Why Google Cloud Compute Engine instance gives ssh connection refused after restart?

Question

I stopped and restarted an ubuntu 14.04 Google Cloud Compute Engine instance, and now my ssh connection is refused with:

ssh: connect to host 146.148.114.98 port 22: Connection refused

This already happened a previous time, I thought there was a problem with the machine, I deleted it and recreated and it started working again. I don't want to be recreating instances every time. The ssh troubleshooting page of google cloud is quite messy. My firewall rules seem to be ok. Anyone has a solution for this?

NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
default-allow-http      default  0.0.0.0/0     tcp:80                                  http-server
default-allow-https     default  0.0.0.0/0     tcp:443                                 https-server
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22

This is the output for: ps aux | grep ssh ps aux | grep ssh

root        29  0.0  0.4  55184  2860 ?        Ss   11:26   0:00 /usr/sbin/sshd -p 22 -o AuthorizedKeysCommand=/google/devshell/authorized_keys.sh -o Author
izedKeysCommandUser=root
root       183  0.0  0.9  82692  5940 ?        Ss   11:26   0:00 sshd: fbeshox [priv]                                                                       

fbeshox    218  0.0  0.7  82692  4424 ?        S    11:26   0:00 sshd: fbeshox@pts/0                                                                        

fbeshox    522  0.0  0.3  12728  2200 pts/1    S+   12:12   0:00 grep ssh

Here the verbose results of the ssh connetion attempt.

ssh -i .ssh/keyname username@130.211.53.51 -vvv
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/xxxx/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 130.211.53.51 [130.211.53.51] port 22.
debug1: connect to address 130.211.53.51 port 22: Connection refused
ssh: connect to host 130.211.53.51 port 22: Connection refused

Answer 1

It is possible that sshguard , a security tool installed on Ubuntu by default, is interfering with your connection. Basically sshguard might have incorrectly decided that your IP address is 'attacking' your instance and blocked the IP.

If you can log in from a different location, such as the Web SSH provided by the Cloud Console, try using sudo iptables -S to see if there are any firewall rules on the instance (different than the GCE firewall) created by sshguard. If so try disabling sshguard or adding your IP address on the whitlelist ( http://www.sshguard.net/docs/whitelist/ ).

Answer 2

我知道这是一个老问题，但今天我遇到了类似的问题，问题很简单——重启后实例的 IP 发生了变化——所以我不得不相应地更新 ssh 字符串

Answer 3

This issue often happens after you changed your default zone or region. Then, you must update the ssh keys in your metadata by sudo gcloud compute config-ssh

You can see also the changes in the web interface under Compute Engine | Metadata | SSH Keys.

Answer 4

Try to SSH into the instance with a different username .Google Compute is a bit shaky at times . Try to SSH into the instance using VM instance page in Compute Engine . If SSH takes too much time and refuses connection, then login with a different username in SSH . You can login with a different name using a settings icon on top right corner of SSH window . If these all these doesn't go well, I will advise you to re create one more instance, as it has also been my experience that Google Compute Engine instances are not stable in terms of SSH accessibility and tend to create problems .It's better to use putty as a client to SSH into Compute Engine than the SSH terminals Google provides . Let me know if that helps you :)

Answer 5

I understood that my problem raised after detaching a disk from the console when the machine was stopped with that disk mounted. First unmount the disk, then detach it. Never seen the problem again.

Answer 6

Also make sure you did not recursively modify permissions for the /etc folder.

For example:

chmod -R 775 /etc

This will prevent you from logging back into the VM, even from the Web console and gcloud cli.

Instead, modify permissions on a more granular level eg /etc/nginx , etc.

Answer 7

I had the same problem and solved it by first connecting to the VM via browser SSH (from the "VM instances" web overview), which also fails, then choose the offered option of retrying without Cloud Identity-Aware Proxy which worked.

Afterwards all SSH-connections work again (both in browser and local shell).