I have a Centos VM on Google Cloud, I am using a custom SSH port and private SSH file to manage my VM.It worked fine for a long time but yesterday I started the "FirewallD" service in CentOS but I forgot to add a rule to allow my custom SSH port.
Now I can't connect to my VM through SSH, I also have tried to connect my VM through Web Console ("Open in browser window on custom port" and Open in browser window using provided private SSH key),neither of them works.
Are there any other solutions?
If you don’t have access through ssh at your vm, you could use the serial port to login
Go to the VM instances page in Google Cloud Platform console.
Click on the instance for which you want to add a startup script.
Click the Edit button at the top of the page.
Click on ‘Enable connecting to serial ports’
Click Save and then click RESET on the top of the page. You might need to wait for some time for the instance to reboot.
Click on 'Connect to serial port' in the page.
If you don’t have a root password for the serial console, you could use a startup script to add it to your instance, the script would be like this:
Go to the VM instances page in Google Cloud Platform console.
Click on the instance for which you want to add a startup script.
Click the Edit button at the top of the page.
Click on ‘Enable connecting to serial ports’
Under Custom metadata, click Add item.
Set 'Key' to 'startup-script' and set 'Value' to this script:
#! /bin/bash
useradd -G <an existing group in the instance> USERNAME
echo USERNAME:PASSWORD | chpasswd
Click Save and then click RESET on the top of the page. You might need to wait for some time for the instance to reboot.
Click on 'Connect to serial port' in the page.
In the new window, you might need to wait a bit and press on Enter of your keyboard once; then, you should see the login prompt.
Login using the USERNAME and PASSWORD you provided.
In this way you can login at the vm and stop the firewall service to modify your rules before to start the service again
Related
I cannot ssh into Google compute engine instance. Here is scenario.
I tried to ssh into an instance from ubuntu ssh client, so generated a private & public key in my local and added pubkey to metadata.
But got Permission denied (publickey) error message and the instance console was saying No space left on device
I then increased the size of the instance by 100GB more and then restart the instance.
After few mins later, tried to ssh into the instance again and getting the Permission denied (publickey) error again and the console said No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/']
Now I can't connect to the instance by any tool such as browser console, ssh client etc.
Is there any solution to address this problem?
Thanks in advance.
I faced the same problem during these days, and I solved it using winSCP to access the storage and delete a lot of heavy files created by my scripts, also because the the instructions here have been not so useful.
If you do not know how to configure winSCP and GCP, follow my steps or this video.
winSCP - Create Keys
While creating a new site in winSCP
go to advanced --> ssh --> Authentication
click on Tools and open the Putty gen
generate public and private key
save them
copy the public key and open GCP
Setting your GCP instance
Click on your instance to edit its settings
scroll down until you reach ssh keys
paste your key
save
Done, now you can access your instance storage and remove some files; after that, your instance will be able to boot correctly creating the temporary files needed.
As Dan mentioned, you need to connect on serial console to expand the filesystem making use of the additional disk space allocated. You can also attempt to free up some space etc.
A complete tutorial is linked:
https://youtu.be/HSBTnfDsVRs
In this video, I talked about how to SSH into GCP using Windows Terminal. There are three methods to do so:
Access via Chrome
Access via Command Prompt
Access via a custom Windows Terminal tab (best!!)
Process for Chrome:
Open Google Chrome
Type "https://console.cloud.google.com/"
And you can access it!!
Process for Installing Google Cloud SDK:
Install Google Cloud SDK (https://cloud.google.com/sdk/docs/downloads-interactive)
Click "Next"
Click "I Agree"
It's installed!!
Process for Command Prompt (via PuTTy):
Open Windows Terminal
Then, open Command Prompt
Type "gcloud cloud-shell ssh"
And you can access it!!
