how to ssh to cloud instance with bad ssh service and nopassword allow ssh
446 views
Skip to first unread message
雨田
Jun 12, 2018, 8:55:59 AM6/12/18
to gce-discussion
hi,dear all :
I meet a bad case and now could not ssh to my vm instance . to the instance safe I set nopasswordlogin only allow ssh key . yesterday I use root user update the dir of /var/www/mywebsite to chown to 600 but use the command " chmod 600 / var/www/mywebsite " , at begin I didnot release the question ,then I quit the iterm , so I could not ssh to my vm any more ,How can I do now ?
I want to reset the instance but nothing happen ,here is the log ,it shows ssh service not running because of the bad permission
Jun 12 00:43:33 instance-1 ssserver: 2018-06-12 00:43:33 INFO connecting r12---sn-nx57ynee.googlevideo.com:443 from 218.241.251.157:43896
Jun 12 00:43:34 instance-1 ssserver: 2018-06-12 00:43:34 WARNING unsupported addrtype 73, maybe wrong password or encryption method
Jun 12 00:43:34 instance-1 ssserver: 2018-06-12 00:43:34 ERROR can not parse header when handling connection from 222.249.232.10:33629
Jun 12 00:43:35 instance-1 ssserver: 2018-06-12 00:43:35 INFO connecting r12---sn-nx57ynee.googlevideo.com:443 from 218.241.251.157:43585
Jun 12 00:43:36 instance-1 ssserver: 2018-06-12 00:43:36 WARNING unsupported addrtype 73, maybe wrong password or encryption method
Jun 12 00:43:36 instance-1 ssserver: 2018-06-12 00:43:36 ERROR can not parse header when handling connection from 222.249.232.10:33663
Jun 12 00:43:38 instance-1 ssserver: 2018-06-12 00:43:38 INFO connecting easylist-downloads.adblockplus.org:443 from 218.241.251.157:43589
Jun 12 00:43:38 instance-1 ssserver: 2018-06-12 00:43:38 WARNING unsupported addrtype 73, maybe wrong password or encryption method
Jun 12 00:43:38 instance-1 ssserver: 2018-06-12 00:43:38 ERROR can not parse header when handling connection from 222.249.232.10:33715
Jun 12 00:43:51 instance-1 ssserver: 2018-06-12 00:43:51 INFO connecting onbase.space:80 from 218.241.251.157:43616
Jun 12 00:44:02 instance-1 ssserver: 2018-06-12 00:44:02 INFO connecting easylist.to:443 from 218.241.251.157:43640
Jun 12 00:44:02 instance-1 ssserver: 2018-06-12 00:44:02 WARNING unsupported addrtype 73, maybe wrong password or encryption method
Jun 12 00:44:02 instance-1 ssserver: 2018-06-12 00:44:02 ERROR can not parse header when handling connection from 222.249.232.10:34090
Jun 12 00:44:07 instance-1 systemd: sshd.service holdoff time over, scheduling restart.
Jun 12 00:44:07 instance-1 systemd: Starting Google Compute Engine Instance Setup...
Jun 12 00:44:07 instance-1 instance-setup: INFO Running set_multiqueue.
Jun 12 00:44:07 instance-1 instance-setup: INFO Setting /proc/irq/29/smp_affinity_list to 0 for device virtio1.
Jun 12 00:44:07 instance-1 instance-setup: INFO /proc/irq/29/smp_affinity_list: real affinity 0
Jun 12 00:44:07 instance-1 instance-setup: INFO Setting /proc/irq/30/smp_affinity_list to 0 for device virtio1.
Jun 12 00:44:07 instance-1 instance-setup: INFO /proc/irq/30/smp_affinity_list: real affinity 0
Jun 12 00:44:07 instance-1 instance-setup: INFO Queue 0 XPS=1 for /sys/class/net/eth0/queues/tx-0/xps_cpus
Jun 12 00:44:07 instance-1 systemd: Started Google Compute Engine Instance Setup.
Jun 12 00:44:07 instance-1 systemd: Starting OpenSSH server daemon...
Jun 12 00:44:07 instance-1 sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 12 00:44:07 instance-1 sshd: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Jun 12 00:44:07 instance-1 sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 12 00:44:07 instance-1 sshd: Permissions 0755 for '/etc/ssh/ssh_host_rsa_key' are too open.
