I am unable to ssh into a VM on GCP Compute Engine
However, when I run the command with the --troubleshoot flag, it seems like everything is okay.
When I connect through the console, I get an error message saying "You cannot connect to the VM instance because of an unexpected error".
Also, other people from my organization are able to connect.
I am unable to figure out what the error is. Any help would be appreciated.
From the error message that you got "Permission denied (publickey)" you can check this documentation for further troubleshooting.
Further more you can investigate also the Identity-Aware Proxy (IAP).
If you use Identity-Aware Proxy (IAP) for TCP forwarding, update your custom firewall rule to accept traffic from IAP, then check your IAM permissions.
Update your custom firewall rule to allow traffic from 35.235.240.0/20, the IP address range that IAP uses for TCP forwarding. For more information, see Create a firewall rule.
Grant permissions to use IAP TCP forwarding, if you haven't already done so.
For the error message "You cannot connect to the VM instance because of an unexpected error".
The VM is booting up and sshd is not running yet. You can't connect to a VM before it is running.
To resolve this issue, wait until the VM has finished booting and try to connect again.
The firewall rule allowing SSH is missing or misconfigured. By default, Compute Engine VMs allow SSH access on port 22. If the default-allow-ssh rule is missing or misconfigured, you won't be able to connect to VMs.
To resolve this issue, Check your firewall rules and re-add or reconfigure default-allow-ssh.
sshd is running on a custom port. If you configured sshd to run on a port other than port 22, you won't be able to connect to your VM.
To resolve this issue, create a custom firewall rule allowing tcp traffic on the port that your sshd is running on using the following command:
gcloud compute firewall-rules create FIREWALL_NAME \
--allow tcp:PORT_NUMBER
For further troubleshooting on SSH you see this documentation on Common SSH errors.
Related
I am trying to login to a VM machine but unable to get in there as the below error pops up:
ERROR: (gcloud.beta.compute.start-iap-tunnel) Error while connecting [[Errno 1] Operation not permitted].
kex_exchange_identification: Connection closed by remote host
ERROR: (gcloud.beta.compute.ssh) [/usr/bin/ssh] exited with return code [255].
Command used to log in:
gcloud beta compute ssh --zone "us-east1-b" "user1#test" --project "my-test-project"
When I use the same command from a different machine then it allows me to login to the test VM.
I have been looking at possible solutions related to the firewall settings but unable to get success. Can anyone help here ?
I try to connect with an instance with the command that you post and worked for me when I use it from the cloud shell and from another instances. The error that is given to you could happen for different reason, which are:
The VM is booting up and sshd is not running yet. You can't connect to a VM before it is running.
To resolve this issue, wait until the VM has finished booting and try to connect again.
The firewall rule allowing SSH is missing or misconfigured. By default, Compute Engine VMs allow SSH access on port 22. If the default-allow-ssh rule is missing or misconfigured, you won't be able to connect to VMs.
To resolve this issue, Check your firewall rules and re-add or reconfigure default-allow-ssh.
sshd is running on a custom port. If you configured sshd to run on a port other than port 22, you won't be able to connect to your VM. To resolve this issue, create a custom firewall rule allowing tcp traffic on the port that your sshd is running on using the following command:
gcloud compute firewall-rules create FIREWALL_NAME --allow tcp:PORT_NUMBER
Your custom SSH firewall rule doesn't allow traffic from Google services. SSH connections from the Cloud Console are refused if custom firewall rules do not allow connections from Google's IP address range.
To solve this issue visit this link
The sshd daemon isn't running or isn't configured properly. The sshd daemon enables SSH connections. If it's misconfigured or not running, you can't connect to your VM. To resolve this issue, review the user guide for your operating system to ensure that your sshd_config is set up correctly.
My GPC Linux VM is working fine and one day naturally can't log in, even though it is still running,
I used the nomachine to login and got error "authentication failed, please try again."
when SSH:
Connection via Cloud Identity-Aware Proxy Failed
Code: 4003
Reason: failed to connect to backend
You may be able to connect without using the Cloud Identity-Aware Proxy.
