HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

What does "connection matched" in PostgreSQL logs mean?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
postgresqlmatchedwhatlogsmeandoesconnection

Problem

I have this in the logs of a postgres instance:

```
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:20:02.277 UTC [78602] FATAL: password authentication failed for user "postgres"
2021-11-20 06:20:02.277 UTC [78602] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:05.211 UTC [79412] FATAL: password authentication failed for user "postgres"
2021-11-20 06:41:05.211 UTC [79412] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:45.448 UTC [79517] FATAL: password authentication failed for user "pgsql"
2021-11-20 06:41:45.448 UTC [79517] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:01:53.432 UTC [80321] FATAL: password authentication failed for user "postgres"
2021-11-20 07:01:53.432 UTC [80321] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:22:44.231 UTC [81197] FATAL: password authentication failed for user "postgres"
2021-11-20 07:22:44.231 UTC [81197] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:25:30.380 UTC [81317] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:25:30.380 UTC [81317] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:43:48.611 UTC [82115] FATAL: password authentication failed for user "postgres"
2021-11-20 07:43:48.611 UTC [82115] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:47:12.673 UTC [82233] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:47:12.673 UTC [82233] DETAIL: Role "pgsql" does not exis

Solution

I cannot tell you who tries to log in, but you could add %h to log_line_prefix to see the client address.

“Connection matched pg_hba.conf line 100” means that the incoming connection matched that pg_hba.conf line (which is no surprise, since it contains all wildcards), and as a consequence, scram-sha-256 password authentication was attempted (and failed).

I recommend using less generic pg_hba.conf entries, so that attackers have less chance to intrude with a guessed password.

Context

StackExchange Database Administrators Q#302911, answer score: 2

Revisions (0)

No revisions yet.