0

I have created a GCP compute engine on default vpc, allowing all ports. In the IP range, I have mentioned the external IP address of the compute engine. I was able to ssh to the host via cloudshell gcloud.

Later after 2 days, I was unable to SSH to the host and running into an error - "We are unable to connect to the VM on port 22". So I created a new firewall rule as per the doc https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh-errors and was able to ssh to host successfully.

gcloud compute firewall-rules create firewall_name --allow tcp:22

Question: The initial firewall already has 'Protocols and ports' as 'all' (pls see the above image). Then why I was unable to ssh until I created another firewall rule with explicit mention of port 22?

Update: removed the screenshot per comment. I'm trying to connect from my mac laptop (chrome), connecting to GCP console, ssh via cloud shell (also tried ssh via web option).

user16798185
  • 99
  • 6
  • 1
    In Google Cloud, important details are how you are connecting and from where. For example, as @abdul-fahad mentions, firewall rules for IAP must also be created. For example, the browser uses IAP to connect. Note: screenshots are not [recommended](https://meta.stackoverflow.com/questions/285551/why-should-i-not-upload-images-of-code-data-errors/285557#285557) on Stack Overflow. In your case, the screenshotis not useful because you blocked out the relevant details. Therefore, just delete it from your post. Add details on how and where to your post. – John Hanley Aug 01 '23 at 11:54
  • removed screenshot. Just curious how it worked when I initially launched the VM? SSH was working for 2-3 days and stopped after few days from yesterday. – user16798185 Aug 01 '23 at 15:37
  • You did not provide additional details in your last update. – John Hanley Aug 01 '23 at 16:04
  • I'm trying to connect from my mac laptop (chrome), connecting to GCP console, ssh via cloud shell (also tried ssh via web option). – user16798185 Aug 01 '23 at 16:19
  • If you are using a web browser for SSH, then you must create firewall rules for IAP as per the answer from Abdul. Connecting using Cloud Shell does not use IAP. You are mixing technologies and getting mixed results because you have an incorrect configuration. – John Hanley Aug 01 '23 at 16:23
  • turns out, devops admin has revoked gcloud ssh access to everyone citing - gcloud shell gets a seperate IP which is outside of IAP so please use your local terminal or just click on ssh through webconsole. – user16798185 Aug 02 '23 at 15:53

2 Answers2

2

Your issue looks to be that you are missing IAP rules and google internal IP ranges that are needed to SSH in to the VM using gcloud compute ssh cli please allow following as per Google documentation: https://cloud.google.com/iap/docs/using-tcp-forwarding#create-firewall-rule In the source you have to set your home or office internet ip from where you are accessing the VM, from your home/office internet you can verify via telnet if port are open for 22. Also make sure the target tags are attached to VM as well to make it working, and VM should on on same VM subnet in which the rules are attached.

Abdul Fahad
  • 264
  • 1
  • 5
  • I saw a notification to enable IAP. But just curious how it worked when I initially launched the VM? SSH was working for 2-3 days and stopped after few days – user16798185 Aug 01 '23 at 15:23
0

turns out, devops admin has revoked gcloud ssh access to everyone citing - gcloud shell gets a seperate IP which is outside of IAP so please use your local terminal or just click on ssh through webconsole

user16798185
  • 99
  • 6