Google Cloud Platform fix SSH

て烟熏妆下的殇ゞ 提交于 2021-01-28 11:19:53

问题


I have a problem with SSH access on my google compute engine. I made a server, set up the application on it and configured the domain and everything works. After a few days when I wanted to approach her to make changes my SSH didn’t work. I have one assumption I was turning on firewall and I didn't add a rule for SSH, maybe that's a problem? But how to access the machine now and enable it?

Thanks in advance .


回答1:


To solve your issue you can connect to your VM instance via serial console. Before connecting to the VM via serial console check if you enabled connections to your VM instance at GCP Firewall.

Please have a look at the step by step instructions below:

  1. Enable serial console connection with gcloud command:

     gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
     --metadata serial-port-enable=TRUE
    

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and check Enable connecting to serial ports

  1. Create temporary user and password to login: shutdown your VM and set a startup script by adding at the section Custom metadata key startup-script and value:

     #!/bin/bash
     useradd --groups google_sudoers tempuser
     echo "tempuser:password" | chpasswd
    

and then start your VM.

  1. Connect to your VM via serial port with gcloud command:

     gcloud compute connect-to-serial-port NAME_OF_YOUR_VM_INSTANCE
    

    or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> and click on Connect to serial console

  2. Check what went wrong.

  3. Disable access via serial port with gcloud command:

     gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
     --metadata serial-port-enable=FALSE
    

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and uncheck Enable connecting to serial ports. Keep in mind that accordingly to the documentation Interacting with the serial console:

Caution: The interactive serial console does not support IP-based access restrictions such as IP whitelists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. Anybody can connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name. Use firewall rules to control access to your network and specific ports.

In addition, have a look at 3rd party example Resolving getting locked out of a Compute Engine.

If you weren't able to connect via serial console check logs:

  1. Go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> at the VM instance details find section Logs and click on Serial port 1 (console)
  2. Reboot your VM instance again.
  3. Check full boot log for any errors or/and warnings.

If you found errors/warning related to disk space you can try to resize it accordingly to the documentation Resizing a zonal persistent disk, also accordingly to the article Recovering an inaccessible instance or a full boot disk:

If nothing helped, try to follow other recommendations from the documentation Troubleshooting SSH and update your question with your attempts.



来源:https://stackoverflow.com/questions/65319380/google-cloud-platform-fix-ssh

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!