I just created a new Instance on Google Cloud Compute engine but when I try connecting to terminal (via web SSH) it gets stuck into:
Connecting...
Could not connect, retrying (2/3)…
The VM serial console output may provide details to aid in troubleshooting connection problems. See our help document for other possible causes of this issue.
You can drastically improve your key transfer times by migrating to OS Login.
If I check the serial console I see:
instance-2 login: Dec 9 09:50:50 instance-2 google-accounts: INFO Adding user sirjack9601 to the Google sudoers group.
[ 27.313823] google_accounts_daemon[1526]: Adding user sirjack9601 to group google-sudoers
Dec 9 09:50:50 instance-2 google_accounts_daemon[1526]: Adding user sirjack9601 to group google-sudoers
Dec 9 09:51:16 instance-2 systemd[1]: systemd-hostnamed.service: Succeeded.
Using gcloud, you can use the following command:
gcloud compute ssh [YOUR_VM_NAME]
gcloud compute ssh works but web SSH does not work because your VM is IP restricted. Most likely your security does not want everyone who has access to the project to login to the VM.
The firewall rule allowing SSH access is enabled, but is not configured to allow connections from Cloud Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by Cloud Console and can vary from session to session. For the feature to work, you must allow connections either from any IP address or from Google's IP address range, which you can retrieve by using public SPF records.
See: https://cloud.google.com/compute/docs/ssh-in-browser
Related
I migrated the vm from libvirt to Google Cloud Platform using Cloudendure. The initial sync is complete and is in Data Replication stage from over a week. Once the VM is launched using test mode and try to putty using ssh it throws Connection Refused exited with error code 255.
I tried to log in using my on-premise local machine username and SSH key with putty, As it is told in the Cloudendure documentation that I can log in to the replicated server using same credentials
The firewall rule in GCP and the machine allows port 22 for incoming connections. SSH key is also updated properly in metadata section and saying SSH key is not propagated properly.
I thought there is a problem with my local machine ufw rules and tried turning off firewall and replicated again but no use. Also tried adding SSH rule to ufw allow connections from 0.0.0.0/0 still I'm not able to connect to VM which is replicated and launched in test mode.
Steps tried:
I tried interactive console method where I tried to log in using serial-port, but the problem is it is asking for ID and password. Where I don't have PASSWORD and using only SSH keys to log-into.
Tried using Static IP for an instance. before replicating boot disk I added firewall rule allow SSH from that static-IP then I replicated and tried to login (assuming that it is blocking connection via this IP).
Followed this article to install Linux Guest OS.
Generated SSH key using ssh-keygen -t RSA -C "" in gcloud shell.
I cannot ssh into the Linux environment. Appreciate the help
Operating System: Ubuntu 18.04 LTS x64
ANy help would be greatful.
I have spun up a Google Cloud Compute virtual machine. It's a vanilla Windows Server 2016 image, and I can log in and see the desktop. I do that by downloading the RDP file and running it.
Due to a license manager for software I'm installing, I need to VPN to my own network. In "Settings -> Network", I add a new VPN connection (using the same creds I use on my machine) and click Connect. It makes an initial connection, verifies my credentials, but during the final stage, my RDP connection to the GCP VM ends.
What is really strange is that, sometimes, I can reconnect successfully after a few minutes and the VPN connection was successful. Sometimes I can't reconnect.
Any ideas?
The VPN connection added as such will be a force tunneled VPN which then adds a default route over the VPN interface on the VM disrupting your connection. The easiest way for maintaining the connection would be to do either of 2 things
Make the VPN split tunneled and add a route for the licensing box. You can do this by using the Set-VPNConnection Powershell commandlet and then adding a route using the route add command in an administrative command prompt
Add a more specific route for the IP Address by which u access the VM using the route add command
UPDATE: Simply setting the VPN to use split tunneling in PowerShell solved the problem.
Use: (Replace "VPNsName" with your VPNs Name)
Set-VpnConnection -Name "VPNsName" -SplitTunneling 1
Port is up, firewall disabled, but connection is rejected with message:
"Read from socket failed: Connection reset by peer".
Other services in the same host are responding well.
SSH through Google Cloud Console gets the same error.
Is there any other method for Google Compute Engine to get shell?
Yes, there is a way to get shell, and it is through the serial port, a really useful feature Google Cloud provides.
There, I saw the error was about key file permissions:
Sep 30 10:51:02 localhost sshd: Permissions 0775 for '/etc/ssh/ssh_host_rsa_key' are too open.
And by assigning 0600 perms to this file everything went back to normal.
before asking this question i looked through google and tried different alternatives none of which were successful for me, sadly. I'm a little above the noob level. What i want is to basicaly host a wordpress site on a google cloud debian machine.
I was doing good installing services through their SSH access until i got to the point where i installed an ftp service and wanted to access it through a remote computer(my own) i only got as far as to:
Status: Waiting to retry...
Status: Connecting to 104.197.183.19...
