couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: CouchDB not reachable (beginner's question)
Date Mon, 15 Apr 2013 15:06:44 GMT
That's a false equivalence. You should not open couchdb to the world
before you set an administration password in the first place. :)

B.

On 15 April 2013 15:55, Tim Tisdall <tisdall@gmail.com> wrote:
> Still don't see how ssh'ing in as root is anywhere as bad as having your
> CouchDB open to the world with no password...
>
> If you had two machines, one with no password and public access to CouchDB
> and another one with someone logged in via SSH as root and someone asked
> you to delete the DB on one of those machines, which one would you go after?
>
>
> On Mon, Apr 15, 2013 at 10:23 AM, Keith Gable <ziggy@ignition-project.com>wrote:
>
>> wow indeed.
>>
>> ---
>> Keith Gable
>> A+, Network+, and Storage+ Certified Professional
>> Apple Certified Technical Coordinator
>> Mobile Application Developer / Web Developer
>>
>>
>> On Mon, Apr 15, 2013 at 9:18 AM, Robert Newson <rnewson@apache.org> wrote:
>>
>> > wow.
>> >
>> > On 15 April 2013 15:15, Tim Tisdall <tisdall@gmail.com> wrote:
>> > > What's wrong with ssh'ing as root?
>> > >
>> > >
>> > > On Mon, Apr 15, 2013 at 10:08 AM, Keith Gable <
>> > ziggy@ignition-project.com>wrote:
>> > >
>> > >> But you're SSHing as root, which is probably worse than opening
>> CouchDB
>> > to
>> > >> the world with no password.
>> > >>
>> > >> ---
>> > >> Keith Gable
>> > >> A+, Network+, and Storage+ Certified Professional
>> > >> Apple Certified Technical Coordinator
>> > >> Mobile Application Developer / Web Developer
>> > >>
>> > >>
>> > >> On Mon, Apr 15, 2013 at 8:45 AM, Tim Tisdall <tisdall@gmail.com>
>> wrote:
>> > >>
>> > >> > Instead of opening CouchDB to the world, I simply access it by
>> > >> > port-forwarding through ssh when I connect to the machine.  Like
>> this:
>> > >> >
>> > >> > ssh -L 5984:127.0.0.1:5984 root@mymachine.com
>> > >> >
>> > >> > Then on my local machine I can simply access
>> > >> http://localhost:5984/_utils/and
>> > >> > up comes futon.  It depends on your use-case, but this works well
>> for
>> > me.
>> > >> >
>> > >> >
>> > >> >
>> > >> > On Mon, Apr 15, 2013 at 7:14 AM, Stefan Reich <
>> > >> > stefan.reich.maker.of.eye@googlemail.com> wrote:
>> > >> >
>> > >> > > Hmm... maybe you guys can help me solve the rest of the problem?
>> > >> (Access
>> > >> > to
>> > >> > > couchdb from outside)
>> > >> > >
>> > >> > > These are the last iptables rules in chain INPUT:;
>> > >> > >
>> > >> > > MY_REJECT  all  --  anywhere             anywhere
>> > >> > > ACCEPT     tcp  --  anywhere             anywhere       
    tcp
>> > >> dpt:5984
>> > >> > >
>> > >> > > Is that not what it should be...? Says "anywhere"... everywhere.
>> > Heh.
>> > >> > >
>> > >> > > Cheers,
>> > >> > > Stefan
>> > >> > >
>> > >> > >
>> > >> > > On Mon, Apr 15, 2013 at 1:08 PM, Stefan Reich <
>> > >> > > stefan.reich.maker.of.eye@googlemail.com> wrote:
>> > >> > >
>> > >> > > > OK, thanks for all the answers, folks. It was indeed
iptables
>> that
>> > >> > > blocked
>> > >> > > > the port. This stuff should be designed (much) better
in
>> operating
>> > >> > > systems.
>> > >> > > >
>> > >> > > > Actually it's a project of mine to make that better
(LuaOS and
>> its
>> > >> > > > follow-ups).
>> > >> > > >
>> > >> > > > I got iptables to allow access locally now. Weirdly,
it still
>> > doesn't
>> > >> > > work
>> > >> > > > over the Internet. And no, the server is not behind
a
>> firewall...
>> > :)
>> > >> > > >
>> > >> > > > Thanks,
>> > >> > > > Stefan
>> > >> > > >
>> > >> > > >
>> > >> > > > On Thu, Apr 11, 2013 at 3:30 AM, Andrey Kuprianov <
>> > >> > > > andrey.kouprianov@gmail.com> wrote:
>> > >> > > >
>> > >> > > >> See if your local.ini bind_address is set to 0.0.0.0
so that
>> you
>> > can
>> > >> > > >> access
>> > >> > > >> it locally and remotely.
>> > >> > > >>
>> > >> > > >>
>> > >> > > >> On Thu, Apr 11, 2013 at 2:54 AM, Stanley Iriele
<
>> > >> siriele2x3@gmail.com
>> > >> > > >> >wrote:
>> > >> > > >>
>> > >> > > >> > A simple cat of etc/hosts... Should let you
know!... And
>> maybe
>> > >> > > nsswitch
>> > >> > > >> > just to be sure
>> > >> > > >> > On Apr 10, 2013 11:22 AM, "Robert Newson" <
>> rnewson@apache.org>
>> > >> > wrote:
>> > >> > > >> >
