its second time when after reboot instance cannot connect to them via SSH. Before reboot all is working well. Can I use serial console, but not know the user and password.
In addition to the guide provided by #Kolban. When using serial console keep in mind that:
The interactive serial console does not support IP-based access
restrictions such as IP whitelists. If you enable the interactive
serial console on an instance, clients can attempt to connect to that
instance from any IP address. Anybody can connect to that instance if
they know the correct SSH key, username, project ID, zone, and
instance name.
More information you can find in the documentation Interacting with the Serial Console.
There're more ways to troubleshoot SSH connectivity then serial console. Have a look at the Troubleshooting SSH guide and Known issues for SSH in browser. In addition, Google provides a troubleshooting script for Compute Engine to identify issues with SSH login/accessibility of your Linux based instance.
In some cases, the cause of the connectivity problem could be running out of free space of you disk system. In this case update your question and I'll provide you extra instructions.
Related
I am trying to locally run a PHP based project, connecting to an Amazon RDS instance. I am receiving the following error in the browser:
![SQLSTATE[HY000] [2002]]1
I have run a series of networking tests where I pinged the following and received successful test results. I pinged:
iiNet's web address
One of iiNet's DNS servers
The loopback address of my computer
I pinged Google
I then tried the mysql utility to remotely connect and received the
ERROR 2003 (HY000): Can't connect to MySQL server
Last factor I think you should know regarding my own networking situation, I am connecting to the internet via:
modem->Zyxel VPN->Wireless Router->My laptop
What in the Sam Hill is going on?
Thanks,
CM
For this to work, the following must be true:
the RDS instance must resolve to a public IP address (I'd check this for you but since you chose to use a screenshot instead of text, I can't copy paste it, so I'll leave it to you)
the Security Group(s) associated with the RDS instance must allow traffic from your public IP ( the one you'll get from http://wtfismyip.com/text ). This won't bet true by default. I highly recommend you open to your IP, not just everyone, as Mysql is trivial to DOS attack if its port is public.
The network ACL of the VPC hosting the RDS instance must allow the traffic also. This will be allowed by default, so unless you changed the ACLs in your VPC, you can ignore this.
If all those are true, you should be able to connect!
Apologies if this is a bit basic:
I have a Google Compute Instance running Windows Server 2012 R2. It has a valid admin account and password (checked via gcloud). The external IP address can be pinged, the system has been stopped and started successfully. The gcloud commands execute successfully etc etc.
If I try to RDT in I get the unsuccessful message. If I use the RDT (Chrome) option in the Google Cloud Platform admin page I get this message:
In order to use the Chrome RDP Extension, you must configure VM
instance so that it has an external IP address, username and password.
Note: You must configure the network firewall to open TCP port 3389 to
enable RDP access.
Note that ALL of the above are correct and confirmed.
I am sort of going round in circles, I've tried to use powershell on a windows system to RDT in to no avail. Again, using the built in Bash serial access I can get to the system and, for example, retrieve the admin account and password, BUT RDT FAILS.
I have tried using the powershell command Enter-PSSEssion... and I initially got a winrm error, apparently the IP address needs to be in trustedhosts. Fixed that and now I am getting a message that I need to verify that winrm is running on the destination computer, catch 22, that's why I'm using winrm, to access the destination computer.
Any ideas what I might try next?
Thanks.....
create a rdp network tag for firewall rule, which allows tcp:3389 ingress and and then apply it to the instance in question... someone (assuming you're at work) might have removed/edited these rules trough the console or gcloud command.
I'm trying to establish a basic mysql connection from a google compute engine instance in one project to a google cloud sql instance (2nd generation) in a different project.
I've done this many times before without any problem. You simply add the ip address of the google compute instance to the list of authorized networks for the google cloud sql instance. This has always worked in the past but it is not working now.
The only thing that I can think of which is different about this situation is that I've recently been experimenting with using the cloudsql-proxy to establish a connection from a different gce instance to the same google cloud sql instance. Could this be the problem? Perhaps the google cloud sql instance is getting confused by having to support both connection mechanisms?
I just need the connection to work. Is there a work-around?
There isn't a problem using both modes of connectivity simultaneously.
The only thing I can think of is that you are accidentally using an ephemeral IP addresses for your VMs instead of static, which means the VM may have a different IP address than you expect (after a restart, for example).
If that's not the case, please send a mail to cloud-sql#google.com with a little bit more information (project and database name, project/name/ip of your VM) so that we can figure out what's going on in the backend.
I'm trying to access my Google Compute Engine VM at 104.197.83.224. I tried to allow HTTP and HTTPS traffic but it errors out both times. It gives the error Invalid Fingerprint.
Could use some help. Thanks!
Also, although I haven't used my VM at all, I've gotten a bunch of requests on it. And its starting to charge me even though I'm not using it. How can I prevent that?
It sounds like you've stored a previous SSH key for that IP address in your ~/.ssh/known_hosts file. Check that file for entries that have the same IP address as your current instance and remove them.
Unfortunately, SSH assumes that IP addresses and SSH keys are assigned fairly statically (rather than using signatures from some central trust authority like SSL), which is a problem when you start to have cloud services which may assign the same IP address to different VMs several times during one day (if the VMs are started and shut down quickly, for example). I think that the gcloud ssh comm
I've setup our heroku app with an amazon RDS instance.
I followed the guide here:
https://devcenter.heroku.com/articles/amazon_rds
This guide basically says to require SSL with the connection and then to input your RDS credentials.
This doesn't seem very secure to me. If someone has my db url, user and password then they can login from anywhere, correct? The SSL is nice to prevent sniffing of this info, but I'd like to lock it down further, to a machine, IP address or SSH.
I previously setup RDS DB instances where access was locked down to only specific IPs, but heroku no longer recommends this for whatever reason.
So the questions are:
Are my assumptions correct here?
How can I lock this down further?
Why doesn't heroku recommend locking it down to IP (or at least IP range)
I'll run this by heroku support as well and post an update, but wanted to get thoughts from the community.
Previously, Heroku recommended locking down access by referencing the Heroku AWS account ID. That approach is no longer recommended. The Heroku changelog entry lists the reasons, reproducing here for completeness:
Cross-security grants don't work with AWS VPC (which is now the default on AWS)
It's not safe because it grants access to all apps running on Heroku, not just yours
Doesn't work across AWS regions
Heroku may in the future run apps in a VPC or in a different region or use a different AWS account
We know that not all customers are happy with this level of access granularity, and we're continuously evaluating whether this is the optimal setup.