Process for a custom Windows Terminal tab:
Open Windows Terminal
Go to Settings and click "Open JSON file"
Then add the following:
{
"backgroundImage": "C:/Users/user/Downloads/Pictures/gcp.png",
"backgroundImageOpacity": 0.2,
"commandline": "wsl ~/ssh-gcloud-env.sh [email] [project_id]",
"hidden": false,
"icon": "C:/Users/user/Downloads/Pictures/gcp.png",
"name": "SSH into GCP"
},
Then, open your wsl2 Ubuntu VM, and in your /home/user/ directory make a file named "ssh-gcloud-env.sh". And type in the following commands:
gcloud auth login $1
gcloud config set project $2
gcloud cloud-shell ssh
Save the file and type the following: "chmod +x ssh-gcloud-env.sh"
Finally, go to your Windows Terminal and open the custom tab.
Yay! We did it
Using the Google Developer Console "Compute Engine" I am trying to connect to a Google VM instance via SSH.
It doesn't work. I had trouble creating the instance to begin with due to a problem with the "network association".
Here was my question and solution for that: Why is "Create" disabled in Google Compute Engine VM instances?
What are the likely causes for my SSH issue now?
It turned out to be a firewall issue. Unlike the "default" network, when you add one manually, it doesn't automatically open port 22 for ssh to work.
The easiest way to fix this is via the Google Developer Console "Networking" page. If you go to the networks section and select the custom network you are using, it has the option to add firewall rules. Unfortunately for me, I didn't figure this out until I did it with the Google Cloud Shell... Here's how I did it the "long way", which will in fact give you more control and insight into this whole Google VM management model. It will also ensure you can connect via the Google Cloud Shell in case you need to again in the future:
In the "Compute Engine" go to the VM section and select your VM. In the top left corner of the screen is an "SSH" button and an ellipsis ("...") button. Click the "..." and select "View gcloud command". When that window opens, copy the command to the clipboard. Then close the window and click the ">_" (Activate Google Cloud Shell) button in the upper right corner of the screen.
When the shell loads, paste in the command (with Ctrl+V). After attempting to connect, it will eventually time out if you have this firewall problem going on.
To display the firewall rules on the network you are using enter the following:
gcloud compute firewall-rules list
To inspect a rule in more detail use this:
gcloud compute firewall-rules describe [rule name]
Check for a rule with a suffix of "allow-ssh", or more specifically one that opens up port 22. It is probably missing.
If you were in fact on the "default" network, you could use the command you'll find in the Google documentation for this:
gcloud compute firewall-rules create default-allow-ssh --allow tcp:22
But, if you are on an alternate network, use this more explicit command:
gcloud compute firewall-rules create [network name]-allow-ssh --allow tcp:22 --network [network name] --source-ranges 0.0.0.0/0 --description "Allow SSH from anywhere."
Replace [network name] with your literal value.
After executing that, try the connection command again. It ought to work now!
I have restarted our google cloud compute engine instance, however after the restart ssh is no longer working and giving connection refused.
I have verified and the ssh keys are configured for the users, and firewall rules are open for ssh.
Is there any other method I can use to try and resolve this?
The first thing to do is to check the Serial console output of the machine to determine if the SSH daemon has started or not. That log can be accessed from the Developer Console.
If you couldn't ssh to the instance you can follow the below step to access the instance from the serial console:
Connect to the instance using the serial console
1. Go to the VM instances page in Google Cloud Platform console.
2. Click on the instance for which you want to add a startup script.
3. Click the Edit button at the top of the page.
4. Click on ‘Enable connecting to serial ports’
5. Under Custom metadata, click Add item.
6. Set 'Key' to 'startup-script' and set 'Value' to this script:
#! /bin/bash
useradd -G sudo USERNAME
echo 'USERNAME:PASSWORD' | chpasswd
7. Click Save and then click RESET on the top of the page. You might need to wait for some time for the instance to reboot.
8. Click on 'Connect to serial port' in the page.
9. In the new window, you might need to wait a bit and press on Enter of your keyboard once; then, you should see the login prompt.
10. Login using the USERNAME and PASSWORD you provided.
Divshot has a nice command line interface. The first thing you should do after installing it with npm is to login.
divshot login
It should open a browser tab/window, you login on the divshot website and you authorise the CLI client by pressing a button at the end of the process.
