postgresql ssl模式下使用psql连接postgresql
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14021998/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using psql to connect to postgresql in ssl mode
提问by Lolly
I am trying to configure ssl certificate for postgreSQL server. I have created a certificate file (server.crt) and key (server.key) in data directory and update the parameter SSL to "on" to enable secure connection.
我正在尝试为 postgreSQL 服务器配置 ssl 证书。我在数据目录中创建了一个证书文件 (server.crt) 和密钥 (server.key),并将参数 SSL 更新为“on”以启用安全连接。
I just want only the server to be authenticated with server certificates on the client side and dont require the authenticity of client at server side. I am using psql as a client to connect and execute the commands.
我只希望服务器在客户端使用服务器证书进行身份验证,并且不需要服务器端客户端的真实性。我使用 psql 作为客户端来连接和执行命令。
I am using PostgreSQL 8.4and linux. I tried with the below command to connect to server with ssl enabled
我正在使用PostgreSQL 8.4和 linux。我尝试使用以下命令连接到启用了 ssl 的服务器
psql "postgresql://localhost:2345/postgres?sslmode=require"
but I am getting
但我得到
psql: invalid connection option "postgresql://localhost:2345/postgres?sslmode"
What am doing wrong here? Is the way I am trying to connect to server with ssl mode enabled is correct? Is it fine to authenticate only server and not the client ?
这里做错了什么?我尝试连接到启用了 ssl 模式的服务器的方式是否正确?只验证服务器而不验证客户端可以吗?
Please help me out.
请帮帮我。
回答by Daniel Vérité
psqlbelow 9.2 does not accept this URL-like syntax for options.
psql低于 9.2 的选项不接受这种类似 URL 的语法。
The use of SSL can be driven by the sslmode=valueoption on the command line or the PGSSLMODEenvironment variable, but the default being prefer, SSL connections will be tried first automatically without specifying anything.
SSL 的使用可以由sslmode=value命令行上的选项或PGSSLMODE环境变量驱动,但默认情况下prefer,将首先自动尝试 SSL 连接而不指定任何内容。
Example with a conninfo string (updated for psql 8.4)
带有 conninfo 字符串的示例(针对 psql 8.4 更新)
psql "sslmode=require host=localhost dbname=test"
Read the manual pagefor more options.
阅读手册页了解更多选项。
回答by Andrii Batiuk
psql --set=sslmode=require -h localhost -p 2345 -U thirunas \
-d postgres -f test_schema.ddl
Another Example for securely connecting to Azure's managed Postgres database:
另一个安全连接到 Azure 托管 Postgres 数据库的示例:
psql --file=product_data.sql --host=hostname.postgres.database.azure.com --port=5432 \
--username=postgres@postgres-esprit --dbname=product_data \
--set=sslmode=verify-full --set=sslrootcert=/opt/ssl/BaltimoreCyberTrustRoot.crt.pem
回答by Julian Chick
Found the following options useful to provide all the files for a self signed postgres instance
发现以下选项可用于为自签名 postgres 实例提供所有文件
psql "host={hostname} sslmode=prefer sslrootcert={ca-cert.pem} sslcert={client-cert.pem} sslkey={client-key.pem} port={port} user={user} dbname={db}"
回答by WesternGun
psql -h <host> -p <port> -U <user> -d <db>
and update /var/lib/pgsql/10/data/pg_hba.confto change the auth method to cert. Check the following link for more information:
并更新/var/lib/pgsql/10/data/pg_hba.conf以将 auth 方法更改为cert. 查看以下链接了解更多信息:
回答by Komu
psql "sslmode=require host=localhost port=2345 dbname=postgres" --username=some_user
psql "sslmode=require host=localhost port=2345 dbname=postgres" --username=some_user
According to the postgres psql documentation, only the connection parameters should go in the conninfo string(that's why in our example, --username is not inside that string)
根据postgres psql 文档,只有连接参数应该放在 conninfo 字符串中(这就是为什么在我们的示例中,--username 不在该字符串中)
回答by sebuhi
Well, you cloud provide all the information with following command in CLI, if connection requires in SSL mode:
好吧,如果连接需要在 SSL 模式下,则您云在 CLI 中使用以下命令提供所有信息:
psql "sslmode=verify-ca sslrootcert=server-ca.pem sslcert=client-cert.pem sslkey=client-key.pem hostaddr=your_host port=5432 user=your_user dbname=your_db"
