I successfully installed Datalab on Dataproc cluster and I followed the instructions in this tutorial, but when I try to use Datalab on Google Chrome, it shows "This connection is not secure".
When I try to modify the connection with notebook interface from http://cluster-name-m:8080 to https://cluster-name-m:8080, the page didn't load.
Can someone please help me to solve this issue :'(
If you follow the Cluster web interfaces documentation it has you:
Create an SSH tunnel
Setup a SOCKS proxy to use that tunnel
Not open random ports that have no security
I'd recommend you follow those directions, as they will provide access to the web interfaces but encrypt all traffic via the SSH tunnel. While the browser will indicate the connection does not use SSL, the mechanism that is moving data from your browser to the cluster (SSH) is encrypting all data in the tunnel. Unfortunately, the browser does not know about this so it creates a warning.
Related
Unable to connect to Google Cloud VM via SSH.
I have faced the below-mentioned error while trying to connect VM.
So far I have tried following things,
Code: 4010 - Connection via Cloud Identity-Aware Proxy Failed
Google VM instance Connection via Cloud Identity-Aware Proxy Failed (code 4010)
Could you please tell me anyone is this issue is related to any SSH key. I thought ssh key has been expired. So, I have generate new SSH private & public key via PUTTY Gen
Then I have update public key in Google cloud->Metadata->SSH Keys -> Edit
Followed many documents to generate ssh key & add ssh key
I am unable to add ssh key in Instance-> Edit-> SSH key facing below mentioned error.
Need to start tomcat service imediately last 12 hours service has been stopped due to this issue. Could you please suggest any way to start atleast apache tomcat service?. Please let me know if need any clarification.
Could you please help me anyone to resolve this issue.
Don't mark as duplicate question. It's related to someother issue. I have already checked existing forums. Not working.
How should we know the SSH key is expired?
<protocol> <key-blob> google-ssh {"userName":"<username#example.com>","expireOn":"<date>"}
You can check out expireOn.
The common solution is the firewall. Please check your firewall is configured correctly and open on the port you're connecting to. You can use Connectivity Tests to identify any connectivity issues.
Also, you should be able to see the instance's serial console output using the GCP console - go to the instance's details and click on Serial port 1 (console) and you will see the output.
GCP has provided the documentation of troubleshooting.
The second issue shows that you're facing some IP problems, so I still suggest that review any network service that you using.
I made an instance and connected SSH in my project. My project is for machine learning, so I opened jupyter notebook and ran it. But the terminal always sends me an error like this.
"Connection via Cloud Identity-Aware Proxy Failed
Code: 1006
Please ensure you can make a proper https connection to the IAP for TCP hostname:https://tunnel.cloudproxy.app.
You may be able to connect without using the Cloud Identity-Aware Proxy."
I have tried to create firewall rule but this doesn't work.
Someone says that this is because of session timeout. If it is, what can I do to solve it?
I deployed Dask Hub (Dask Gateway + Jupyterhub) on Google Kubernetes Engine using helm. I am experiencing trouble fetching the Python Kernel when I start up my jupyter notebook instance. This error occurs when I am on my company's VPN, but no error occurs when I'm not on my company's VPN. I'm going to guess that this is firewall related, but I don't know enough about the internal of the Jupyterhub kernel to understand why it's being blocked. Could someone please shed some light on this?
I can't see anything wrong from inspecting the logs of the jupyter pod:
From the Browser's Developer Console, here is the error:
Update:
I added the following to the Jupyterhub config:
jupyterhub:
hub:
extraConfig: |
c.JupyterHub.hub_connect_ip = '0.0.0.0'
c.JupyterHub.hub_bind_url = 'http://127.0.0.1:8000'
singleuser:
extraEnv:
DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE: '{JUPYTER_IMAGE_SPEC}'
This has definitely something to do with the routing of your VPN. I don't know which spawner you are using, but here are some possible solutions:
Check if you have the correct settings for the following configuration options. The hub.connect.ip is important for the internal workings of Jupyterhub. bind_url is important for external traffic.
c.JupyterHub.hub_connect_ip = '0.0.0.0'
c.JupyterHub.bind_url = 'http://127.0.0.1:8000'
Switch protocols for your VPN if possible. Try switching from UDP to TCP (if possible at all).