But I have all my development environment on a vagrant box. When I type "divshot login" nothing happens. No browser tab appears.
What should I do?
Run "divshot login" from your command line on you local machine and
follow the instructions to login.
Run "divshot auth:token" to get
your auth token from the command line.
When running commands that
interact with the Divshot API, use the flag "--token " to
give it authorization (on the vagrant box)
Another solution:
Run divshot login on your local computer
Inspect $HOME/.divshot/config/user.json, check it has a key token
Copy that file to the corresponding path on the other computer
Need an applescript (which I haven't used before) to deploy our VPN connection settings on our remote workers mac boxes. this is for PPTP VPN.
Upon googling I came across the following link :
http://discussions.apple.com/thread.jspa?messageID=10368307
But still I can't :
a) seem to name the VPN connection
b) give it a pptp vpn server address
c) give dns, default gateway and any custom routes for this vpn to work.
How can I add those fields / enteries in ?
tell application “System Preferences”
reveal pane “Network”
activate
tell application “System Events”
tell process “System Preferences”
tell window 1
click button “Add Service”
tell sheet 1
click pop up button 1
click menu item “VPN” of menu 1 of pop up button 1
delay 1
click pop up button 2
click menu item “PPTP” of menu 1 of pop up button 2
click button “Create”
end tell
click button “Apply”
end tell
end tell
delay 1 — optional (just for visual feedback)
keystroke “w” using {command down}
end tell
end tell
The above script seems to create the connection just fine but without the details - and I am not sure about what syntax I would use to get this going.
Thanks for your input!
Regards
Thanks
Rihatum, here's the full Applescript with all the things you want to do.
--create new VPN PPTP service on the ethernet interface
do shell script "networksetup -createnetworkservice \"VPN (PPTP)\" en0 - where en0" with administrator privileges
--set the IP, subnet, & router IP ( order = ip subnet route )
do shell script "networksetup -setmanual \"VPN (PPTP)\" 192.168.2.50 255.255.255.0 192.168.2.1" with administrator privileges
--set VPN service using DHCP -- if using DHCP don't use manual setting above
do shell script "networksetup -setdhcp \"VPN (PPTP)\"" with administrator privileges
--set DNS
do shell script "networksetup -setdnsservers \"VPN (PPTP)\" 208.67.222.222" with administrator privileges
--set search domain
do shell script "networksetup -setsearchdomains \"VPN (PPTP)\" my_company_domain.com" with administrator privileges
--rename network service -- replace CISCO_VPN with your preferred name
do shell script "networksetup -renamenetworkservice \"VPN (PPTP)\" CISCO_VPN" with administrator privileges
I think what you want to do is build a script using the networksetup command
and use a series of "do shell script" lines in your AppleScript instead of trying to GUI script the configuration.
Fo example, in your AppleScript this command will create a new VPN PPTP connection on the ethernet interface:
do shell script "networksetup -createnetworkservice \"VPN (PPTP)\" en0 -where en0" with administrator privileges
To set the IP, subnet, & router IPs you would use this:
( -setmanual networkservice ip subnet router )
do shell script "networksetup -setmanual \"VPN (PPTP)\" 192.168.2.50 255.255.255.0 192.168.2.1" with administrator privileges
After that you can use the other options to configure the rest. For example,
to add a DNS IP to your newly created VPN PPTP connection you would add this to your AppleScript:
do shell script "networksetup -setdnsservers \"VPN (PPTP)\" 208.67.222.222" with administrator privileges
Check out the man page for the networksetup command. It does a tremendous amount of things. Also, you can Google that command and you will find a lot of forums with people discussing Mac command line network configurations. The single keyword networksetup doesn't work too well because it returns a lot of Windows pages so Google for "sudo networksetup" and that will return Mac related pages.
I tried the solution using the networksetup tool, but it didn't work for me :S I actually came up with a successful script using UI automation. It put up a post about it here: http://blog.affirmix.com/2011/01/12/how-to-configure-a-vpn-in-mac-os-x-usingapplescript/