Connection failed :: SSH server (via browser)

[Alex Szilagyi]

Currently I'm facing major issues with SSH connection.

For now I can confirm that:

-- Firewall rule is allowed

-- the ssh service is up and running

Short demo with my issue can be found here.

If anyone has an idea, please let me know.

Regards,

Alex

[Kamran (Google Cloud Support)]

Hello Alex,

Did you inspect the output of VM serial port to see if you can find any error messages related to the issue? In this article you can find out some tips for troubleshooting of SSH errors. 

Also, Interacting with the Serial Console is another useful feature that you can enable on your VM and use it to get into your instance to perform troubleshooting tasks.

If you have any questions about the troubleshooting approaches that described in the above mentioned articles please let me know.

Sincerely,

[Alex Szilagyi]

Hi there Kamran,

Thanks for the reply!

I have checked the Serial console as you've mentioned but no sign of errors, at least the this is the only output that I'm getting:

Mar 4 13:05:02 panel accounts-from-metadata: INFO Google SSH key schema identifier found.

What looks suspicious to me though is that while looking to the ssh folder I have found that authorized_keys file is missing completely, have a look:

root@panel [~/.ssh]# ls -l -atotal 12drwx------. 2 root root 4096 Apr 27 2015 ./drw-r-----. 17 root root 4096 Mar 4 12:59 ../-rw-r--r--. 1 root root 813 Feb 6 2016 known_hostsroot@panel [~/.ssh]# ls -ld .?*

Let me know how I can proceed.

Regards,

Alex

--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to a topic in the Google Groups "gce-discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gce-discussion/9kFznJ7JPlc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/dbaeac6a-aaf2-47ca-b5b2-bc43531d8c16%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alex Szilagyi

[Kamran (Google Cloud Support)]

Hi Alex,

The google-accounts-daemon service creates authorized_keys file in ~/.ssh/ directory of user, synchronizes its content with SSH keys that are stored in metadata for that user and maintains it. The directory that you're looking up is for root account. Do you have any SSH keys stored in your project or instance metadata for the root user?  In fact, when you're trying to connect to a VM instance through Cloud Console SSH client, by default, the client uses the account, that you’ve logged into the console with, as the username to SSH to VM but not the root. Although the username can be changed using the gear icon menu located in top right corner of the client.

If the SSH authorized_keys files are missing for your other users, then make sure that google-accounts-daemon service is healthy and running inside the VM. For this purpose you can use the following command:

$ sudo service google-accounts-daemon status

or

$ sudo systemctl status google-accounts-daemon

 

I hope this helps.

Sincerely,

On Saturday, March 4, 2017 at 6:08:50 AM UTC-5, Alex Szilagyi wrote:

Hi there Kamran,

Thanks for the reply!

I have checked the Serial console as you've mentioned but no sign of errors, at least the this is the only output that I'm getting:

Mar 4 13:05:02 panel accounts-from-metadata: INFO Google SSH key schema identifier found.

What looks suspicious to me though is that while looking to the ssh folder I have found that authorized_keys file is missing completely, have a look:

root@panel [~/.ssh]# ls -l -atotal 12drwx------. 2 root root 4096 Apr 27 2015 ./drw-r-----. 17 root root 4096 Mar 4 12:59 ../-rw-r--r--. 1 root root 813 Feb 6 2016 known_hostsroot@panel [~/.ssh]# ls -ld .?*

Let me know how I can proceed.

Regards,

Alex

[Alex Szilagyi]

Hi Kamran,

Here's the output:

alexszilagyi@panel [~]# sudo service google-accounts-deamon status

google-accounts-deamon: unrecognized service

alexszilagyi@panel [~]# ^Cogle-accounts-deamon status

alexszilagyi@panel [~]# service google-accounts-deamon status

google-accounts-deamon: unrecognized service

alexszilagyi@panel [~]# systemctl status google-accounts-deamon

-bash: systemctl: command not found

alexszilagyi@panel [~]# sudo su

root@panel [/home/alexszilagyi]# service google-accounts-deamon status

google-accounts-deamon: unrecognized service

root@panel [/home/alexszilagyi]# systemctl status google-accounts-deamon

bash: systemctl: command not found

I'm not sure if my VM has that service up and running...