Enforce an SSL connection for Jupyterhub. The VPN provider of your company could block non-secure connections. Read the documentation for Jupyterhub to enable SSL. Alternatively, you could also go for GKE managed certificates, more information can be found here.
I am trying to fix a website that is hosted on Google Cloud Platform using VM instance. The website is giving me a connection refused error message. I have checked that the firewall rules are set up and are provided to the VM instance.
The VM external IP is static and the same IP is present on both cloud DNS and GoDaddy.
I'm also unable to SSH into the instance.
The SSH screen is stuck here and is not loading any further
I have given the necessary permissions to the instance and the user (Compute Admin, Compute Instance Admin (v1)), but still no luck.
As the instance is created from a custom image, so later, I tried creating another instance with the same config and I was able to SSH from it. So, please find some screenshots attached below if those could be of any help
netstat -a
route -n
df -h
I am new to this so any help to fix the issue and get the website up and running would be highly appreciated.
If it worked at the second attempt (2nd Instance I mean), I suspect that the SSH service hasn't started properly. I would recommend you to check the Serial Port Output, and Accessing into the Instance through the serial port in order to be able to troubleshoot it.
Note that you'll need a user to access through the serial port. If you don't have any user created, you will be able to do so using an startup-script.
Hope this helps!
When i click the SSH button in the Complete Engine page, the shell window pops up and it shows that the ssh keys are being migrated. After that dialog disappears, nothing happens. I get a blank page without any prompt.
If you're using Firefox (same as me). This seems to be the problem as chrome works fine. Apparently Firefox has a bug. Idk if it's an actual bug or it's done on purpose because sometimes (less times) this works on Firefox and then sometimes doesn't unless I keep and keep reopening an closing the SSH.
Instead of opening and closing every time hoping for a chance to work and or using chrome, If you have linux or in my case I have Windows subsystem for Linux on my windows computer, so I can just SSH to it.
For windows, you could use the subsystem, or use Putty (Here's a putty tutorial https://www.youtube.com/watch?v=fmh94mNQHQc on how to connect to GCC) That putty tutorial is also similar to how you can do it on the subsystem so you can still watch it for that too
It's a bug in a Chromium library that affects Firefox. Use Chrome as a workaround.
To use the browser to SSH to a GCE instance, you need to be a compute instance admin. Also, if you run that instance with a Service Account, your account need to be a Service Account user. Check this link for more information: https://cloud.google.com/compute/docs/ssh-in-browser
In addition, did you check that your firewall allows connections to SSH port (22) from Google IP ranges ?
You can find them by using these commands (see https://support.google.com/a/answer/60764)
nslookup -q=TXT _netblocks.google.com 8.8.8.8
nslookup -q=TXT _netblocks2.google.com 8.8.8.8
nslookup -q=TXT _netblocks3.google.com 8.8.8.8
You can try different methods of connecting an instance to see if the issue is underlying at SSH or somewhere else.
There are several ways to connect a Linux instance via the SSH. You can connect to an instance via the terminal. You can connect via the Cloud Console Web UI which is in general the most convenient way to connect to an instance. Also, you can use Google Cloud SDK and run below command to connect to an instance via SSH:
$ gcloud compute ssh [INSTANCE_NAME]
You can also use Cloud Shell to connect your instance from the Cloud Console web UI by using the same command as above. You can connect via the serial console using the Google Cloud Platform Console, the gcloud command-line tool, or a third-party SSH client. The serial console authenticates users with SSH keys. Specifically, you must add your public SSH key to the project or instance metadata, and store your private key on the local machine from which you want to connect. There are other advanced methods to connect to an instance.
I would also recommend to check if you have firewall rule for port 22 which is required for SSH. You can go to the VPC Network from Cloud Console and then Firewall Rules tab, check if you have firewall rule for port 22 and that rule applied to affected instance or not. If there no firewall rule for port 22, create firewall rule and apply to the affected instance.
You can also follow this SSH troubleshooting steps mentioned at this link.
I have the same problem and after recreating 4 instances and going thru every possible ssh key scenario I decided to try chrome and it worked fine whereas in firefox i get the blank black screen after the key handshake. I watched thru the serial port and the sys log showed all of the same entries for my broken web ssh session in firefox as it did for the working chrome web ssh session which means it has to be a problem with firefox.
Same issue. Ad blocker was to blame. Try whitelisting, disabling or use a private window.