1

Since I received a email warning letter from google says "Action required: Critical problem with My First Project" saying my server has some abnormal outgoing activity , I tried to implemented ufw in my debian server.

For my ufw setting, I've done the following:

sudo ufw default deny incoming 
sudo ufw default deny outgoing
sudo ufw allow ssh
sudo ufw allow 22
sudo ufw allow http
sudo ufw allow https

After I restart my server , I can't connect to my server with the error "Connection Failed: We are unable to connect to the VM on port 22. Learn more about possible causes of this issue."

I tried the answer I found in this forum : Google cloud unable to connect to the VM on port 22

I followed the following instruction but it still not working:

  1. Shut down the instance
  2. Click 'Edit' for the instance
  3. Under 'Custom Metadata' section, add 'startup-script' key, with value:

#! /bin/bash sudo ufw allow 22

  1. Click 'Save'

Can anyone help, I'll be appreciate!

My GCP Custom Metadata setting picture

翁啟豪
  • 11
  • 2

1 Answers1

0

If you were able to SSH before setting these OS FW rules. Restore UFW

ufw reset

sudo ufw default deny incoming

sudo ufw default allow outgoing

And then enable the SHH on the default port 22:

sudo ufw allow 22

sudo ufw enable

Be sure if you are using the default port number 22 or a different one. Follow these instructon if you are able to ssh without AFW.

https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh

Toni
  • 154
  • 5
  • Thanks for responding but the problem is I can't ssh to my server. I've tried the following ways in to google troubleshooting-ssh page but no luck. 1. I tried gcloud to create default-allow-ssh 2. I tried to use serial console to login but I haven't set password to my root account so I can't login. 3. I tried to add "/usr/sbin/ufw disable" to startup-script in Custom metadata and restart server many times but it seems the command is not executed so still not working. – 翁啟豪 Jan 24 '20 at 18:36
  • Just add the commands `ufw reset` and `sudo ufw disable` to the start up script. – Toni Jan 27 '20 at 08:09
  • Remember that in the start up script you have admin rights, for login trough the serial console add an "user" `#! /bin/bash adduser username echo 'username:password' | chpasswd usermod -aG google-sudoers username` – Toni Jan 27 '20 at 08:11