Google Compute Engine - can't ssh to it after debian upgrade - google-cloud-platform

I upgraded my Debian instance from wheezy to jessie. Everything went well. I rebooted the system and couldn't ssh to it anymore from the compute engine instance page. I noticed the system did reboot, with a different external IP address. I'm able to get to a web server I have running on the virtual machine, so I know everything upgraded and rebooted properly. Google assigned a new external IP to it and I can't login anymore.

the fact that sshd is no longer running is very unlikely, so here is my personal debug steps when I can't reach an instance on Google Cloud:
Check twice you ssh parameters (ssh keys, login user, ip address)
Activate ssh debug logs (-v) when you try to connect
Try using Cloud Shell
Check firewall rules in GCP and on your local network
Check the boot logs on the instance serial port
Re-send you SSH key in GCP > Compute > Metadata (bugs occurs sometime with the google user agent on your machine)
After that, you normally know how to connect to your instance or you know what's wrong with sshd server.

You can review the serial-port logs of the affected instance for possible clue on the issue. If you have a snapshot of your instance disk, you can create a new VM. As per the issue, is possible that recent changes may have affected the instance boot sequence and the sshd_config file.
To troubleshoot this, you can enable interactive access, connect to the instance through the serial console and enter the serial port access information to access the disk, review the ssh config files$ sudo vi /etc/ssh/sshd_config and $ sudo vi /etc/ssh/ssh_config.
If you don’t have a root password for the serial console, you could use a startup script to add it to your instance as follows:
Go to the VM instances page in Google Cloud Platform console.
Click on the instance for which you want to add a startup script.
Click the Edit button at the top of the page.
Click on ‘Enable connecting to serial ports’
Under Custom metadata, click Add item.
Set 'Key' to 'startup-script' and set 'Value' to this script:
#! /bin/bash
useradd -G sudo USERNAME
echo 'USERNAME:PASSWORD' | chpasswd
Example:
#! /bin/bash
useradd -G sudo test1
echo 'test1:pass#100' | chpasswd
Click Save and then click RESET at the top of the page. You might need to wait for some time for the instance to reboot.
Click on 'Connect to serial port' on the page.
In the new window, you might need to wait a bit and press the Enter of your keyboard once; then, you should see the login prompt.
10.. Login using the USERNAME and PASSWORD you provided.
Example:
Username: test1 AND Password: pass#100
You can also share a sanitized version of the serial port logs, for more information on what may be happening on the instance. This is not due to a change in IP address, however the serial port logs should give us more insight.

Related

Problem connecting via SSH from Windows to AWS Linux Instance [Permission denied; (publickey,gssapi-keyex,gssapi-with-mic)]

I launched an instance & downloaded my secret key. I've attempted this on 2 different devices and instances. Im trying to connect to the instance so I can upload files. Whenever I attempt to connect, this permission denied message displays.
Note I've downloaded and used openSSH
PS C:\WINDOWS\system32> ssh -i C:\Users*\Downloads*key.pem #ec2----.us-west-2.compute.amazonaws.com
The authenticity of host 'ec2----.us-west-2.compute.amazonaws.com (...)' can't be established.
ECDSA key fingerprint is SHA256:.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ec2----.us-west-2.compute.amazonaws.com,...' (ECDSA) to the list of known hosts.
*#ec2----**.us-west-2.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
PS C:\WINDOWS\system32>
P.S. This is my first post, so constructive criticism on etiquette is welcome :)
Recently started my first job (an internship really) in the IT field. 3 months ago working for a start-up. Im hoping to migrate eventually to something in the field of cloud security, OSINT, DevSecOps, Web Development. Passionate about information security, open source software.
I followed this tutorial from amazon on how to connect to my instance
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/openssh.html
Looks like it's an issue with .pem file permissions. Check this video & see if you can resolve the error.
You can use puttygen to get ppk file which is helpful to SSH from windows.
If you want to use .pem files, mobaxterm is good software to use
You are very welcome to the community, it's nice to know you started your first Job!
To get you started on how to connect to the AWS Linux instance there is a nice KB article Connect to your Linux instance from Windows using Windows Subsystem for Linux and another one using putty look at here & another SO thread.
There are a few thing you need to learn as Prerequisites:
Verify that the instance is ready
Verify the general prerequisites for connecting to your instance
Install the Windows Subsystem for Linux (WSL) and a Linux distribution on your local computer
Copy the private key from Windows to WSL
Then use :
ssh -i /path/key-pair-name.pem instance-user-name#instance-public-dns-name
OR
ssh -i /path/key-pair-name.pem instance-user-name#instance-IPv6-address
From using your Windows CMD:
PS C:\WINDOWS\system32> ssh -i C:\Users\<user_name>\Downloads\testkey.pem ec2-user#ec2----.us-west-2.compute.amazonaws.com
OR
PS C:\WINDOWS\system32> ssh -i C:\Users\<user_name>\Downloads\testkey.pem ec2-user#<Some_IP_Address>
Better Use mobaexterm and copy user key in there and you will there:

