Reset the Google Compute engine VM Could not SSH into the instance
4,690 views
Skip to first unread message
Dhandapani Sattanathan
Aug 12, 2017, 8:47:22 AM8/12/17
to gce-discussion
| I m using Past 3 years Google Compute Engine VM instance.Using Putty I generated a private key and public key.Public key added in instance SSH metadata. So using the private key I can ssh using gcloud SDK installed on my local machine.also, I can access GCE VM instance via PHPSTROM & SFTP FileZilla. After RESET VM instance recently I can't connect via SSH. My Local Gcloud SDK Shell Logs:
I ran the below command in Gcloud SDK Shell
I got network : connection timed out issue in PuTTy
I could not find solution SSH via Gcloud SDK Shell, Using Public key to connect VM instance via PhpStrom. I don't know What firewall blocking or any other new process I missed. Please help to solve this |
Kamran (Google Cloud Support)
Aug 12, 2017, 4:15:08 PM8/12/17
to gce-dis...@googlegroups.com
The "Network error: Connection timed out" indicates that there is an issue with your networking and firewalls settings (on client and/or server sides) but not issue with the SSH keys. I tried telnetting to your "lamp-bafs" VM and I can confirm that the SSH service is running and listening on port 22 of your VM and the GCE firewall rule (server side) for SSH is properly configured:
khashemi@debian8:~$ telnet 10*.***.***.** 22
Trying 10*.***.***.**...
Connected to 1**.***.***.**.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
In order to troubleshoot the issue further, I'd recommend investigating your SSH client configuration, your computer and Internet connection settings to make sure the outgoing SSH connection is allowed and not blocked by a firewall or a proxy. Also, examine connecting to your VM from a different computer, internet connection or a different VM on GCP to isolate and pinpoint the issue.
I hope this helps.
Dhandapani Sattanathan
Aug 14, 2017, 8:04:47 AM8/14/17
to gce-discussion
Thanks, Kamran,
1.I tried ping with public IP of my VM. That one working fine, Plz refer the below
C://ping 10..................5
Pinging 10..................5 with 32 bytes of data:
Reply from 10..................5: bytes=32 time=109ms TTL=58
Reply from 10..................5: bytes=32 time=108ms TTL=58
Reply from 10..................5: bytes=32 time=109ms TTL=58
Reply from 10..................5: bytes=32 time=108ms TTL=58
Ping statistics for 110..................5:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 108ms, Maximum = 109ms, Average = 108ms3.Used different internet connection - I can SSH to VM.Please refer the below image
4. Is this blocking? I got this from My internet connection provider. I disabled IPv6 firewall. But same issues only.Plz refer the below image
I could not find which one blocking using my internet connection.Please help me to solve this.
Sven Nebel
Aug 14, 2017, 11:02:45 AM8/14/17
to gce-discussion
Hi,
As a suggestion, using some tcp traceroute tool for windows targeting ssh port might help troubleshooting your issue
Good luck!
Kamran (Google Cloud Support)
Aug 16, 2017, 7:36:34 PM8/16/17
to gce-discussion
As this issue is with your internet connection / router firewall, I'd recommend contacting your internet provider to get their help on enabling outgoing SSH connections (Protocol:Port = TCP:22) on your Internet connection.
Sincerely,
Dhandapani Sattanathan
Aug 17, 2017, 10:05:53 AM8/17/17
to gce-discussion
Thanks Kamran & Sven Nebel,
I 'll check with my ISP and let you know the status
Dhandapani Sattanathan
Aug 19, 2017, 12:33:27 AM8/19/17
to gce-discussion
Hi KAMRAN,
My ISP provider blocking port 22.So I could not SSH. Could you help me how to bypass port 22 in GCE VM SSH?
Kamran (Google Cloud Support)
Aug 19, 2017, 3:17:20 PM8/19/17
to gce-dis...@googlegroups.com
Although your Internet provider is blocking outgoing traffic to port 22, you should still be able to SSH to your GCE VM by using Cloud Console. To use this feature, open Cloud Console in your web browser, and then click on SSH button in front of your VM instance. This opens another window, automatically generates SSH keys, updates metadata and establishes a SSH connection to your VM.
However, if you want to use "gcloud compute ssh" command or FileZilla to connect to your VM and your ISP is not willing to unblock outgoing traffic to port 22, one workaround would be changing the port that SSH service is listening to on your VM. This can be done by editing "/etc/ssh/ssh_config" config file in the VM and specifying another value for Port parameter (for example: Port 443). Then you will need to restart the ssh service for the change takes effect. Now, you can use --ssh-flag flag with gcloud command to ssh to your VM on the newly configured port:
gcloud compute ssh example-instance --ssh-flag="-p 433"
Please note that this workaround will break the functionality of Cloud Console SSH client, and is not recommended.
Dhandapani Sattanathan
Aug 21, 2017, 5:11:13 AM8/21/17
to gce-discussion
Thanks Kamran,
Local GCloud SDK shell:
I changed the port. But I can't connect ssh from my lap.
GCloud shell commands:
root@lamp-bafs:/etc/ssh# vi sshd_config
root@lamp-bafs:/etc/ssh# service ssh reload
[ ok ] Reloading OpenBSD Secure Shell server's configuration: sshd.
root@lamp-bafs:~#gcloud compute ssh lamp-bafs --ssh-flag="-p 443"
Did you mean zone [asia-east1-a] for instance: [lamp-bafs] (Y/n)? Y
Linux lamp-bafs 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Aug 21 08:43:37 2017 from ip_address.bc.googleusercontent.com
root@lamp-bafs:~# su - admin
admin@lamp-bafs:~$ gcloud compute ssh lamp-bafs --ssh-flag="-p 443"
Did you mean zone [asia-east1-a] for instance: [lamp-bafs] (Y/n)? Y
Enter passphrase for key '/home/admin/.ssh/google_compute_engine':
Linux lamp-bafs 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Aug 21 06:46:13 2017 from ip_address.bc.googleusercontent.com
Local GCloud SDK shell:
C:\Program Files (x86)\Google\Cloud SDK>gcloud compute ssh lamp-bafs --ssh-flag="-p 443"
WARNING: The PuTTY PPK SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
This tool needs to create the directory [C:\Users\admin\.ssh] before
being able to generate SSH keys.
Do you want to continue (Y/n)? Y
Updating project ssh metadata.../Updated [https://www.googleapis.com/compute/v1/projects/project-id].
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
plink: unknown option "-p"
ERROR: (gcloud.compute.ssh) Could not SSH into the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
Using My lap I can't SSH to GCE VM.What I missed here?Please help me.
Kamran (Google Cloud Support)
Aug 22, 2017, 7:50:58 PM8/22/17
to gce-discussion
gcloud compute ssh example-instance --ssh-flag="-P 443"
Dhandapani Sattanathan
Aug 24, 2017, 2:35:55 AM8/24/17
to gce-discussion
Thanks, Kamran, Using Captial P, I can connect SSH
Reply all
Reply to author
Forward
0 new messages