4

I have this VM instance in Google Console. The instance was created in project within another organization, then assigned to my email address.

I was assigned all admin related roles in IAM

I tried to access the instance directly via Browser and failed.

I keep getting an error on Console SSH from the Browser

I then tried adding a key and connecting directly. I tried using PuTTy in Windows as well as terminal in Ubuntu.

I have tried adding a key to the project

I have tried adding a key to the instance directly

All I get from the instance is "Too many authentication failures" in Ubuntu and "refused our key" in PuTTy

Server has network setting: Ingress : Allow SSH from anywhere : Apply to all : IP ranges: 0.0.0.0/0 : tcp:22 : Allow

I am able to access several other instances with no issues, so this issue has left me stumped!

Sunny J
  • 607
  • 3
  • 14
contemplator
  • 143
  • 6
  • Serial output shows `ERROR Exception calling the response handler. [Errno 2] No usable temporary directory found` which could the space issue. I've added RAM and HDD space to the instance, but not sure if this affects the actual root. Is there a way to affect the space on root with the increased disk size? – contemplator Jul 12 '18 at 08:51
  • I think this is a memory issue, and adding keys to console is not adding keys to the already full instance. I have tried accessing the instance using `gcloud compute` through serial port and getting the same error `Jul 23 11:15:57...google-accounts: ERROR Exception calling the response handler. [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/']`. Is there no way to access the instance? – contemplator Jul 23 '18 at 08:25

2 Answers2

1

If a compute engine instance no longer accepts SSH connections, there are many reasons this could happen. Some common causes of SSH connection issues are as follows:

-- OS Login is enabled on the instance [2]

-- OS Login is not enabled [3]

-- The instance has a full disk

-- The sshd daemon is not configured properly

The documentation on ssh troubleshooting [1] describes a number of tips and approaches to resolve some of the most common SSH issues.

If the provided steps in this document [1] do not work for you, and you need to recover data from your persistent boot disk, you can detach the boot disk and then attach that disk as a secondary disk on a new instance [4].

For better understanding about roles and permissions documentation [5] could be helpful.

[1] https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh

[2] https://cloud.google.com/compute/docs/instances/managing-instance-access#enable_oslogin

[3] https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/packages/python-google-compute-engine#accounts

[4] https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh#move_boot_disk

[5] https://cloud.google.com/iam/docs/understanding-roles

Shafiq I
  • 166
  • 5
1

According to your description, it seems your instance is using the os-login feature, since you mention that the instance was created in project within another organization, if that the case you are missing some roles in your user account within the project and role under the organization level as well (not sure if this already applied in the organization level)

1- For your email address, you need to have the iam.serviceAccountUser and one of the following login roles:

  • The compute.osLogin role, which does not grant administrator permissions
  • The compute.osAdminLogin role, which grants administrator permissions

2- On the organization level they need to have compute.osLoginExternalUser role to allow external users outside of your organization access their instances.

In Case you are not using the os-login feature, I suggest you to check the Guest environment if its running correctly.

Alioua
  • 411
  • 2
  • 8
  • The owner of of the project (the creator) cannot access the instance via browser either. Serial Console keeps giving `Jul 23 ...: ERROR Exception calling the response handler. [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/']`. Your sure it's not a memory issue? – contemplator Jul 23 '18 at 08:22
  • I will attempt to use OS Login. I however cannot find **compute.osLoginExternalUser**, but I can view my roles on their project. – contemplator Jul 23 '18 at 08:52
  • I think [**compute.osLoginExternalUser**](https://i.stack.imgur.com/N6mWV.png) is enabled on the project. Does this count? – contemplator Jul 23 '18 at 09:00
  • Yes this it, so just enable the os-login on the project level or instance level by adding in the metadata the key=**enable-oslogin** and value=**TRUE** – Alioua Jul 23 '18 at 18:22
  • This did not work either. I decided at last to snapshot the instance, delete the instance, created a bigger instance with the snapshot attached to find that it was 100% full and nothing I could have done above would have worked. Thanks for all your help. – contemplator Sep 04 '18 at 10:27