My GCP server is down. It was working last day. I can see the server in VM Instances but can not connect using SSH. All the client websites are down.
Can any one help ?
There is several reasons this could happen:
If your disk is full
sshd deamon isn't configured properly
If OS login is enabled on your instance
A firewall rule block port 20
Sometimes, you see some connection errors in the console, that worth to take a look.
EDIT:
I will need additional information if that still not working;
Take a look to your serial console logs and tell me if you have any relevant logs that can help like a kernel panic, issue with networking, permission denied, etc
Use Cloud Shell and try to connect to your VM instance with these commands:
gcloud compute firewall-rules create --network=default default-allow-ssh --allow tcp:22
gcloud compute ssh YOUR_INSTANCE_NAME --zone YOUR_ZONE -- -vvv
If you can't connect from cloud shell, try to ping your VM instance (internal IP & external IP)
I highly recommend to delete your screenshots showing information about your VM instance (Firewall rules, Project name, nmap scans, etc).
Related
its second time when after reboot instance cannot connect to them via SSH. Before reboot all is working well. Can I use serial console, but not know the user and password.
In addition to the guide provided by #Kolban. When using serial console keep in mind that:
The interactive serial console does not support IP-based access
restrictions such as IP whitelists. If you enable the interactive
serial console on an instance, clients can attempt to connect to that
instance from any IP address. Anybody can connect to that instance if
they know the correct SSH key, username, project ID, zone, and
instance name.
More information you can find in the documentation Interacting with the Serial Console.
There're more ways to troubleshoot SSH connectivity then serial console. Have a look at the Troubleshooting SSH guide and Known issues for SSH in browser. In addition, Google provides a troubleshooting script for Compute Engine to identify issues with SSH login/accessibility of your Linux based instance.
In some cases, the cause of the connectivity problem could be running out of free space of you disk system. In this case update your question and I'll provide you extra instructions.
I’ve a question regarding Compute VM and its associated privileges. I have ‘Owner’ privileges at Project level. I created a VM but was not able to assign an external IP address to it. Upon referring to google cloud docs, it appears that I’ll still be able to connect to this VM using VPN or IAP. Upon clicking the SSH link next to the VM, I see that it uses a Cloud-IAP tunnel but the connection fails.
Here is the error message
External IP address was not found; defaulting to using IAP tunneling.
ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4003: u'failed to connect to backend'].
ssh_exchange_identification: Connection closed by remote host
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
How do I go about connecting to this VM?
Appreciate your help with this
https://hodari.be/posts/2019_09_30_access_private_gke_nodes_with_ssh/
https://cloud.google.com/iap/docs/using-tcp-forwarding
Firewall rules that are configured to allow access from Cloud IAP's TCP forwarding netblock, 35.235.240.0/20, on all ports of your machine. This ensures that connections are allowed from Cloud IAP's TCP forwarding IP addresses to the TCP port of the admin service on your resource. Note that you might not need to adjust your firewall rules if the default-allow-ssh and default-allow-rdp default rules are applied to ports used for SSH and RDP.
As probably you already have default-allow-ssh instead of trying:
gcloud compute start-iap-tunnel stage-es-kibana 5601 --local-host-port=localhost:5601
jump to port via extra ssh layer:
gcloud compute ssh stage-es-kibana -- -N -L 5601:localhost:5601
or open Google Firewall between host/port stage-es-kibana:5601 and subnet 35.235.240.0/20.
This is a permissions issue.
You are trying to ssh into your vm thru google's IAP proxy.
You don't have permissions to create the tunnel from your computer to the proxy server.
You need have the role "roles/iap.tunnelResourceAccessor" to ssh to your vm:
It seems that the GCP CE requires to initialize SSH and other services after its RUNNING status.
I used a workaround by adding a sleep (60 sec) command, after starting the VM and before SSH using the IAP tunnel.