Clone a google cloud VM

I have google cloud VM with Ubuntu installed along with various services and libraries. I need to make a similar bootable VM with the same OS and all the data, libraries etc in the already configured VM. How do I clone the VM with these requirements?
I tried to create an image from the already existing VM and could not SSH into it.
So I retraced my installations step by step trying to figure out which step is breaking the image.
I created an Ubuntu(18.04) VM and used that to create an image. The instance I created using the image did allow me to SSH into.
Next installed Ubuntu desktop and xorg server and created an image after that. Using that image, I created a new VM and tried to SSH into it.
But unfortunately, the SSH connection could not be established. So I think it is these installations that are causing the error if it is not some sort of system error.
Below are the exact commands I ran to install these after creating an Ubuntu(18.04) VM:
sudo passwd username
sudo su -
passwd
apt update && apt upgrade -y
adduser username root
adduser username admin
adduser username sudo
apt-get install ubuntu-desktop -y
apt-get install xserver-xorg-video-dummy
nano /etc/X11/xorg.conf
and pasted the following into the .conf file
Section "Device"
Identifier "Configured Video Device"
Driver "dummy"
EndSection
Section "Monitor"
Identifier "Configured Monitor"
HorizSync 31.5-48.5
VertRefresh 50-70
EndSection
Section "Screen"
Identifier "Default Screen"
Monitor "Configured Monitor"
Device "Configured Video Device"
DefaultDepth 24
SubSection "Display"
Depth 24
Modes "1600x900"
EndSubSection
EndSection
After this state, I created the image using which I could not instantiate a VM that I could SSH into.
Since you have your VM ready and running; backup your image as per this GCP document. Follow the guidelines before you begin the process which were mentioned in the document like updating Google cloud CLI setting default region and zone and for general image guidelines.
Few networking features may require guest operating system mode. You can also check how to export a custom image to cloud storage.
You can also consider the Snapshot Approach.
Follow this process in order to create the image exactly as the one you have already set up and you know is working correctly. As you may already know, this is a custom image so they are available only to your Cloud project. You can create a custom image from boot disks and other images if you would like also. Then, use the custom image to create an instance.
I will also suggest you to give a look at this document which would give you a deeper knowledge on the task.
Regards,
Just spin up a new container from a disk snapshot, if you need an exact copy. And if you cannot SSH, you may either not have a SSH public key provisioned, no external IP assigned, or :22 closed.
gcloud ssh always works. One can as well provision project-wide SSH keys, which all VM in the project will inherit then. The documentation below: About VM metadata explains this all in detail.
My personal favorite are rather startup scripts, which describe the configuration, instead of copying it.
And it's not so difficult to get started with these: cat ~/.bash_history > rocky8_startup.sh. In a software-defined data-center, it might make sense to use software-defined configurations (one simply cannot alternate the installation per VM instance, when starting with a disk snapshot).
xserver-xorg-video-dummy is questionable, because one can enable display device -but unless recording the screen, this driver might still suffice; eg. for VNC sessions.

Google Cloud virtual instance: Chrome remote desktop indicates remote computer is offline, however Google Cloud Platform shows instance is running

