无法SSH到Google Cloud VM [英] Can't SSH into Google Cloud VM

问题描述

我能够成功地将SSH SSH到昨天设置的Google Cloud VM中，但是由于某种原因，今天我不能这样做，而且我也没有搞乱任何设置，尤其是防火墙设置.现在，它一直给我这些错误:

I was able to successfully SSH into the Google Cloud VM I had set up yesterday, but today for some reason I can't, and I didn't mess with any of the settings, especially not the Firewall settings. It keeps giving me these errors now:

通过Cloud Identity-Aware代理的连接失败 编码:4003 原因:无法连接到后端 您也许可以在不使用Cloud Identity-Aware代理的情况下进行连接.

Connection via Cloud Identity-Aware Proxy Failed Code: 4003 Reason: failed to connect to backend You may be able to connect without using the Cloud Identity-Aware Proxy.

然后，当我单击不使用身份识别代理进行连接"时，出现以下错误:

Then when I click on "Connect without Identity-Aware Proxy" I get the following error:

连接失败 我们无法在端口22上连接到VM.了解有关此问题的可能原因的更多信息.

Connection Failed We are unable to connect to the VM on port 22. Learn more about possible causes of this issue.

我不知道发生了什么.昨天情况很好，现在却不行.

I don't know what happened. Yesterday it was working fine and now it's not.

推荐答案

首先，尝试禁用Cloud Identity-Aware代理并通过Web控制台连接到VM实例.

At first, try to disable Cloud Identity-Aware Proxy and connect to the VM instance via web Console.

之后，请检查日志:

• 转到Compute Engine-> VM instances->点击NAME_OF_YOUR_VM->在VM instance details查找部分日志上，然后单击Serial port 1 (console)
• 重新启动您的VM实例.
• 检查完整的启动日志中是否有任何错误或警告.

• Go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> at the VM instance details find section Logs and click on Serial port 1 (console)
• Reboot your VM instance.
• Check full boot log for any errors or/and warnings.

如果您的VM实例未启动，请遵循文档

If your VM instance doesn't start up verify that your disk has a valid file system and a valid master boot record (MBR) by following the documentation General troubleshooting.

如果发现与磁盘空间相关的错误/警告，则可以尝试根据文档

If you found errors/warning related to disk space you can try to resize it accordingly to the documentation Resizing a zonal persistent disk, also accordingly to the article Recovering an inaccessible instance or a full boot disk:

如果实例完全没有磁盘空间或没有运行 Linux来宾环境，然后自动调整根大小 文件系统是不可能的，即使您增加了 支持它的持久磁盘.如果您无法连接到实例， 或启动磁盘已满，并且无法调整其大小，则必须创建一个 新实例，然后从快照重新创建启动磁盘以调整其大小.

If an instance is completely out of disk space or if it is not running a Linux guest environment, then automatically resizing your root filesystem isn't possible, even after you've increased the size of the persistent disk that backs it. If you can't connect to your instance, or your boot disk is full and you can't resize it, you must create a new instance and recreate the boot disk from a snapshot to resize it.

否则，请尝试通过串行控制台访问您的VM实例:

Otherwise try get access to your VM instance via serial console :

• 启用串行控制台连接使用gcloud命令:

  gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
  --metadata serial-port-enable=TRUE

或转到Compute Engine-> VM instances->点击NAME_OF_YOUR_VM_INSTANCE->点击EDIT->转到 Remote access 部分并选中Enable connecting to serial ports

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and check Enable connecting to serial ports

创建用于登录的临时用户和密码:关闭虚拟机并设置启动脚本，方法是在 Custom metadata 部分添加键startup-script和值:

Create temporary user and password to login: shutdown your VM and set a startup script by adding at the section Custom metadata key startup-script and value:

  useradd --groups google_sudoers tempuser
  echo "tempuser:password" | chpasswd

然后启动您的VM.

通过串行连接到VM gcloud命令打开端口:

Connect to your VM via serial port with gcloud command:

  gcloud compute connect-to-serial-port NAME_OF_YOUR_VM_INSTANCE

或转到Compute Engine-> VM instances->点击NAME_OF_YOUR_VM_INSTANCE->然后点击Connect to serial console

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> and click on Connect to serial console

检查出了什么问题.

禁止通过串行端口访问使用gcloud命令:

  gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
  --metadata serial-port-enable=FALSE

或转到Compute Engine-> VM instances->点击NAME_OF_YOUR_VM_INSTANCE->点击EDIT->转到 Remote access 部分，然后取消选中Enable connecting to serial ports.请记住，根据文档与串行控制台进行交互:

or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and uncheck Enable connecting to serial ports. Keep in mind that accordingly to the documentation Interacting with the serial console:

警告:交互式串行控制台不支持基于IP的访问 IP白名单等限制.如果启用互动 实例上的串行控制台，客户端可以尝试连接到该控制台 任何IP地址的实例.任何人都可以连接到该实例，如果 他们知道正确的SSH密钥，用户名，项目ID，区域和 实例名称.使用防火墙规则来控制对网络的访问 和特定的端口.

Caution: The interactive serial console does not support IP-based access restrictions such as IP whitelists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. Anybody can connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name. Use firewall rules to control access to your network and specific ports.

如果您无法通过串行控制台进行连接，请尝试遵循文档对SSH进行故障排除部分在不关闭虚拟机实例的情况下对其进行检查并检查另一台VM上的VM磁盘.您可以将数据传输到另一个正常运行的VM实例的方式相同.

If you weren't able to connect via serial console, try follow the documentation Troubleshooting SSH section Inspect the VM instance without shutting it down and inspect the disk of your VM on another VM. Same way you can transfer your data to another working VM instance.

这篇关于无法SSH到Google Cloud VM的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！