[英]Can't SSH into Google Cloud VM
I was able to successfully SSH into the Google Cloud VM I had set up yesterday, but today for some reason I can't, and I didn't mess with any of the settings, especially not the Firewall settings.我能够成功地将 SSH 安装到我昨天设置的 Google Cloud VM 中,但今天由于某种原因我不能,而且我没有弄乱任何设置,尤其是防火墙设置。 It keeps giving me these errors now:
它现在一直给我这些错误:
Connection via Cloud Identity-Aware Proxy Failed Code: 4003 Reason: failed to connect to backend You may be able to connect without using the Cloud Identity-Aware Proxy.通过 Cloud Identity-Aware Proxy 连接失败代码:4003 原因:无法连接到后端 您可以在不使用 Cloud Identity-Aware 代理的情况下进行连接。
Then when I click on "Connect without Identity-Aware Proxy" I get the following error:然后,当我单击“在没有身份识别代理的情况下连接”时,我收到以下错误:
Connection Failed We are unable to connect to the VM on port 22. Learn more about possible causes of this issue.连接失败 我们无法在端口 22 上连接到 VM。了解有关此问题可能原因的更多信息。
I don't know what happened.我不知道发生了什么。 Yesterday it was working fine and now it's not.
昨天还好好的,现在不行了。
Beased on these error messages, I guess that your project has Identity-Aware Proxy (IAP) enabled , which sometimes may affect the ability to SSH into an instance, depending on the configuration.基于这些错误消息,我猜您的项目启用了 Identity-Aware Proxy (IAP) ,这有时可能会影响 SSH 进入实例的能力,具体取决于配置。
In order to rule out this, you may try the following:为了排除这种情况,您可以尝试以下方法:
At first, try to disable Cloud Identity-Aware Proxy and connect to the VM instance via web Console.首先,尝试禁用 Cloud Identity-Aware Proxy 并通过 web 控制台连接到 VM 实例。
After that, check logs:之后,检查日志:
Compute Engine
-> VM instances
-> click on NAME_OF_YOUR_VM -> at the VM instance details
find section Logs and click on Serial port 1 (console)
Compute Engine
-> VM instances
-> 点击 NAME_OF_YOUR_VM -> 在VM instance details
找到Logs部分,然后点击Serial port 1 (console)
If your VM instance doesn't start up verify that your disk has a valid file system and a valid master boot record (MBR) by following the documentation General troubleshooting .如果您的 VM 实例未启动,请按照文档常规故障排除验证您的磁盘是否具有有效的文件系统和有效的主引导记录 (MBR)。
If you found errors/warning related to disk space you can try to resize it accordingly to the documentation Resizing a zonal persistent disk , also accordingly to the article Recovering an inaccessible instance or a full boot disk :如果您发现与磁盘空间相关的错误/警告,您可以尝试根据Resizing a zonal persistent disk文档调整其大小,也可以参考Recovering an inaccessible instance or a full boot disk文章:
If an instance is completely out of disk space or if it is not running a Linux guest environment, then automatically resizing your root filesystem isn't possible, even after you've increased the size of the persistent disk that backs it.
如果一个实例完全没有磁盘空间,或者它没有运行 Linux 来宾环境,那么即使您增加了支持它的永久磁盘的大小,也无法自动调整根文件系统的大小。 If you can't connect to your instance, or your boot disk is full and you can't resize it, you must create a new instance and recreate the boot disk from a snapshot to resize it.
如果您无法连接到您的实例,或者您的启动磁盘已满且您无法调整其大小,则您必须创建一个新实例并从快照重新创建启动磁盘以调整其大小。
Otherwise try get access to your VM instance via serial console:否则尝试通过串行控制台访问您的 VM 实例:
Enable serial console connection with gcloud
command:使用
gcloud
命令启用串行控制台连接:
gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \ --metadata serial-port-enable=TRUE
or go to Compute Engine
-> VM instances
-> click on NAME_OF_YOUR_VM_INSTANCE
-> click on EDIT
-> go to section Remote access
and check Enable connecting to serial ports
或 go 到
Compute Engine
-> VM instances
-> 点击NAME_OF_YOUR_VM_INSTANCE
-> 点击EDIT
-> go 到Remote access
部分并选中Enable connecting to serial ports
Create temporary user and password to login: shutdown your VM and set a startup script by adding at the section Custom metadata
key startup-script
and value:创建临时用户和密码以登录:关闭您的虚拟机并通过在
Custom metadata
键startup-script
和值部分添加来设置启动脚本:
useradd --groups google_sudoers tempuser echo "tempuser:password" | chpasswd
and then start your VM.然后启动你的虚拟机。
Connect to your VM via serial port with gcloud
command:使用
gcloud
命令通过串口连接到你的虚拟机:
gcloud compute connect-to-serial-port NAME_OF_YOUR_VM_INSTANCE
or go to Compute Engine
-> VM instances
-> click on NAME_OF_YOUR_VM_INSTANCE
-> and click on Connect to serial console
或 go 到
Compute Engine
-> VM instances
-> 点击NAME_OF_YOUR_VM_INSTANCE
-> 并点击Connect to serial console
Check what went wrong.检查出了什么问题。
Disable access via serial port with gcloud
command:使用
gcloud
命令禁用通过串口的访问:
gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \ --metadata serial-port-enable=FALSE
or go to Compute Engine
-> VM instances
-> click on NAME_OF_YOUR_VM_INSTANCE
-> click on EDIT
-> go to section Remote access
and uncheck Enable connecting to serial ports
.或 go 到
Compute Engine
-> VM instances
-> 点击NAME_OF_YOUR_VM_INSTANCE
-> 点击EDIT
-> go 到Remote access
部分并取消选中Enable connecting to serial ports
。 Keep in mind that accordingly to the documentation Interacting with the serial console :请记住,根据文档Interacting with the serial console :
Caution : The interactive serial console does not support IP-based access restrictions such as IP whitelists.
注意:交互式串行控制台不支持基于 IP 的访问限制,例如 IP 白名单。 If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address.
如果您在实例上启用交互式串行控制台,客户端可以尝试从任何 IP 地址连接到该实例。 Anybody can connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name.
如果知道正确的 SSH 密钥、用户名、项目 ID、区域和实例名称,任何人都可以连接到该实例。 Use firewall rules to control access to your network and specific ports.
使用防火墙规则来控制对您的网络和特定端口的访问。
If you weren't able to connect via serial console, try follow the documentation Troubleshooting SSH section Inspect the VM instance without shutting it down and inspect the disk of your VM on another VM.如果您无法通过串行控制台进行连接,请尝试按照文档故障排除 SSH部分检查 VM 实例而不关闭它并检查另一个 VM 上的 VM 磁盘。 Same way you can transfer your data to another working VM instance.
同样的方式,您可以将数据传输到另一个工作的 VM 实例。
I had had the same issue while running composer update.我在运行作曲家更新时遇到了同样的问题。
In my case an rebooting of the VM-Instance has solved it.在我的情况下,重新启动 VM-Instance 已经解决了它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.