connections from localhost, by a user with \
the<br /># replication privilege.<br />local replication all scram-sha-256<br />host \
replication all <a href="http://127.0.0.1/32" target="_blank" rel="noopener \
noreferrer">127.0.0.1/32</a> scram-sha-256<br />host replication all ::1/128 \
scram-sha-256<br /><br />Articles referred and tried:<br /><a \
href="https://dba.stackexchange.com/questions/83984/connect-to-postgresql-server-fatal-no-pg-hba-conf-entry-for-host" \
target="_blank" rel="noopener \
noreferrer">https://dba.stackexchange.com/questions/83984/connect-to-postgresql-server-fatal-no-pg-hba-conf-entry-for-host</a> \
<a href="https://dba.stackexchange.com/questions/264560/need-help-understanding-the-error-message-error-connecting-to-database-fatal" \
target="_blank" rel="noopener \
noreferrer">https://dba.stackexchange.com/questions/264560/need-help-understanding-the-error-message-error-connecting-to-database-fatal</a> \
<a href="https://dba.stackexchange.com/questions/161104/pgadmin-postgresql-no-pg-hba-conf-entry-for-host" \
target="_blank" rel="noopener \
noreferrer">https://dba.stackexchange.com/questions/161104/pgadmin-postgresql-no-pg-hba-conf-entry-for-host</a> \
<a href="https://dba.stackexchange.com/questions/320468/postgresql-fatal-no-pg-hba-conf-entry-for-host-ipv6-user-user-databas" \
target="_blank" rel="noopener \
noreferrer">https://dba.stackexchange.com/questions/320468/postgresql-fatal-no-pg-hba-conf-entry-for-host-ipv6-user-user-databas</a><br \
/><br />We have looked into somewhat related articles on stack exchange. Tried \
changing it to event listeners is * and changed to host all all <a \
href="http://0.0.0.0/0" target="_blank" rel="noopener noreferrer">0.0.0.0/0</a> with \
trusted per user. Its still saying the same error and we expected the error to be \
resolved.</div> <div>&nbsp;</div>
<div><br />Also another thing is that in our Digital Ocean server - the SSL is \
default set to required and it is not allowing a change. This same required is stuck \
and not allowing it to be changed within the SSH portion of the Postgresql. Some \
folks have indicated that the SSL needs to be changed to true or that the reason for \
the issue is a mismatch between the SSL security in Digital Ocean versus Postgresql. \
But we are not able to attempt a change. <br /><br /> <ul>
<li>How would we be able to change the SSL to true if that is what will help resolve \
the issue?</li> </ul>
<div>Uma</div>
</div>
</div>
</blockquote>
</body></html>


["f62593aa.gif" (f62593aa.gif)]

GIF89a.,;
["04237a95.gif" (04237a95.gif)]

GIF89a' \
 \
߻ߺ޹޸ݷݶݵ \
ܴܳ۲۱ڰگٮ٭جثתש֧֨զեդԣԢӡ \
ҟҞѝќЛКϙϘΖ͕͔̓̒̑ːˏʎʍɌ \
ɋȊȉLjLJƆƅńŃĂĀ~ } \
|{zyxwvutsrqponmkjihgedc~b}a}`|_{^z \
]y\y[xYvXuWtVtUsTrSqRpQpPoOnNmMlLkKkJjIiGgFfEfDeCdBcAb@b?a>`=_<^;]:]9\8[7Z6Y \
5X 4X3W2V1U0T/T.S-R,Q+P*O)O(N'M&L%K$J#J"I!H \
GFEDCBAA@?>=<<;:98 876
5	433210//.!	,'	H \
*\ȰÇ#JHŋRǏ CI2!9J%S\ɲ˂5yI͛.SE`qIѣ \
fϞb6PXjMԦ"H.hӪ}W{Z1f'_mQX˷oR \
M8ܚP :F"@MZ塩X@Y=ԓTck˥ĉΦ=D!84: \
)Ft!Dž2{t \
DOG5U˟O>oB82e<!|i1 \
bvoM0!CuP	}4& \
z<(N2a	LS!",,޳5/rtT8,DF\vTMg$DB#i \
0NWSa3PSS ʨi 6{Մ7ouD"a
~ڳN%TD6#NNa<4CR]Sej)U&AP"O_[<Ct6e@x6@8W#[_eCdU<}v<;LҔ< \
;0ؐP3i@,cSο{3FSS \
{AP,AEJH!HP{O,+`UO \
]đ(:UAT,dB2W搒S(qDZ&8.A	Ӕ+%j#8	ܓTMWC@D!PW \
rD G1*Л\"B$ؔ)(2CM \
[`PlmALBC@ALe==M(VO==u0=U}|T \
c[!Aߙ@3U3ICAMζy 2;O1&)hH"+eB \
Z"0!EFH ? W1Ѱ& e` \
C򊷄%;GHAzBQ$A4-(+DqFbo``:k {8 \
(702+\`ChU=$_AG^  \
o!0wl)`aBL~9@/jUi@BNI,fIK11*򃦐A gP@  ^
 HA22$A~?0r ;b
#
Ē+>Z)r-o1~eDAI{a9~(4eu="qr*`D)D'j!HXTI \
@ h%$>e%R(* srC0(z!_Tcp\BQ -=&A$$C *h
BHܣ
6
n
m
,BTBMhApC'&D؀	tQ) WĆ
m^ zphxGa4 D81;6EC[(X7V#
{j-Ha $աI"d/"< ⃯!Ը \
DdS9@ha.@؂'ﰄq-5a(kŊ,@J[ \
BXCpBNP.)28P'j$pMs 	lpLCY \
bkQblCHF"_]^XI@{@5@:x@qEoۙZ@n3` \
P#SĄl)H3|loiM@Q

V4>@H	t"Ya\G
V!hPU$^<`q@!mJ92̐7s82^'x@:G*rX=
 v!Kۚ<zb"
^3sIF`
1R\I .h=pD!!@
(Zc!tl"K0ZS]L'A''BCc\bG/1&yaXfC`g \
4hQo{<RD}C ln4t 3SIG(n`oRL΍B
0"|a
uC |Fy4tH' B<ܡ
_@ 
m;;n)Tqp i!y`?$
66-; /d4`q~ D7% @훿
 ,>/$qHD9!|P{MP~X;



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic