Google Cloud Platform fix SSH

Question

I have a problem with SSH access on my google compute engine . I made a server, set up the application on it and configured the domain and everything works. After a few days when I wanted to approach her to make changes my SSH didn't work. I have one assumption I was turning on firewall and I didn't add a rule for SSH , maybe that's a problem? But how to access the machine now and enable it?

Thanks in advance.

Answer 1

To solve your issue you can connect to your VM instance via serial console. Before connecting to the VM via serial console check if you enabled connections to your VM instance at GCP Firewall .

Please have a look at the step by step instructions below:

1. Enable serial console connection with gcloud command:

    gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \ --metadata serial-port-enable=TRUE

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and check Enable connecting to serial ports

2. Create temporary user and password to login: shutdown your VM and set a startup script by adding at the section Custom metadata key startup-script and value:

    #:/bin/bash useradd --groups google_sudoers tempuser echo "tempuser:password" | chpasswd

and then start your VM.

3. Connect to your VM via serial port with gcloud command:

    gcloud compute connect-to-serial-port NAME_OF_YOUR_VM_INSTANCE

   or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> and click on Connect to serial console

4. Check what went wrong.

5. Disable access via serial port with gcloud command:

    gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \ --metadata serial-port-enable=FALSE

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and uncheck Enable connecting to serial ports . Keep in mind that accordingly to the documentation Interacting with the serial console :

Caution : The interactive serial console does not support IP-based access restrictions such as IP whitelists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. Anybody can connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name. Use firewall rules to control access to your network and specific ports.

In addition, have a look at 3rd party example Resolving getting locked out of a Compute Engine .

If you weren't able to connect via serial console check logs:

1. Go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> at the VM instance details find section Logs and click on Serial port 1 (console)
2. Reboot your VM instance again.
3. Check full boot log for any errors or/and warnings.

If you found errors/warning related to disk space you can try to resize it accordingly to the documentation Resizing a zonal persistent disk , also accordingly to the article Recovering an inaccessible instance or a full boot disk :

If nothing helped , try to follow other recommendations from the documentation Troubleshooting SSH and update your question with your attempts.