can not connect to the instance | C2C Community
Solved

can not connect to the instance

  • 6 September 2022
  • 8 replies
  • 66 views

Hi there, 

 

I am using a VM instance. I can not SSH to the instance anymore.

I’ve tried reset the machine. 

I’ve followed the trouble shooting. The auto trouble shooting shows everything is fine. 

 

What else can I do? 

icon

Best answer by seijimanoan 8 September 2022, 18:52

View original

8 replies

Userlevel 7
Badge +32

Hi @peter_dev_account do you have the proper firewall rules that allow ssh to the machine?. Without opening the firewall SSH into the VM machine won’t work.

 

Cheers

Userlevel 7
Badge +12

I agree with  @Alfons 

@Alfons 

 

Yes. It works very well for very long time!

Can not connect again ever since yesterday!

Userlevel 6
Badge +11

@peter_dev_account

Check out

  • Firewall rules of VPC
  • Firewall rules of Linux (VM) like firewalld, ufw
  • Iptables rules - is that blocking?
  • SSHd service - is that running?

You didn't show any error message or log for better understanding.

---

Tip: many bots over internet scan VMs that are exposed publicly on default port. So the SSHd service stops new sessions for some time to avoid brute force attack.

You can use IAP tunnel instead of public IP.

Userlevel 7
Badge +65

Hi @peter_dev_account,

have you checked @seijimanoan’s answer? Is it helpful?

Hi, 

 

Thanks for your reply. 

I’ve followed the instructions. It did not work anyways. I ended up having google customer support to help fix it. 

The VM that I use are in a very unstable status. We were only able to recover the data with some luck thanks to Google’s customer support. 

My takeaway is investing on backup and disaster recovery. 

Userlevel 6
Badge +11

@peter_dev_account All right.

Anyway, my tip is still valid. Try to use IAP tunnel instead of exposing the SSH port under public IP address.

The IAP tunnel is free, so you just need to set up the firewall rules. Look at here.

So you could log in with

gcloud compute ssh example-instance --zone=us-central1-a

...like explained at here.

 

 

You would have a safer network. Because no SSH port would be open for public ingress (Internet).

My source btw. Thanks! Good luck.

Userlevel 7
Badge +65

Hi @peter_dev_account,

can you tell us more about how you fixed it and what your backup and disaster recovery plans are?

Also, check @malamin’s post about Backup and DR

Reply