In my case I solved or worked around it by omitting the --tunnel-through-iap parameter that is passed to gcloud compute ssh.
try open Google Firewall subnet 35.235.240.0/20
I have a GCE instance that uses older mysql connection type and in order to connect to a Google Cloud SQL instance, I open an SSH connection through the browser on the GCE instance and run the following:
> cd /
> ./cloud_sql_proxy -dir=/cloudsql -instances=my-gce-instance-name:us-east1:my-sql-instance-name &./cloud_sql_proxy -dir=/cloudsql -
And then it is open for connections. The problem is, when I close the browser window (or even sign into Google with a different user), the connection is lost. Is there any way to persistently run this Unix socket with Google Cloud Engine?
Generally, you can run a command in the background by appending a & to the end of the command. This will start a background process for the proxy. You can stop the proxy with killall cloud_sql_proxy.
Another solution would be to run the proxy as a service. How to do this wildly varies by distro and version. Ubuntu 16 is typically bundled with systemd.
I am a very basic user in Google Cloud Platform.
Is it possible to use a GUI of my VM instance ? I am currently using Centos7 VM.
You can use VNC to connect to VMs on Google Compute Engine. Here's a detailed tutorial for how to set this up.
For added security:
use a long, complex password (though note that VNC limits passwords to 8 characters)
instead of opening up port 5901 to the Internet, consider using an SSH tunnel. This is more complex, and depending on your Internet connection, may slow down your graphics refresh rate, but will be more secure.
To use the alternative approach with an SSH tunnel, here are the differences from the tutorial you need to follow:
don't open port 5901 in the Google Compute Engine firewall
create an SSH tunnel from your desktop/laptop to GCE VM via:
gcloud compute ssh \
${VM_INSTANCE} \
--project $PROJECT \
--zone $ZONE \
--ssh-arg "-L ${LOCAL_PORT}:localhost:5901"
where you need to provide the right parameters for ${VM_INSTANCE}, $PROJECT, and $ZONE that match your configuration. You can choose ${LOCAL_PORT} to be 5901 if you wish, but if you decide to VNC into several different GCE VM instances, you'll have to choose unique ports for your local machine.
You need to keep this connection open to use VNC. If this connection is closed, you will lose VNC access as well.
Instead of connecting to your VM using its external IP, connect via localhost:${LOCAL_PORT} with ${LOCAL_PORT} same as selected earlier in step #2
My need was to connect a Windows TightVNC client to Google Compute Engine Cloud Instance of Debian 10 (Buster). The various tutorials I have worked through omitted one important step: make sure the vnc server is not restricted to localhost.
The essential steps for Google Cloud are summarized as
confirm you have a running VM instance and that you have ssh access.
I explicitly disabled enable-oslogin (how to disable oslogin)
and loaded my own Puttygen-created SSH certificate.
in VPC Networks > Network Interface Details > Firewall and routes > Rules add a rule to allow ingress for ip range 0.0.0.0/0 (or a
known limited range), for tcp:5900-5920 (this allows for up to 20
VNC instances)
set up the VNC server (tutorials here and for debian 9
here and for debian 10 here and more complete and recent
here for debian 10
after doing this, I could not get past "Connection refused."
Missing step: make sure -localhost no is included as argument when starting the vncserver:
vncserver -localhost no
Once all these conditions were satisfied, I had desktop access.
I started several GCE instances and was unable to connect to even 1 of them using ssh. For debian wheezy instances the ssh server appeared to be not running ("nc IP 22" times out). Even though I enabled ICMP in default network, debian instances did not respond to ping.
CentOS instances responds to ping and I was able to get an ssh banner using nc intermittently. But connecting using ssh command repeatedly timed out.
I suspected a network outage but "gcutil listzones" showed that all the zones I was using, were UP (us-cental)
From https://groups.google.com/d/msg/gce-operations/coBWszq91j4/dRPq5_gJ3t4J:
We're investigating an issue with network connectivity to new Google Compute Engine instances. Currently-running instances are not affected. We will provide more information shortly.