I also try add:
#! /bin/bash
useradd -G sudo USERNAME
echo 'USERNAME:PASSWORD' | chpasswd
and
route add default gw <gateway ip> eth0
I created another virtual machine and its image, but after a day I couldn't connect
Ensure you have a firewall rule to allow Cloud Identity-Aware Proxy (IAP) to connect to port 22 on the instance. Full instructions can be found at [1].
[1] https://cloud.google.com/iap/docs/using-tcp-forwarding?authuser=0#create-firewall-rule
Cause:
When an instance does not have a public IP address, SSH in a Browser needs to forward the SSH connection through IAP. The error "failed to connect to backend" indicates that the IAP proxy service was unable to open a TCP connection to the instance.
This is most often due to the VPC firewall not having a rule which allows the proxy to connect to the instance. It coulld also be due to the OS firewall or other VM network connectivity issue.
I have seen a similar error on stackoverflow, but with a different code (so maybe it is not the same?). Any how I have been thrown this error spontaneously. Sometimes after 20 seconds of starting my instance (and launching SSH in browser), sometimes after 30 minutes, but it completely shuts down my instance.
Connection via Cloud Identity-Aware Proxy Failed
Code: 4010
Reason: destination read failed
You may be able to connect without using the Cloud Identity-Aware Proxy.
If I click the "Cloud Identity-Aware Proxy" button I am getting:
Connection Failed
We are unable to connect to the VM on port 22. Learn more about possible causes of this issue.
Any idea what is happening? I havn't done any changes in my instance settings for a long time.
The issue regarding the Identity-Aware Proxy(IAP) connection to the instance is due to the lack of a firewall rule allow-ingress-from-iap with this IP ranges 35.235.240.0/20 that needs to be configured when using IAP.
To Allow SSH access to all VM instances in your network, do the following:
1- Open the Firewall Rules page (Navigation menu > VPC network > Firewall) and click Create firewall rule
2- Configure the following settings:
Name: allow-ingress-from-iap
Direction of traffic: Ingress
Target: All instances in the network
Source filter: IP ranges
Source IP ranges: 35.235.240.0/20
Protocols and ports: Select TCP and enter 22 to allow SSH
3- Click Create
I was using digitalocean and want to try out gcp compute instance. I created an ubuntu instance, did cat ~/.ssh/id_rsa.pub in my terminal and added onto the instance. Then I tried ssh james#external ip in my terminal (I'm using mac) but it just hang there.. then a min later, I got Connection refused error. What's wrong?
There are numerous possible reasons for this, but mostly likely you're missing a firewall rule to allow connections from the outside:
gcloud compute firewall-rules create default-allow-ssh --allow tcp:22
If this doesn't help, check out the Troubleshooting SSH article in the GCP docs.
First check your network can communicate to compute engine via simple ping command.
ping <GCE external IP>
or
telnet <GCE external IP> 22
If you getting request timed out then most probably firewall issue. go to cloud console and create/update firewall rule under VPC section. search tcp:22 in firewalls section and edit/create firewall rule (add your IP ranges into source IP range section) for ssh connection.
refer: https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/create
Trying to ssh into my amazon EC2 linux instance from a Windows 10 box. I have got openssh for windows from https://www.mls-software.com/opensshd.html . I know that I am behind a corporate firewall and a web proxy. My Inbound rule settings on the EC2 instance is
ssh -i "awslamp.pem" ec2-user#ec2-xx-xx-xx-xxx.ap-southeast-2.compute.amazonaws.com
gives
port22: Connection refused
Have you tried "my ip" in inbound rule settings? Also, try allowing SSH from all IP addresses for troubleshooting purposes. I know that it's not the recommended settings. It's just for troubleshooting and making sure that your corporate network allows you to connect to it. Do not forget to change the settings back to custom.