4

I have a Ubuntu 16.04 LTS VM which I rebooted to apply updates to, but have got the following when trying to connect to SSH through the browser console since:

Connection failed We are unable to connect to the VM on port 22.

The serial output suggests it's started without issue and it's pingable. A reset made no difference.

D Saini
  • 97
  • 5
user3333099
  • 39
  • 2
  • 6

1 Answers1

4

Please find below some general recommendation to troubleshoot this issue.

  • Make sure the VM boot disk is not full and has enough memory space after system updates. You can opt to resize VM disk and detailed steps are here.
  • Make sure from VM serial console output that the instance has fully booted up.
  • Once the instance is booted confirm if ssh daemon is running. Serial console output will have information about ssh daemon. If ssh service is not running you can use interactive serial console to start the service.
  • Make sure you have firewall rule configured in GCE network to allow ssh port.
  • Make sure firewall on the instance(e.g. iptables) is allowing the ssh port. You can use interactive serial console to disable firewall on the VM, if required.
  • You can try ssh from cloud console terminal. You can find more details here. Moreover you can try ssh in verbose or debugging mode: #ssh -v username@host_ipaddress
D Saini
  • 97
  • 5
  • The disk page gives the size but doesn't tell you how much is in use, is there any way to tell if it's full when you can't issue commands in the VM? >Serial console output will have information about ssh daemon the only mention of SSH is from sshguard. Added serial-port-enable=1 metadata to allow interactive access through serial but I can't see any additional options. Trying to SSH to it from the cloud shell gives 'Name or service not known'. – user3333099 Jan 03 '18 at 10:31
  • I now get a 'connect to serial console' option but it prompts me for a login which I also need to run sudo passwd. Is there any way I can get it to run with a '-a root' flag? – user3333099 Jan 03 '18 at 15:40
  • By default, Google-supplied system images are not configured to allow password-based logins for local users. If your instance is running an image that is preconfigured with serial port logins, you need to [set up a local password](https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#setting_up_a_local_password) on the VM. But this step require SSH connection into VM instance. Can you please post complete error message received from gcloud compute ssh command & ssh in in verbose mode given from cloud shell? – D Saini Jan 04 '18 at 00:24
  • $ gcloud compute --project "" ssh --zone "europe-west1-c" "" ssh: connect to host port 22: Connection timed out ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. :~$ Trying to ssh to it through the gcloud console with ssh -v gives: ssh: Could not resolve hostname Name or service not known – user3333099 Jan 04 '18 at 14:30
  • Error code 255 is generic and does not provide much useful information. For ssh in verbose mode command, you can use VM external IP as well rather giving hostname. Also, please try port scan of VM’s external IP and test ssh for tcp:22 is not blocked by firewall. Please use $ nmap -Pn {external IP} from cloud shell for port scanning. Please refer [this document](https://cloud.google.com/compute/docs/troubleshooting#ssherrors) having number of tips and approaches to troubleshoot common SSH issues and let me know if it helps? – D Saini Jan 04 '18 at 23:21
  • I get: -bash: nmap: command not found I suspect the F-Secure I installed on there has enabled the firewall by default and blocked everything and I've not enabled the option to allow remote access to web user interface. I thought it'd be managed by a profile like everything else. As a result I'm locked out. The only way I can see around it is to get the serial console to pass in the '-a root' flag when it connects but there doesn't seem to be any way of doing that. Would it be possible to connect the disk to that of another instance so I can manually edit /etc/passwd? – user3333099 Jan 05 '18 at 10:23
  • You need to install nmap package on a Linux machine that has access to the internet. To add the old disk to a new instance please refer to steps given in previously shared troubleshooting document. – D Saini Jan 05 '18 at 22:39
  • Disks can only be shared between multiple instances in read only mode. I need it to be writable and can't see any option to detach it from the first instance through the GUI (why not?) but there is a gcloud command for it. gcloud compute instances detach-disk --disk= --zone=europe-west1-c ERROR: (gcloud.compute.instances.detach-disk) Could not fetch resource: - Hot-remove of the root disk is not supported. Don't understand why I can't do this when the instance is powered off? – user3333099 Jan 08 '18 at 11:48
  • The other options are to connect it to cloud storage or create a NFS. Cloud storage is object based and while you can use a FUSE adapter to use it as a file system in an instance, I can’t see any info on how to get the contents of an existing persistent disk into one. https://cloud.google.com/storage/docs/gcs-fuse – user3333099 Jan 08 '18 at 11:57
  • Have you tried deleting the old instance while keeping old instance boot disk as described in the [document steps?](https://cloud.google.com/compute/docs/troubleshooting#use_your_disk_on_a_new_instance). As far as cloud storage fuse is concerned, it is used to allows users to mount GCS buckets as file systems on a operating systems. It does not mean that the persistent disk could be used as a substitute for the GCS buckets. – D Saini Jan 09 '18 at 00:06
  • Found someone who had the same problem https://stackoverflow.com/questions/47399105/how-to-reset-password-or-set-single-user-mode-for-serial-console-logon chroot to the resuce. Thanks D Saini for your help, much appreciated. – user3333099 Jan 17 '18 at 14:48