Cannot access vm after change hosts.deny

85 views
Skip to first unread message

Lenna Indonesia

unread,
Oct 2, 2020, 7:32:58 AM10/2/20
to Google App Engine
hello, i have edited /etc/hosts.allow to 
ALL : 192.168.100.1
and i edited /etc/hosts.deny to
ALL : ALL
then i cannot access my vm from this button
Screen Shot 2020-10-02 at 17.43.40.png
on google cloud console vm instances

i want to remove my configure on /etc/hosts.deny and hosts.allow 
can i  connect into my vm with other option?
thanks you

Digil(Google Cloud Platform Support)

unread,
Oct 6, 2020, 12:31:01 PM10/6/20
to google-a...@googlegroups.com
Hello Lenna,

As explained in the 'Troubleshooting SSH' guide, you need to try access the instance via its serial console. You can enable the interactive serial console access either at the project level or for a particular VM.

Once you are able to access the instance via serial console, you should be able to change the /etc/hosts.deny file of the VM. However, sometimes when you tried to access the instance via serial console, a login prompt may appear. In that scenario, you need to set-up a local user name and password either by using this guide or following the below mentioned steps:

1. In the GCP menu go to compute engine and click your instance name.
2. There, click the pencil at the top bar to edit the instance.
3. At the beginning, just down your instance name is check box which says “Enable connecting to serial ports” please enable it.
4. After that, go down to “custom metadata” there add in the “key” textbox this “startup-script” and into the “value” field add next:
#! /bin/bash
useradd -G sudo USERNAME
echo 'USERNAME:PASSWORD' | chpasswd
Please change the values in capital letters for a user name which you like to use, and the password for this user, keep in mind that linux is case sensitive and further you will be prompted to write user and password as was set here.

5. Click save button at the bottom of the page.

6. In the left panel click Metadata. (Here(steps 6-10) I am enabling the interactive serial access at the Project level. If you would like to enable it only for a particular instance, please follow this guide)
7. There click edit button which is under “Metadata” name section.
8. Click “+Add item”.
9. In “key” field write “serial-port-enable” and in the “value” field write TRUE
10. Click save.
11. Reboot your instance.
12. Once your instance get ready click your instance name.
13. Under “details” you will see two buttons, click the button which says “Connect to serial console”

14. In the new window click enter to enable the console.
15  Enter the user name and password which you set in the startup-script(step number:4),if a login prompt comes.
16 Navigate to necessary files and make necessary changes. You might need to disable the lines 'ALL : 192.168.100.1' & 'ALL : ALL' in /etc/hosts.allow & '/etc/hosts.deny'
17 Do a Instance restart again, and then try to access the via any of mentioned methods.

If the above mentioned steps didn't help to gain access to your GCE VM, then the next best step is to save the data from the old VM. To achieve that, you need to create a snapshot of the old VM(problematic) and then attach the snapshot as a secondary disk to a working VM. A detailed explanation on how to save files from the old problematic VM is provided in this Stackoverflow.com thread.

I hope this helps.

Reply all
Reply to author
Forward
0 new messages