问题
I have a problem with SSH access on my google compute engine. I made a server, set up the application on it and configured the domain and everything works. After a few days when I wanted to approach her to make changes my SSH didn’t work. I have one assumption I was turning on firewall and I didn't add a rule for SSH, maybe that's a problem? But how to access the machine now and enable it?
Thanks in advance .
回答1:
To solve your issue you can connect to your VM instance via serial console. Before connecting to the VM via serial console check if you enabled connections to your VM instance at GCP Firewall.
Please have a look at the step by step instructions below:
Enable serial console connection with
gcloud
command:gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \ --metadata serial-port-enable=TRUE
or go to Compute Engine
-> VM instances
-> click on NAME_OF_YOUR_VM_INSTANCE
-> click on EDIT
-> go to section Remote access
and check Enable connecting to serial ports
Create temporary user and password to login: shutdown your VM and set a startup script by adding at the section
Custom metadata
keystartup-script
and value:#!/bin/bash useradd --groups google_sudoers tempuser echo "tempuser:password" | chpasswd
and then start your VM.
Connect to your VM via serial port with
gcloud
command:gcloud compute connect-to-serial-port NAME_OF_YOUR_VM_INSTANCE
or go to
Compute Engine
->VM instances
-> click onNAME_OF_YOUR_VM_INSTANCE
-> and click onConnect to serial console
Check what went wrong.
Disable access via serial port with
gcloud
command:gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \ --metadata serial-port-enable=FALSE
or go to Compute Engine
-> VM instances
-> click on NAME_OF_YOUR_VM_INSTANCE
-> click on EDIT
-> go to section Remote access
and uncheck Enable connecting to serial ports
. Keep in mind that accordingly to the documentation Interacting with the serial console:
Caution: The interactive serial console does not support IP-based access restrictions such as IP whitelists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. Anybody can connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name. Use firewall rules to control access to your network and specific ports.
In addition, have a look at 3rd party example Resolving getting locked out of a Compute Engine.
If you weren't able to connect via serial console check logs:
- Go to
Compute Engine
->VM instances
-> click on NAME_OF_YOUR_VM -> at theVM instance details
find section Logs and click onSerial port 1 (console)
- Reboot your VM instance again.
- Check full boot log for any errors or/and warnings.
If you found errors/warning related to disk space you can try to resize it accordingly to the documentation Resizing a zonal persistent disk, also accordingly to the article Recovering an inaccessible instance or a full boot disk:
If nothing helped, try to follow other recommendations from the documentation Troubleshooting SSH and update your question with your attempts.
来源:https://stackoverflow.com/questions/65319380/google-cloud-platform-fix-ssh