SSH to Cloud SQL instance fails with SSL error

Problem

You are trying to connect to a PostgreSQL instance using SSH, but receive the following error:
FATAL:  pg_hba.conf rejects connection for host "xx.xx.xx.xx", user "postgre_user", database "postgre_db", SSL off.

Environment

  • Cloud SQL for PostgreSQL

Solution

  1. Create a client certificate.
  2. Validate pre-requisites.
  3. Connect from the local machine or compute engine.


Workaround
Note
: Disabling Allow only SSL is not recommended, as this disables the secure connectivity to your instance.

  1. In the Google Cloud console.
  2. Go to the Cloud SQL Instances page.
  3. To open the Overview page of an instance, click on the instance name.
  4. Click Connections from the SQL navigation menu and select the Security tab.
  5. Uncheck the option to Allow only SSL connections.

Cause

This FATAL appears because Allow only SSL connection is checked and TLS/SSL Certificates are not exchanged. This causes the issue to occur when you try to connect to the instance from any unknown VM or machine. After creating the client certificate and configuring access to your SQL Instance, enabling the Allow only SSL option can help in preventing this FATAL.