connection refused while ssh on one of instances

880 views
Skip to first unread message

Irzhy Ranaivoarivony

unread,
Mar 15, 2019, 9:14:51 AM3/15/19
to gce-discussion
Hello, 

We have some problem to accessing one of our compute engine

➜  ~ gcloud compute ssh www-4 --zone europe-west1-b
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection refused
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].

I usually use the command above to access without any problem before. I'd like to recover it if someone could help.
All other instances in the project are still accessible

It happened after stop / start the instance
firewall are OK and allow port 22 for communication

➜  ~ gcloud compute firewall-rules list -r .*ssh.*                                                    
WARNING: Flag `--regexp` is deprecated. Use `--filter="name~'REGEXP'"` instead.
NAME               NETWORK  DIRECTION  PRIORITY  ALLOW   DENY  DISABLED
default-allow-ssh  default  INGRESS    65534     tcp:22        False


Here is some additional info if it could help


➜  ~ sudo tcptraceroute -P 22 xxx.xxx.xxx.xxx                                                          
Selected device wlp2s0, address 192.168.88.14, port 22 for outgoing packets
Tracing the path to xxx.xxx.xxx.xxx on TCP port 80 (http), 30 hops max
 1  192.168.88.1  32.955 ms  0.916 ms  0.726 ms
 2  gal-er-1-gal-er-1-sdv-1.tgn.mg (154.126.77.58)  16.884 ms  8.796 ms  13.337 ms
 3  gal-er-1-gal-er-1-sdv-1.tgn.mg (154.126.77.57)  9.421 ms  8.824 ms  12.600 ms
 4  gal-cr-1-gal-er-1.tgn.mg (154.126.77.21)  16.263 ms  15.088 ms  13.061 ms
 5  tgn.149.9.192.dts.mg (197.149.9.192)  29.217 ms  28.529 ms  27.453 ms
 6  mx-10-2-tul-ae0-to-mx-10-1-tul.tgn.mg (41.188.60.236)  28.600 ms  25.070 ms  29.711 ms
 7  74.125.52.138  52.332 ms  43.898 ms  49.157 ms
 8  108.170.226.213  205.423 ms  205.236 ms  265.241 ms
 9  216.239.58.3  275.025 ms  210.304 ms  209.847 ms
10  209.85.253.196  210.071 ms  207.859 ms  209.101 ms
11  216.239.56.27  222.739 ms  223.029 ms  284.553 ms
12  72.14.234.27  211.389 ms  212.443 ms  214.220 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  160.128.195.35.bc.googleusercontent.com (xxx.xxx.xxx.xxx) [open]  204.328 ms  204.625 ms  227.294 ms



➜  ~ gcloud compute instances get-serial-port-output www-4 --zone europe-west1-b | grep ssh
Mar 15 10:35:06 www-4 systemd-tmpfiles[465]: Unsafe symlinks encountered in /var/run/sshd, refusing.
Mar 15 10:35:08 www-4 sshguard[1137]: Chain INPUT (policy ACCEPT)
Mar 15 10:35:08 www-4 sshguard[1137]: target     prot opt source               destination
Mar 15 10:35:08 www-4 sshguard[1137]: sshguard   all  --  0.0.0.0/0            0.0.0.0/0
Mar 15 10:35:08 www-4 sshguard[1137]: Chain FORWARD (policy ACCEPT)
Mar 15 10:35:08 www-4 sshguard[1137]: target     prot opt source               destination
Mar 15 10:35:08 www-4 sshguard[1137]: Chain OUTPUT (policy ACCEPT)
Mar 15 10:35:08 www-4 sshguard[1137]: target     prot opt source               destination
Mar 15 10:35:08 www-4 sshguard[1137]: Chain sshguard (1 references)
Mar 15 10:35:08 www-4 sshguard[1137]: target     prot opt source               destination
Mar 15 10:35:10 www-4 sshd[1303]: Missing privilege separation directory: /var/run/sshd
See 'systemctl status ssh.service' for details.
Mar 15 10:35:10 www-4 systemd[1]: ssh.service: Control process exited, code=exited status=255
Mar 15 10:35:10 www-4 systemd[1]: ssh.service: Unit entered failed state.
Mar 15 10:35:10 www-4 systemd[1]: ssh.service: Failed with result 'exit-code'.
Mar 15 10:35:10 www-4 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Mar 15 10:35:10 www-4 sshd[1320]: Missing privilege separation directory: /var/run/sshd
See 'systemctl status ssh.service' for details.
Mar 15 10:35:10 www-4 systemd[1]: ssh.service: Control process exited, code=exited status=255
Mar 15 10:35:10 www-4 systemd[1]: ssh.service: Unit entered failed state.
Mar 15 10:35:10 www-4 systemd[1]: ssh.service: Failed with result 'exit-code'.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Mar 15 10:35:11 www-4 sshd[1371]: Missing privilege separation directory: /var/run/sshd
See 'systemctl status ssh.service' for details.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Control process exited, code=exited status=255
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Unit entered failed state.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Failed with result 'exit-code'.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Mar 15 10:35:11 www-4 sshd[1391]: Missing privilege separation directory: /var/run/sshd
See 'systemctl status ssh.service' for details.

Specify --start=107610 in the next get-serial-port-output invocation to get only the new output starting from here.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Control process exited, code=exited status=255
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Unit entered failed state.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Failed with result 'exit-code'.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Mar 15 10:35:11 www-4 sshd[1412]: Missing privilege separation directory: /var/run/sshd
See 'systemctl status ssh.service' for details.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Control process exited, code=exited status=255
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Unit entered failed state.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Failed with result 'exit-code'.
See 'systemctl status ssh.service' for details.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Start request repeated too quickly.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Unit entered failed state.
Mar 15 10:35:11 www-4 systemd[1]: ssh.service: Failed with result 'start-limit-hit'.
Mar 15 10:35:12 www-4 google-accounts: INFO Creating a new user account for ssh.
Mar 15 10:35:12 www-4 google_accounts_daemon[1399]: useradd: group ssh exists - if you want to add this user to that group, use -g.
Mar 15 10:35:12 www-4 google-accounts: WARNING Could not create user ssh. Command '['useradd', '-m', '-s', '/bin/bash', '-p', '*', 'ssh']' returned non-zero exit status 9.


Thanks i advance

Shamma Nikhat (Cloud Platform Support)

unread,
Apr 4, 2019, 2:59:45 PM4/4/19
to gce-discussion

Error code 255 occurs when their is a connection issue. In this thread [1] it says that gcloud denies an ssh connection if there was a change in the setup, e.g. after you changed your default zone or region, or you created another instance. Then, you must update the ssh keys in your metadata by
sudo gcloud compute config-ssh.

You can track the connection problem by using ssh command with verbosity flag [2].

There is a similar group discussion [3] that refers to the same kind of error.

Reply all
Reply to author
Forward
0 new messages