Cannot connect to the VM!
1,089 views
Skip to first unread message
Valentin Goikhman
Jan 26, 2016, 2:54:52 PM1/26/16
to gce-discussion
Hi.
I suddenly cannot connect to my VM instance, using SFTP connection with keys. With Win SCP on Windows I get message "Server unexpectedly closed network connection". I connect with Pageant. Cannot connect with Linux/Filezilla either. Cannot connect via console.
Valentin
George
Jan 26, 2016, 5:04:44 PM1/26/16
to gce-discussion
Hello Valentin,
Did you check the serial port output on the VM? it should have a lot of useful information that can help you troubleshoot the issue. You can access the serial port output in multiple ways:
- Web UI via Developers Console – on the instance detail page, scroll to the bottom of the page and expand the console output view
- CLI via
gcloud compute instances get-serial-port-output - API via
getSerialPortOutput
If by any chance your issue can be resolved by reverting any changes on the disk, you can take a snapshot of the affected disk, create a new instance where you can ssh and attach the affected disk to it as secondary where you will be able to retrieve your data and revert the changes if need be.
I hope this helps.
Sincerely,
George
Valentin Goikhman
Jan 26, 2016, 5:16:55 PM1/26/16
to gce-discussion
Hello George,
I found a long log at the serial output, which includes the following:
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: Permissions 0777 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: It is required that your private key files are NOT accessible by others.
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: This private key will be ignored.
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: bad permissions: ignore key: /etc/ssh/ssh_host_ecdsa_key
Jan 26 21:52:55 lamp-d894 sshd[25664]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Jan 26 21:52:55 lamp-d894 sshd[25664]: fatal: No supported key exchange algorithms [preauth]
gcm-Heartbeat:1453845188000
it seems that I or some program changed the key files permission to 0777, which is too open to use them in SSH connection.
Probably this is why the connection is refused.
I have to change the keys permissions to something more appropriate, but first I have to connect to the VM.
Valentin
Valentin Goikhman
Jan 26, 2016, 5:26:49 PM1/26/16
to gce-discussion
I haven't taken snapshots of the disk. Is there a possibility to somehow "manually" access the console to fix the keys'files permissions?
Valentin
On Wednesday, 27 January 2016 00:04:44 UTC+2, George wrote:
George
Jan 27, 2016, 10:34:23 AM1/27/16
to gce-discussion
Hello Valentin,
In order to fix the directory permissions on the affected disk, you should do the following:
1. Take a snapshot of the affected disk for backup purposes.
2. Create a brand new instance where you can ssh
3. Create a disk from the snapshot
4. Attach the disk as secondary disk to the newly created instance and mount it
5. Revert the changes in the affected disk's directory
6. Detach the secondary disk and create a new instance using the fixed disk as boot disk
I hope this helps.
Sincerely,
George
Reply all
Reply to author
Forward
0 new messages