I am running a virtual machine in Google Cloud. I have installed the default Debian OS, and configured the desktop environment for remote connection, as explained here: https://cloud.google.com/solutions/chrome-desktop-remote-on-compute-engine
I have been able to connect to the instance via Chrome Remote Desktop, however periodically I have the problem that the Remote Desktop says the vm instance is online, however if I try to connect to it I get:
Looking at the Google Cloud console, the instance is clearly running. Normally if I restart the instance the problem is solved, however I have processes running on the instance that I do not want to stop.
UPDATE:
Following the advice from Serhii Rohoza I ran
sudo systemctl status chrome-remote-desktop
The status looked normal, listing:
Active: active (exited) since...
I then ran
sudo systemctl restart chrome-remote-desktop
and this solved the problem, I could log into remote desktop again, but it seemed the VM instance had restarted, which is a big problem since I am running processes on it that should not shut down. I guess this is a problem to send to Google Cloud Services support.
UPDATE 2:
I'm still running into this problem. I normally have a Jupyter Notebook running on the VM - this Notebook must keep running. When I saw the message saying that the remote computer is offline, I logged in via ssh and checked if the Jupyter Notebook is running:
jupyter notebook list
This returned:
http://localhost:8888/?token=9110bf40789971b5e252a272e9497039b4f3b45e506348df :: /home/qgenixtech
So the Notebook was running. I then ran:
sudo systemctl restart chrome-remote-desktop
and after that again:
jupyter notebook list
and then it shows no Notebooks running. So the restart command closed down the Notebook (and also all other open windows on the desktop).
UPDATE 3:
I spoke to a support technician at Google. The problem is on the Remote Desktop side, not the virtual machine. According to the technician this is a known problem, by he didn't have a solution for it. He referred me to these two links from Google Support:
https://support.google.com/chrome/thread/10213547?hl=en
https://support.google.com/chrome/thread/3333421?hl=en
The next option for me is to look at something like X2go
To solve your issue you should follow documentation Troubleshooting and check status of the Chrome Remote Desktop service with command:
sudo systemctl status chrome-remote-desktop
and check log messages at /tmp/chrome_remote_desktop_DATE_TIME_*.
To investigate why your VM instance was restarted you should look for some clues at the logs:
Go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> find section Logs -> click on Stackdriver Logging. More information you can find in the documentation Viewing logs (Classic)
Go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> find section Logs -> click on Serial port 1 (console). More information in the documentation Viewing Serial Port Output
You can contact with Google Cloud Support as well.
In addition, have a look at the documentation Setting instance availability policies.
same issue. when checking logs i see:
2021-01-05 14:29:38,319:INFO:Starting Xvfb on display :20
xdpyinfo: unable to open display ":20".
2021-01-05 14:29:40,837:INFO:X server is active.
restarting service or even VM doesn't work.
i need to delete connection on "client" and re-auth with /headless link

"cf ssh" into java buildpack app - how to run script that uses java?

I have deployed Keycloak-Server (as a Wildfly Swarm fraction) to the Swisscom Cloud Foundry environment (with a Java build pack).
When I try to access the Keycloak admin console I get the following error:
"You need local access to create the initial admin user. Open http://localhost:8080/auth or use the add-user-keycloak script."
How could I resolve this?
Can I somehow open an ssh tunnel to my Java buildpack app in order to access it with http://localhost:8080?
I also tried to "cf login" and "cf ssh" into my app. I created the "add-user-kecloak.sh" by copy/pasting it. When I try to execute it I get the error "java command not found"?
This is the script: https://github.com/keycloak/keycloak/blob/master/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/add-user-keycloak.sh
You can use cf ssh to open an ssh tunnel into your container and access a URL within: cf ssh your-app -N -L 8080:localhost:8080.
This will listen to port 8080 on your machine, and forward any requests to it to port 8080 on your app container. So you should be able to point your browser to http://localhost:8080/auth to get to the console.
Running the script may be a bit more complicated; at least the Java Buildpack has not standardized where it stores the java executable and it's not added to the PATH when you cf ssh into the container, so you'd first need to find it.
I have not used Keycloak myself so my answer is limited to how to tunnel into your app container to access a local console.
Either way, note that if this admin user is saved to local disk, and not to some external storage, next time the app is restaged (either by you or by the system to apply patches to its rootfs), you may need to go through this again.

Remote debugging .net core 2.0 console app over ssh

I am building a .net core 2.0 console app on windows 10 but I want to debug it on a remote linux server running debian 9.
I found this article:
https://blogs.msdn.microsoft.com/devops/2017/01/26/debugging-net-core-on-unix-over-ssh/
but where I get stuck is selecting the SSH connection. My remote server has authentication and if I enter the user#ip:port it doesn't find anything.
I found some mention of using SSH tunnelling but as there is no dotnet process listening on the server (it's installed but it doesn't have any listening service running I can see) I am unsure exactly what port I'm meant to be tunnelling or even which direction to tunnel it.
What do I need to do to get my SSH connection visible in the debugger?
I just tried this and I found that the Find.. button doesn't do anything either.
First you enable SSH connections in your Linux host (in my case, Ubuntu, I had to run sudo ufw allow ssh). Test things out by opening cmd on Windows and doing ssh user#host.
Then, on Visual Studio, in the SSH attach to process window, make sure you hit "refresh" and check the "show processes from all users" box. You should see the "dotnet" process running.
EDIT: you should be prompted for the remote host's password at some point. Here's the dialog shown when I changed the password on the remote host and then attempted to debug.