>> > >> > > >> > > Are you sure localhost == 127.0.0.1 on
your machine?
>> > >> debian/ubuntu
>> > >> > > are
>> > >> > > >> > > notorious for changing that convention.
>> > >> > > >> > >
>> > >> > > >> > > On 10 April 2013 14:20, Stanley Iriele
<
>> siriele2x3@gmail.com
>> > >
>> > >> > > wrote:
>> > >> > > >> > > > Why are you telneting to it?...try
curling it and see
>> > whatviy
>> > >> > > >> responds
>> > >> > > >> > > with
>> > >> > > >> > > > On Apr 10, 2013 10:47 AM, "Stefan
Reich" <
>> > >> > > >> > > > stefan.reich.maker.of.eye@googlemail.com>
wrote:
>> > >> > > >> > > >
>> > >> > > >> > > >> Oops, bad copy&paste - here's
the actual process info:
>> > >> > > >> > > >>
>> > >> > > >> > > >> root@pussy-riot-germany:~/luastuff#
ps -aef|grep 7651
>> > >> > > >> > > >> couchdb   7651  7650  0 19:44
pts/0    00:00:00
>> > >> > > >> > > >> /usr/lib/erlang/erts-5.8/bin/beam.smp
-Bd -K true --
>> -root
>> > >> > > >> > > /usr/lib/erlang
>> > >> > > >> > > >> -progname erl -- -home /var/lib/couchdb
-- -noshell
>> > -noinput
>> > >> > > -sasl
>> > >> > > >> > > >> errlog_type error -couch_ini
/etc/couchdb/default.ini
>> > >> > > >> > > >> /etc/couchdb/local.ini /etc/couchdb/default.ini
>> > >> > > >> /etc/couchdb/local.ini
>> > >> > > >> > > -s
>> > >> > > >> > > >> couch -pidfile /var/run/couchdb/couchdb.pid
-heart
>> > >> > > >> > > >> couchdb   7682  7651  0 19:44
?        00:00:00 heart
>> -pid
>> > >> 7651
>> > >> > > >> -ht 11
>> > >> > > >> > > >>
>> > >> > > >> > > >> Cheers,
>> > >> > > >> > > >> Stefan
>> > >> > > >> > > >>
>> > >> > > >> > > >>
>> > >> > > >> > > >> On Wed, Apr 10, 2013 at 7:46
PM, Stefan Reich <
>> > >> > > >> > > >> stefan.reich.maker.of.eye@googlemail.com>
wrote:
>> > >> > > >> > > >>
>> > >> > > >> > > >> > Hi there!
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > I'd like to start using
CouchDB for my projects.
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > This is on a Linux host.
CouchDB installed from
>> standard
>> > >> > Debian
>> > >> > > >> > > package,
>> > >> > > >> > > >> > no settings altered. But
it doesn't start properly:
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
uname -a
>> > >> > > >> > > >> > Linux pussy-riot-germany
2.6.32-042stab068.8 #1 SMP
>> Fri
>> > >> Dec 7
>> > >> > > >> > 17:06:14
>> > >> > > >> > > >> MSK
>> > >> > > >> > > >> > 2012 i686 GNU/Linux
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
>> /etc/init.d/couchdb
>> > >> > start
>> > >> > > >> > > >> > Starting database server:
couchdb.
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
>> /etc/init.d/couchdb
>> > >> > status
>> > >> > > >> > > >> > Apache CouchDB is running
as process 7651, time to
>> > relax.
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
telnet localhost
>> > 5984
>> > >> > > >> > > >> > Trying ::1...
>> > >> > > >> > > >> > Trying 127.0.0.1...
>> > >> > > >> > > >> > telnet: Unable to connect
to remote host: Connection
>> > >> refused
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > Connection refused?
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > Here's the process info:
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
uname -a
>> > >> > > >> > > >> > Linux pussy-riot-germany
2.6.32-042stab068.8 #1 SMP
>> Fri
>> > >> Dec 7
>> > >> > > >> > 17:06:14
>> > >> > > >> > > >> MSK
>> > >> > > >> > > >> > 2012 i686 GNU/Linux
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
>> /etc/init.d/couchdb
>> > >> > start
>> > >> > > >> > > >> > Starting database server:
couchdb.
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
>> /etc/init.d/couchdb
>> > >> > status
>> > >> > > >> > > >> > Apache CouchDB is running
as process 7651, time to
>> > relax.
>> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff#
telnet localhost
>> > 5984
>> > >> > > >> > > >> > Trying ::1...
>> > >> > > >> > > >> > Trying 127.0.0.1...
>> > >> > > >> > > >> > telnet: Unable to connect
to remote host: Connection
>> > >> refused
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > Please help, dear experts...
:)
>> > >> > > >> > > >> >
>> > >> > > >> > > >> > Cheers,
>> > >> > > >> > > >> > Stefan
>> > >> > > >> > > >> >
>> > >> > > >> > > >> >
>> > >> > > >> > > >>
>> > >> > > >> > >
>> > >> > > >> >
>> > >> > > >>
>> > >> > > >
>> > >> > > >
>> > >> > >
>> > >> >
>> > >>
>> >
>>

Mime
View raw message