I can not start a new ssh connection to VM 1 day after starting VM.I could connect just after startup, and the channel I was connected to is still alive and I can still operate the VM through it.But I'm not able to start new ssh and scp connection.

I can not start a new ssh connection to VM 1 day after starting VM

Userlevel 6

+11

What about your firewall rules? There may have firewall rules as OS side (ufw, iptables) as VPC network (ingress).

Usually I connect through IAP tunnel.

Provide more details.

T

Userlevel 1

here is a response of “$ gcloud compute firewall-rules list”

NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED
default-allow-http default INGRESS 1000 tcp:80 False
default-allow-icmp default INGRESS 65534 icmp False
default-allow-internal default INGRESS 65534 tcp:0-65535,udp:0-65535,icmp False
default-allow-rdp default INGRESS 65534 tcp:3389 False
default-allow-ssh default INGRESS 65534 tcp:22 False

I think “default-allow-ssh” is related to this issue.

T

Userlevel 1

After “gcloud compute ssh” command fail, system asked me to check connectivity. here is result

---- Checking network connectivity ----
Your source IP address is XXX.XXX.XXX.XXX

Network Connectivity Test Result: REACHABLE

------

---- Checking user permissions ----
User permissions: 0 issue(s) found.

---- Checking VPC settings ----
VPC settings: 0 issue(s) found.

---- Checking VM status ----
VM status: 0 issue(s) found.

---- Checking VM boot status ----
VM boot: 0 issue(s) found.

Userlevel 7

+12

@taku Are you sshing via the public IP?

Userlevel 7

+35

Hello @taku,

Did you try the following FAQ regarding the SSH connection?

The SSH service on the VM may have been stopped or restarted.
The SSH port on the VM may have been changed.
There may be a firewall rule blocking SSH or SCP traffic to the VM.
There may be a problem with your SSH client.

There may be a problem with your working directory file read and write permission specially when you try to work with SCP. Make sure that there is no firewall blocking SSH or SCP traffic.

So you should Check the status of the SSH service on the VM

sudo service ssh status

If the SSH service is not running, start it by running the following command:

sudo service ssh start

Check the SSH port on the VM. You can do this by running the following command:

sudo netstat -an | grep ssh

The output of this command should show the port number that SSH is listening on. If the port number is not 22, you will need to update your SSH client to use the correct port number.

check your sshd_config file file for the use a password to access the SSH server:

use text editor such as nano or vimo to open sshd_config file:

sudo nano /etc/ssh/sshd_config

In the file, find the PasswordAuthentication line and make sure it ends with yes.

Find the ChallengeResponseAuthentication option and disable it by adding no.

Restart the SSH service by typing the following command:

sudo systemctl restart sshd

If it is caused by file permission then you should try the following command to change the file permission.

First, open the sshd_config file using a text editor:

sudo nano /etc/ssh/sshd_config

in the file make sure the following options are set as follows:

PermitRootLogin no

PubkeyAuthentication yes

Comment out the GSSAPI-related options by adding the hash sign at the beginning of the line:

#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no

Also, make sure the UsePAM line is set to yes

UsePAM yes

after Save the file and restart the sshd service:

systemctl restart sshd

Now check the home folder permissions:

ls -ld

If your owner permissions are not set to read, write, and execute drwx, use the chmod command to change them:

chmod 0700 /home/[your-username]

Then you can go to the .ssh folder and recheck the permissions:

ls -ld

now it show in screen drwx…..

also this directory should have read, write, and execute permissions for the file owner. So try to use chmod again

chmod 0700 /home/your_home/.ssh

The .ssh folder contains the authorized_keys file. Check its permissions with:

ls -ld authorized_keys

chmod 0600 /home/[username]/.ssh/authorized_keys

I hope above option will migh be help you to sort out your problem if it not then you cna check the following document.

T

Userlevel 1

I tried three methods

ssh button on VM instance dashboard
message “SSH authentication has failed” appear on error dialog box
gcloud compute ssh instance_name --project=… --zone=…
return error (client_loop: send disconnect: Broken pipe)
ssh user_name@public_IP
return error (client_loop: send disconnect: Broken pipe)

R

Can you please share the output of below command?

sudo service ssh status

And also let me know if you attached any NACL on the subnet which hosting the server?

T

Userlevel 1

This is output of service command, I get it just after reset the VM

xxxx:~$ sudo service ssh status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-10-09 08:39:14 UTC; 37s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1852 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Process: 1887 ExecReload=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Process: 1888 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 1867 (sshd)
Tasks: 1 (limit: 410866)
Memory: 5.4M
CGroup: /system.slice/ssh.service
└─1867 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Oct 09 08:39:14 taov50-instance-1 systemd[1]: Starting OpenBSD Secure Shell server...
Oct 09 08:39:14 taov50-instance-1 sshd[1867]: Server listening on 0.0.0.0 port 22.
Oct 09 08:39:14 taov50-instance-1 sshd[1867]: Server listening on :: port 22.
Oct 09 08:39:14 taov50-instance-1 systemd[1]: Started OpenBSD Secure Shell server.
Oct 09 08:39:14 taov50-instance-1 systemd[1]: Reloading OpenBSD Secure Shell server.
Oct 09 08:39:14 taov50-instance-1 sshd[1867]: Received SIGHUP; restarting.
Oct 09 08:39:14 taov50-instance-1 systemd[1]: Reloaded OpenBSD Secure Shell server.
Oct 09 08:39:14 taov50-instance-1 sshd[1867]: Server listening on 0.0.0.0 port 22.
Oct 09 08:39:14 taov50-instance-1 sshd[1867]: Server listening on :: port 22.

As I mentioned in first message, I can’t make new ssh connection in some hours after booting VM.

At the same time, on connected shell I can’t use any “sudo” command, sudo command is freeze, no response. But I can use VM by already connected shell.

R