Jun 12 00:44:07 instance-1 sshd: It is required that your private key files are NOT accessible by others.
Jun 12 00:44:07 instance-1 sshd: This private key will be ignored.
Jun 12 00:44:07 instance-1 sshd: key_load_private: bad permissions
Jun 12 00:44:07 instance-1 sshd: Could not load host key: /etc/ssh/ssh_host_rsa_key
Jun 12 00:44:07 instance-1 sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 12 00:44:07 instance-1 sshd: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Jun 12 00:44:07 instance-1 sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 12 00:44:07 instance-1 sshd: Permissions 0755 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Jun 12 00:44:07 instance-1 sshd: It is required that your private key files are NOT accessible by others.
Jun 12 00:44:07 instance-1 sshd: This private key will be ignored.
Jun 12 00:44:07 instance-1 sshd: key_load_private: bad permissions
Jun 12 00:44:07 instance-1 sshd: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Jun 12 00:44:07 instance-1 sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 12 00:44:07 instance-1 sshd: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Jun 12 00:44:07 instance-1 sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 12 00:44:07 instance-1 sshd: Permissions 0755 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Jun 12 00:44:07 instance-1 sshd: It is required that your private key files are NOT accessible by others.
Jun 12 00:44:07 instance-1 sshd: This private key will be ignored.
Jun 12 00:44:07 instance-1 sshd: key_load_private: bad permissions
Jun 12 00:44:07 instance-1 sshd: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 12 00:44:07 instance-1 sshd: sshd: no hostkeys available -- exiting.
Jun 12 00:44:07 instance-1 systemd: sshd.service: main process exited, code=exited, status=1/FAILURE
Jun 12 00:44:07 instance-1 systemd: Failed to start OpenSSH server daemon.
Jun 12 00:44:07 instance-1 systemd: Unit sshd.service entered failed state.
Jun 12 00:44:07 instance-1 systemd: sshd.service failed.
need your help ,thank you !
Navi Aujla (Google Cloud Support)
Jun 12, 2018, 1:30:34 PM6/12/18
to gce-discussion
Hello
It appears you changed the permissions. You can enable the connecting to the serial port for the instance and login directly through the instance serial console using the steps provided here and make the required changes to the permissions or the ssh configuration as required.
In addition, you can use startup-script to change the file permissions or any required changes. For example, simple startup-script as below:
Stop and Start the instance, the startup-script will set the "/" directory permission to 755.
I hope it helps.
Note: If needed, you can get the right permissions and setting by spinning up a new instance with the same boot image and delete the instance later to avoid charges.
It appears you changed the permissions. You can enable the connecting to the serial port for the instance and login directly through the instance serial console using the steps provided here and make the required changes to the permissions or the ssh configuration as required.
In addition, you can use startup-script to change the file permissions or any required changes. For example, simple startup-script as below:
#!/bin/bash
chmod 755 /
Stop and Start the instance, the startup-script will set the "/" directory permission to 755.
I hope it helps.
Note: If needed, you can get the right permissions and setting by spinning up a new instance with the same boot image and delete the instance later to avoid charges.
雨田
Jun 13, 2018, 3:28:29 AM6/13/18
to gce-discussion
hi, dear:
follow you advice ,and I use startup-script , now I can login it by browser window . thank u very much .
雨田
Jun 14, 2018, 9:06:32 PM6/14/18
to gce-discussion
at last, I use this command at startup-script get root user:
mount -o remount rw /
chmod 4755 /usr/bin/sudo
chmod 755 /usr/lib/sudo/sesh
chmod 644 /usr/lib/sudo/sudoers.so
chmod 644 /usr/lib/sudo/sudo_noexec.so
thanks a lot .share the info to the ones who meet the same case ;
在 2018年6月13日星期三 UTC+8上午1:30:34,Navi Aujla (Google Cloud Support)写道:
雨田
Jun 14, 2018, 9:13:10 PM6/14/18
to gce-discussion
errormsg:
sudo: /usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位
user@instance-1 ~]$ sudo: /usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位
solve method:
Reply all
Reply to author
Forward
0 new messages