Google Cloud 上的 Fedora SSH 连接问题

Question

I am having problem with connecting to my new instance directly from the browser. This is literally a new instance of Fedora OS so I have not configured anything. It doesn't work out of the box.

I have other servers with OS like Debian 10 (Buster) and they seem to work fine when connecting through SSH.

Here are the server specs that I am using for the VM:

Machine type: e2-medium (2 vCPUs, 4 GB memory)
CPU platform: Intel Broadwell
Zone: us-central1-a
OS Image: fedora-coreos-34-20210904-3-0-gcp-x86-64
Disk Size: 30GB
Disk Type: SSD

Here are the logs from the serial port: ( Link to entire log from serial port )

[  545.747496] audit: type=2404 audit(1633250527.525:300): pid=1892 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:80:d3:1d:38:a5:96:e3:02:50:e1:55:11:ec:61:1b:65:89:6e:08:ad:4d:50:09:82:2d:a6:cb:c8:fa:35:6c:c7 direction=? spid=1893 suid=74  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
[  545.780996] audit: type=1109 audit(1633250527.525:301): pid=1892 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident grantors=? acct="?" exe="/usr/sbin/sshd" hostname=74.125.73.141 addr=74.125.73.141 terminal=ssh res=failed'
[  545.806261] audit: type=2404 audit(1633250527.526:302): pid=1892 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:80:d3:1d:38:a5:96:e3:02:50:e1:55:11:ec:61:1b:65:89:6e:08:ad:4d:50:09:82:2d:a6:cb:c8:fa:35:6c:c7 direction=? spid=1892 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
[  545.839942] audit: type=1112 audit(1633250527.526:303): pid=1892 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=74.125.73.141 terminal=ssh res=failed'
[  564.968011] audit: type=2404 audit(1633250546.749:304): pid=1895 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:80:d3:1d:38:a5:96:e3:02:50:e1:55:11:ec:61:1b:65:89:6e:08:ad:4d:50:09:82:2d:a6:cb:c8:fa:35:6c:c7 direction=? spid=1895 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
[  565.344660] audit: type=2407 audit(1633250547.122:305): pid=1894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 mac=hmac-sha2-256 pfs=diffie-hellman-group-exchange-sha256 spid=1895 suid=74 rport=32883 laddr=10.128.15.203 lport=22  exe="/usr/sbin/sshd" hostname=? addr=74.125.17.13 terminal=? res=success'
[  565.382463] audit: type=2407 audit(1633250547.122:306): pid=1894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 mac=hmac-sha2-256 pfs=diffie-hellman-group-exchange-sha256 spid=1895 suid=74 rport=32883 laddr=10.128.15.203 lport=22  exe="/usr/sbin/sshd" hostname=? addr=74.125.17.13 terminal=? res=success'
[  566.988544] audit: type=2404 audit(1633250548.769:307): pid=1894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1895 suid=74 rport=32883 laddr=10.128.15.203 lport=22  exe="/usr/sbin/sshd" hostname=? addr=74.125.17.13 terminal=? res=success'
[  567.021621] audit: type=2404 audit(1633250548.800:308): pid=1894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:80:d3:1d:38:a5:96:e3:02:50:e1:55:11:ec:61:1b:65:89:6e:08:ad:4d:50:09:82:2d:a6:cb:c8:fa:35:6c:c7 direction=? spid=1895 suid=74  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
[  567.057403] audit: type=1109 audit(1633250548.800:309): pid=1894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident grantors=? acct="?" exe="/usr/sbin/sshd" hostname=74.125.17.13 addr=74.125.17.13 terminal=ssh res=failed'
[  567.082647] audit: type=2404 audit(1633250548.800:310): pid=1894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:80:d3:1d:38:a5:96:e3:02:50:e1:55:11:ec:61:1b:65:89:6e:08:ad:4d:50:09:82:2d:a6:cb:c8:fa:35:6c:c7 direction=? spid=1894 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
[  567.116466] audit: type=1112 audit(1633250548.801:311): pid=1894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=74.125.17.13 terminal=ssh res=failed'

Here's what I have tried so far:

Following this question , I tried to manually add SSH key to my instance meta data but that doesn't seem to work as well. When I try to connect through SSH, I get the following error:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

I have also tried to connect through Google's OS Login console and it still doesn't connect for some reason. Here's the console output for that:

gcloud beta compute ssh --zone "us-central1-a" "instance-1"  --project "XXX"
Warning: Permanently added 'compute.178891790600165087' (ECDSA) to the list of known hosts.
XXX@123.456.789.123: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
ERROR: (gcloud.beta.compute.ssh) [/usr/bin/ssh] exited with return code [255].

Answer 1

Adding public key to instance metadata by the username core seems to solve the issue. Any other username is rejected.

1. Generate key pair: ssh-keygen -t ed25519
2. Copy public key to instance metadata - link .
3. Restart the instance.
4. Connect using new key: ssh -i <KEY_FILE> core@<INSTANCE_PUBLIC_IP>

More information about this issue can also be found here .