SSH postgres

Beach
Beach ⚪️

I have a bastion server within my AWS VPC with access to our postgres database. I have confirmed that I can SSH from my office (with public IP whitelisted) into the E2C server and then connect to the database. When I try to set up the DOMO connector with the same credentials and settings it is giving me this error:

"Failed to authenticate. Verify the credentials and try again. DOMO is ready but Postgres server returned with an error - Could not connect to Database server"

It's not telling me what the error is, i.e. if it is an issue with the SSH connection or the Database connection. Is there a specific postgres client I should install on the EC2? is there something I'm missing? I've whitelisted all the IP addresses from the list provided by DOMO.

Tagged:

Answers

  • GrantSmith
    GrantSmith Indiana 🥷

    Are you attempting to connect directly to the database via Domo? Did you whitelist the IP address on the Database server or your bastion server?

    **Was this post helpful? Click Agree or Like below**
    **Did this solve your problem? Accept it as a solution!**
  • Beach
    Beach ⚪️

    Yes we are trying to connect directly to the database with the SSH postreSQL connector. We have white-listed the IP addresses on our bastion server. Wouldn't it give me an error message that indicates that the SSH connection the issue? It seems like a two step process and the error message is indicating it is a problem connecting to the database. I'm confused because I'm able to connect manually, so my thought is there is an issue with the connector and the specific way it's trying to connect to the database. Of course, there could be something I'm missing.

  • @Beach Pardon me for the ping - I'm curious if you were able to resolve the issue. I'm hitting the exact same error trying to set up the PostgreSQL SSH connector, and I've also confirmed that I can connect to my RDS instance through a bastion SSH server using a public-private key pair.

    @GrantSmith Any further insights?

  • maodag
    maodag ⚪️
    edited November 17

    Resolved: enabling debug-level logging on the ssh server revealed that Domo's SSH client requires some old algorithms to be enabled.

    KexAlgorithms +diffie-hellman-group14-sha1
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa
    

    Also, the private key needs to be in PKCS1 format, i.e. the first line of the key contains `BEGIN RSA PRIVATE KEY`. I was able to convert my key with:

    ssh-keygen -p -m pem -f id_rsa