Google Cloud Platform修复SSH [英] Google Cloud Platform fix SSH

问题描述

我在 google计算引擎上的 SSH 访问权限有问题.我做了一个服务器，在上面设置了应用程序，并配置了域，一切正常.几天后，当我想联系她进行更改时，我的SSH无法正常工作.我有一个假设我正在打开防火墙，而我没有为SSH添加规则，也许这是一个问题吗?但是如何立即访问计算机并启用它呢?

I have a problem with SSH access on my google compute engine. I made a server, set up the application on it and configured the domain and everything works. After a few days when I wanted to approach her to make changes my SSH didn’t work. I have one assumption I was turning on firewall and I didn't add a rule for SSH, maybe that's a problem? But how to access the machine now and enable it?

谢谢.

推荐答案

要解决您的问题，您可以通过串行控制台连接到VM实例.在通过串行控制台连接到VM之前，请检查是否已在

To solve your issue you can connect to your VM instance via serial console. Before connecting to the VM via serial console check if you enabled connections to your VM instance at GCP Firewall.

请查看下面的分步说明:

Please have a look at the step by step instructions below:

1. 启用串行控制台连接使用 gcloud 命令:

 gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
 --metadata serial-port-enable=TRUE

或转到 Compute Engine -> VM实例->点击 NAME_OF_YOUR_VM_INSTANCE ->点击 EDIT ->转到 远程访问 部分，然后选中启用连接到串行端口

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and check Enable connecting to serial ports

1. 创建用于登录的临时用户和密码:关闭虚拟机并设置启动脚本，方法是在 自定义元数据 部分添加启动脚本和值:

 #!/bin/bash
 useradd --groups google_sudoers tempuser
 echo "tempuser:password" | chpasswd

然后启动您的VM.

1. 通过串行连接到VM gcloud 命令使用端口:

 gcloud compute connect-to-serial-port NAME_OF_YOUR_VM_INSTANCE

或转到 Compute Engine -> VM实例->点击 NAME_OF_YOUR_VM_INSTANCE ->然后点击连接到串行控制台

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> and click on Connect to serial console

检查出了什么问题.

禁止通过串行端口访问使用 gcloud 命令:

 gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
 --metadata serial-port-enable=FALSE

或转到 Compute Engine -> VM实例->点击 NAME_OF_YOUR_VM_INSTANCE ->点击 EDIT ->转到 远程访问 部分，然后取消选中启用连接到串行端口.请记住，根据文档与串行控制台进行交互:

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and uncheck Enable connecting to serial ports. Keep in mind that accordingly to the documentation Interacting with the serial console:

警告:交互式串行控制台不支持基于IP的访问IP白名单等限制.如果启用互动实例上的串行控制台，客户端可以尝试连接到该控制台任何IP地址的实例.任何人都可以连接到该实例，如果他们知道正确的SSH密钥，用户名，项目ID，区域和实例名称.使用防火墙规则来控制对网络的访问和特定的端口.

Caution: The interactive serial console does not support IP-based access restrictions such as IP whitelists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. Anybody can connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name. Use firewall rules to control access to your network and specific ports.

此外，请看第三方示例解决了被Compute Engine锁定的问题.

In addition, have a look at 3rd party example Resolving getting locked out of a Compute Engine.

如果您无法通过串行控制台连接，请检查日志:

1. 转到 Compute Engine -> VM实例->点击NAME_OF_YOUR_VM->在 VM实例详细信息中，找到部分日志，然后单击串行端口1(控制台)
2. 再次重新启动您的VM实例.
3. 检查完整的启动日志中是否有任何错误或警告.

1. Go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> at the VM instance details find section Logs and click on Serial port 1 (console)
2. Reboot your VM instance again.
3. Check full boot log for any errors or/and warnings.

如果发现与磁盘空间有关的错误/警告，则可以尝试根据文档

If you found errors/warning related to disk space you can try to resize it accordingly to the documentation Resizing a zonal persistent disk, also accordingly to the article Recovering an inaccessible instance or a full boot disk:

如果没有帮助，请尝试遵循文档

If nothing helped, try to follow other recommendations from the documentation Troubleshooting SSH and update your question with your attempts.

这篇关于Google Cloud Platform修复SSH的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！