Response: fzSftp started
Command: open "root#104.197.183.19" 22
Error: Connection timed out
Error: Could not connect to server
I kept on looking and trying new ways until i found the gcloud documentation for ftp but it is not aimed at new ones, so my questions are:
Where do i input the commands for gcloud, on my computer or on the SSH console(Google cloud machine)?
Do i need to use gcloud for ftp remote access or can i do it entirely through my computer and their SSH machine?
Do i really need to add an ssh authorization file to FileZilla or is there a way i can disable that check on my vps so it lets me sign in with just a username and a password?
What i already tried and didn't work for me:
gCloud documentation for ssh and ftp
Google cloud documention for setting up a wordpress site
Many others
Basically what i need in short is to manage to access the vps through ftp so i can continue with my learning.. Been stuck there two days.
To get access to a users public area, ie. public_html
Go to the accounts Cpanel area and under Security > SSH Access you can import a key file.
You can use PuttyGen to make one, you will need both a private and public key.
Past the keys into the box's.
You may get a warning message about the private key, this is ok.
Go to Manage under public key and authorize it.
Or
Make on using the interface in Cpanel and download both Keys.
Then in FileZilla
Host: IP of server
Protocol: SFTP
Logon Type: Key File
Key File: the PPK you made.
(if you asked Cpanel to make the file select the one that does not end in .pub and FileZilla will convert it for you to a .ppk file.
After clicking connect you should be in
If you still have an error make sure the SSH port (22) is open in your filewalls both Google cloud.google.com > Networks and WHM > LDF/CSF plugin
Use SSH File Transfer Protocol.
No need to install ftp service.
Use winscp for connecting with sftp.
The recommended way of transferring files to a Unix-based Google Compute Engine VM is via the gcloud compute copy-files command. For this, please install the Google Cloud SDK. Then, run a command such as the following:
gcloud compute copy-files --zone=<Compute Engine zone>/path/to/local/file.txt <Compute Engine instance name>:/path/to/destination/file.txt
If you'd like to use FileZilla, you'll have to configure it for access. The SSH daemon on Compute Engine VMs is set up for key-based authentication. This forum post indicates how this is possible in FileZilla. The catch is that you need to put your public key on the VM, which can be a little tricky. gcloud compute copy-files and gcloud compute ssh take care of this for you, which is why they are the recommended method.
I get this error message when trying to connect with ssh.
Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
I create a instances(cent os), generated my webserver.pem, puttygen imported that and output a ppk
I have seen that it may be a permissions issue with the ~/.ssh on the server but how can i change the permissions on the server without ssh access to the server? Is there another way to connect that i am not aware of? I am quite new to the amazon ec2 stuff.
I am on a windows system right now using putty.
My security groups were incorrect. I remade the instance with the correct security groups
The below steps worked for me.
Edit sshd_config file sudo vi /etc/ssh/sshd_config.
Search for PasswordAuthentication
If it is no, change it to yes. For me it was commented. If so, uncomment it.
Restart sshd service sudo systemctl restart sshd.service
Done.
These are the basic steps generally when working with a public cloud, trying to create a Virtual Machine and connect to it.
Create a Virtual Cloud Network/ Virtual Private Cloud
Create an Internet Gateway and ensure the Route Table for the VCN has the entry to route internet bound traffic (destination 0.0.0.0/0) to the internet gateway
Create a Virtual Machine (Linux in this case), ensure it has a public IP ( VM be created in public subnet ), download the key pair (for example was in PEM format)
Create a Security Group and ensure ingress rule from source : 0.0.0.0/0, protocol: TCP, destination port: 22
Associate the VM with the Security Group at VNIC level at the time of creating the VM or post creation.
From Oracle Cloud documentation -
Just having an internet gateway alone does not expose the instances in
the VCN's subnets directly to the internet. The following requirements
must also be met:
The internet gateway must be enabled (by default, the internet gateway
is enabled upon creation). The subnet must be public. The subnet
must have a route rule that directs traffic to the internet gateway.
The subnet must have security list rules that allow the traffic (and
each instance's firewall must allow the traffic). The instance must >
have a public IP address.
Now connecting to VM using putty, basically you are doing a :
ssh user#ip_address —i private_key
a. Use puttygen and load the private PEM key that you downloaded. Once successfully imported, save the private key (optionally with a passphrase) as PPK in your local machine ( for example "your_pvt_key_name.ppk" )
b. Use putty to connect to the VM's public IP. Ensure in putty when connecting to the VM that private key is provided for authentication. In the section Connection->SSH->Auth, browse for the "your_pvt_key_name.ppk" and then go back to the Session and "Open" the VM. If the VM is on public subnet with correct route table entry, you should see the login screen. In case the VM is not available on internet, it wont connect !
c. Once you see the login screen most important and which is the probable cause of the above error, login with correct user name, such as "ec2-user" in AWS or "opc" in OCI. Using an incorrect user name results in this error.
No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)