Launch Offer: Use codelaunch30for 30% off
Logo
DB Pro

no pg_hba.conf entry for host

This error occurs when your IP address or authentication method isn't configured in pg_hba.conf.

The no pg_hba.conf entry error means PostgreSQL's host-based authentication rejected your connection.

Understanding the Error

FATAL: no pg_hba.conf entry for host "192.168.1.100", user "myuser", database "mydb"

Your connection doesn't match any entry in pg_hba.conf.

Understanding pg_hba.conf

# TYPE    DATABASE    USER    ADDRESS         METHOD
local     all         all                     peer
host      all         all     127.0.0.1/32    md5
host      all         all     ::1/128         md5
  • TYPE: local (socket) or host (TCP/IP)
  • DATABASE: which databases this applies to
  • USER: which users this applies to
  • ADDRESS: IP address or range (for host type)
  • METHOD: authentication method (md5, scram-sha-256, peer, trust, etc.)

Common Causes

1. IP Address Not Allowed

Your IP address isn't in any allowed range in pg_hba.conf.

2. User Not Allowed

The specific user isn't permitted for that database.

3. Wrong Authentication Method

The configured method doesn't match how you're trying to authenticate.

How to Fix It

Solution 1: Add Your IP to pg_hba.conf

BASH
# Find pg_hba.conf location
psql -U postgres -c "SHOW hba_file;"

# Edit the file
sudo nano /etc/postgresql/15/main/pg_hba.conf

Add entry for your IP:

# Allow specific IP
host    all    all    192.168.1.100/32    md5

# Allow entire subnet
host    all    all    192.168.1.0/24    md5

# Allow all IPs (use with caution)
host    all    all    0.0.0.0/0    md5

Solution 2: Reload Configuration

BASH
# Reload pg_hba.conf without restart
sudo systemctl reload postgresql

# Or from psql
SELECT pg_reload_conf();

Solution 3: Allow All Local Connections

# For development only
host    all    all    127.0.0.1/32    trust
host    all    all    ::1/128         trust

Solution 4: Configure for Docker

# Allow Docker network
host    all    all    172.17.0.0/16    md5
host    all    all    172.18.0.0/16    md5

Solution 5: Use SCRAM Authentication

# More secure than md5
host    all    all    0.0.0.0/0    scram-sha-256

Then set password encryption:

SQL
SET password_encryption = 'scram-sha-256';
ALTER USER myuser WITH PASSWORD 'newpassword';

Solution 6: Allow Specific Database/User

# Only allow specific user to specific database
host    mydb    myuser    192.168.1.0/24    md5

# Allow user to all databases
host    all     myuser    192.168.1.0/24    md5

# Allow all users to specific database
host    mydb    all       192.168.1.0/24    md5

Authentication Methods

trust       # No password (dangerous!)
reject      # Always reject
md5         # MD5-encrypted password
scram-sha-256  # SCRAM authentication (recommended)
password    # Clear-text password (insecure)
peer        # OS username must match database user
ident       # Ident server verification
cert        # SSL client certificate

Best Practices

  1. Use scram-sha-256 instead of md5
  2. Be specific with IP ranges
  3. Never use trust in production
  4. Document changes to pg_hba.conf
  5. Test changes before applying to production