Looking forward for your suggestions,

Alex

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/c3401169-f8d0-41f1-9540-73fc02081982%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alex Szilagyi

[Kamran (Google Cloud Support)]

Alex,

Is the VM created from GCP public images or from a custom image? If possible, email me your Project ID and the VM instance name and I'll investigate the issue.

Sincerely,

[Alex Szilagyi]

Hi everyone,

I'd like to post here the fix which Kamran provided me ;) (it may help someone).

(currently I have an older deprecated image of CentOS 6 (centos-6-v20141205). In order to update its google daemons, please follow these steps):

1. Create a reposiroty file called google-cloud.repo in the following path:

$ nano /etc/yum.repos.d/google-cloud.repo 




2. Copy the lines below and add it as content of the repo file:

[google-cloud-compute]
name=Google Cloud Compute
baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-compute-el6-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

3. Now run these commands:

$ sudo yum update

$ sudo yum install -y google-compute-engine google-compute-engine-init google-config

These commands should update google daemons of your VM to the latest one. For more information about these steps you can visit this article.

After doing the steps above by running 'rpm -qa google-compute-engine'  you should see 'google-compute-engine-2.3.4-0.1488484901.el6.noarch' as installed compute engine package.

Now do a reboot and try to connect via SSH and let me know how it goes.

Regards,

Alex

On 4 March 2017 at 13:08, Alex Szilagyi <alex.s...@gmail.com> wrote:

Hi there Kamran,

Thanks for the reply!

I have checked the Serial console as you've mentioned but no sign of errors, at least the this is the only output that I'm getting:

Mar 4 13:05:02 panel accounts-from-metadata: INFO Google SSH key schema identifier found.

What looks suspicious to me though is that while looking to the ssh folder I have found that authorized_keys file is missing completely, have a look:

root@panel [~/.ssh]# ls -l -atotal 12drwx------. 2 root root 4096 Apr 27 2015 ./drw-r-----. 17 root root 4096 Mar 4 12:59 ../-rw-r--r--. 1 root root 813 Feb 6 2016 known_hostsroot@panel [~/.ssh]# ls -ld .?*

Let me know how I can proceed.

Regards,

Alex

On 4 March 2017 at 06:26, 'Kamran (Google Cloud Support)' via gce-discussion <gce-discussion@googlegroups.com> wrote:

Hello Alex,

Did you inspect the output of VM serial port to see if you can find any error messages related to the issue? In this article you can find out some tips for troubleshooting of SSH errors. 

Also, Interacting with the Serial Console is another useful feature that you can enable on your VM and use it to get into your instance to perform troubleshooting tasks.

If you have any questions about the troubleshooting approaches that described in the above mentioned articles please let me know.

Sincerely,

On Friday, March 3, 2017 at 9:51:07 PM UTC-5, Alex Szilagyi wrote:

Currently I'm facing major issues with SSH connection.

For now I can confirm that:

-- Firewall rule is allowed

-- the ssh service is up and running

Short demo with my issue can be found here.

If anyone has an idea, please let me know.

Regards,

Alex

--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to a topic in the Google Groups "gce-discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gce-discussion/9kFznJ7JPlc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gce-discussion+unsubscribe@googlegroups.com.

To post to this group, send email to gce-dis...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/dbaeac6a-aaf2-47ca-b5b2-bc43531d8c16%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alex Szilagyi

--

Alex Szilagyi

[Alex Szilagyi]

Hi there,

Quick question: I have a Load balancer which pointed to a VM that was deleted. Is there any GCP SDK CLI command to update just the VM target ?  

Regards,

--

Alex Szilagyi

[Patrick (Cloud Platform Support)]

There are, it depends on the type of Load Balancer you are using.

For Network (TCP) load balancers, you can modify the target instances using gcloud compute target-instances [1]

For HTTP(S) Load balancers, you can modify the target backends using gcloud compute backend-services [2]

[1]: https://cloud.google.com/sdk/gcloud/reference/compute/target-instances/

[2]: https://cloud.google.com/sdk/gcloud/reference/compute/backend-services/