Unable to use Web Console to SSH to my instance

[Rohan Sawant]

Hi all,

I am unable to connect to my VM Instance through web console suddenly from yesterday.

I have tried to SSH from Putty from my Windows Desktop but get "Server refused Key" message. Tried recreating keys and adding them to Project Level Metadata but it does not work. 

I normally use only Web Console to connect to my VM but it stopped a couple of days back.I have shut  down the instance and restarted multiple times but to no avail. I use this VM regularly and it seems strange to me that I cannot connect suddenly. 

Can anyone please have any tips or pointers? I wouldn't want to reset my VM machine as I will lose my data on it. 

Thank you!

Rohan.

[Kirill Katsnelson]

Find the instance in the Web Console (https://console.cloud.google.com/compute/instances), click on its name. First of all, near the bottom of the page, there is a check box "Block project-wide keys." Make sure it's NOT checked, since you are using keys from the project-level metadata.

From the same page you can normally see the instance's console log (default images route kernel and daemon logs there). The link "Serial port 1 (console)" is near the very top, under "Logs." This often provides a clue.

I have little experience with Putty; I do not know if you can trust that "Server refused Key" implies that it was in fact able to establish a TCP connection, but the key was refused. You can try connecting from a Linux client in the Cloud Shell (https://cloud.google.com/shell). Generate a new keypair with ssh-keygen and use its public part. The command ssh -v -f <private-key-filename> <username>@<ip-address> will give you debug information. You can increase logging level by using "-vv" or even "-vvv" in place of "-v", but that may or may not be useful, depending on your knowledge of the SSH protocol.

Be sure to generate a new keypair with ssh-keygen, do not upload the one you've created: Last time I used Putty, many years ago, it's key generator (Puttygen, I think?) stored private keys in a format that was incompatible with OpenSSH client. It may still be the case, or may have changed. ssh-keygen is a tool that comes with OpenSSH, and is indeed 100% compatible with it.

> I wouldn't want to reset my VM machine as I will lose my data on it.

It's not clear what do you mean by "reset". You can always detach the disk from your VM, attach it as a second disk to a fresh VM instance, mount and access your data, as a last-resort measure. Depending on what the "data" is, it may be time-consuming to put it back in order. Be sure to create a snapshot of the disk before doing anything else (https://cloud.google.com/compute/docs/disks/create-snapshots). Best of all snapshot the disk while the VM is powered off, for data consistency. If you need the VM be online while you are recovering data (if it's a web server , for example, and you do not want to power if off to steal its disk), you may create an exact copy of the disk from the snapshot, and recover from it. Hope you won't have to, tho.

Good luck,

 -kkm

[Wilfred L. (Cloud Platform Support)]

Hi Rohan, here is some documentation from Google about troubleshooting ssh connectivity [1].  

In addition. you can try troubleshoot using the serial console [2] . Also it would be helpful to verify if your sshd is started in your VM. 

[1] https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh
[2] https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-using-serial-console

[Rohan Sawant]

Hi kkm,

Thanks for the detailed reply. Sorry on posting this late.

Yes putty generated key were a problem. I created a new instance and tried to connect with new sshkeys created by ssh-keygen and I could connect. 

However for the problem instance nothing worked - here's what I tried

- Generated new key and added them to Problem instance 

-  "Block project wide keys" was NOT checked 

-  Kept getting 4003 and Port 22 errors. Made sure https and http was allowed as per Google documentation. 

I tried this multiple times but it did not work. The only thing that I did not try before deleting the instance was having a look at "Serial Port 1" logs and I had deleted the instance by then. So may be that would have provided a clue!

Anyways thanks for that as going forward I will prefer ssh-keygen. At least I know my second new instance works using the ssh-keygen generated keys.

Kind Regards,

Rohan.

[Rohan Sawant]

Hi Wilfred,

Thanks for that. I tried all of the ssh troubleshooting but did not work. Probably my instance disk was corrupted. Could not try the serial logs troubleshooting as I had deleted the my instance by then.

Cheers,

Rohan.

[Shamma Nikhat (Cloud Platform Support)]

Hello,

Just to let you know that this forum is where you're likely to find information like service status updates and release notes, and ranging from book recommendations to creative shortcuts.

For troubleshooting questions you can post your question to Stack Overflow and Server Fault.