无法通过 SSH 连接到 Google Compute Engine

无法通过 SSH 连接到 Google Compute Engine

我过去常常通过单击“在 Web 浏览器中打开”通过 GCE Web UI 登录实例。

最近我尝试使用相同的方式登录实例,但窗口只是一直显示“正在连接”并且没有执行任何操作。

我尝试从 Google Cloud Shell 进行 ssh。我得到的结果是:

USERNAME@cloudshell:~ (voltaic-phalanx-786)$ gcloud compute ssh --zone "asia-east1-c" "newforum" --project "voltaic-phalanx-786" --ssh-flag="-vvv"
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname X.X.X.X is address
debug2: ssh_connect_direct
debug1: Connecting to X.X.X.X [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/USERNAME/.ssh/google_compute_engine type 0
debug1: identity file /home/USERNAME/.ssh/google_compute_engine-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to X.X.X.X:22 as 'USERNAME'
debug1: using hostkeyalias: compute.xxx
debug3: hostkeys_foreach: reading file "/home/USERNAME/.ssh/google_compute_known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/USERNAME/.ssh/google_compute_known_hosts:1
debug3: load_hostkeys: loaded 1 keys from compute.xxx
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-grou
p14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]
,[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-grou
p14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
[email protected]: Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].

我尝试重启实例。串口输出的最后几行是:

Apr  6 14:14:45 newforum systemd[1]: Starting Google Compute Engine Startup Scripts...
Apr  6 14:14:46 newforum GCEMetadataScripts[1575]: 2021/04/06 14:14:46 GCEMetadataScripts: Starting startup scripts (version 20201217.02-0ubuntu1~18.04.0).
Apr  6 14:14:46 newforum GCEMetadataScripts[1575]: 2021/04/06 14:14:46 GCEMetadataScripts: Found startup-script in metadata.
Apr  6 14:14:46 newforum GCEMetadataScripts[1575]: 2021/04/06 14:14:46 GCEMetadataScripts: startup-script: Skipping adding existing rule
Apr  6 14:14:46 newforApr  6 14:14:46 newforum systemd[1]: Started Google Compute Engine Startup Scripts.
Apr  6 14:14:46 newforum systemd[1]: Startup finished in 6.585s (kernel) + 17.727s (userspace) = 24.313s.


Ubuntu 18.04.5 LTS newforum ttyS0

newforum login: Apr  6 14:15:14 newforum snapd[1048]: stateengine.go:150: state ensure error: Get https://api.snapcraft.io/api/v1/snaps/sections: dial tcp: lookup api.snapcraft.io on [::1]:53: read udp [::1]:60506->[::1]:53: read: connection refused
Apr  6 14:15:16 newforum snapd[1048]: daemon.go:589: gracefully waiting for running hooks
Apr  6 14:15:16 newforum snapd[1048]: daemon.go:591: done waiting for running hooks
Apr  6 14:15:16 newforum snapd[1048]: daemon stop requested to wait for socket activation
Apr  6 14:29:37 newforum systemd[1]: Starting Cleanup of Temporary Directories...
Apr  6 14:29:37 newforum systemd[1]: Started Cleanup of Temporary Directories.

但我仍然无法登录实例。我该怎么办?

答案1

首先,您的帖子可能会被删除,因为敏感信息已被分享,并且可能已被标记。为了最大限度地降低项目风险,我建议您加快删除过程(如果您只是编辑帖子,则信息将保留在编辑历史记录中)。

话虽如此,请检查以下内容:

通过阅读您的日志,我注意到该错误Permission denied (publickey)通常归因于在实例或项目级别激活的操作系统登录。

跟随本指南如果已启用,则禁用 OS Login,如此步骤的警告中所述:

警告:在实例上启用 OS Login 会禁用这些实例上基于元数据的 SSH 密钥配置。禁用 OS Login 会恢复您在项目或实例元数据中配置的 SSH 密钥。

您还可以尝试启用此实例的串行端口访问,然后排除 SSH 连接故障从这里开始,步骤如下:

  1. 启用虚拟机实例的访问
  • 在 Google Cloud Console 中,转到 VM 实例页面。
  • 进入虚拟机实例页面
  • 单击要启用访问权限的实例。
  • 单击“编辑”。
  • 在远程访问部分下,切换启用连接到串行端口复选框。
  • 保存更改。
  1. 添加启动脚本以创建本地用户。
  • 在 Google Cloud Console 中,转到 VM 实例页面。

  • 进入虚拟机实例页面

  • 单击要添加启动脚本的实例。将显示实例详细信息页面。

  • 在实例详细信息页面中,完成以下步骤:单击页面顶部的编辑按钮。

  • 在自定义元数据下,单击添加项目。

  • 使用以下某个键添加您的启动脚本(您应该用大写字母替换 USERNAME 和 PASSWORD 等变量):

Key: startup-script

Value:

#! /bin/bash
sudo useradd USERNAME; echo -e "PASSWORD\nPASSWORD" | passwd USERNAME | echo 'USERNAME ALL=(ALL:ALL) ALL' >> /etc/sudoers
  • 使用此启动脚本,您将在 Linux 操作系统上创建具有 sudo 权限的本地用户。

  • 停止/启动虚拟机

  1. 连接到串行控制台
  • 在 Google Cloud Console 中,转到 VM 实例页面。
  • 进入虚拟机实例页面
  • 单击要连接的实例。
  • 在远程访问下,单击连接到串行控制台以连接到默认端口(端口 1)。
  • 使用您在脚本上提供的用户名和密码登录。
  • 登录后,只需输入“bash”命令即可启动 bash 终端,就像通过 SSH 访问时一样。
  • 重启 SSH 服务:
$ sudo service sshd status
$ sudo service sshd restart
  • 重新启动后,尝试再次通过 SSH 连接。

作为一种恢复方法,如果您能够创建一个新实例并毫无问题地连接到它,那么您可以从磁盘创建快照受影响实例的从中创建一个新实例或者你可以分离受影响的磁盘将其附加到新实例来传递信息。

如果你收集并分享您的日志:

  1. 转到Compute Engine-> VM instances-> 单击 NAME_OF_YOUR_VM -> 在 VM 实例详细信息中查找部分Logs并单击Serial port 1 (console)

  2. 重新启动您的 VM 实例(如果可能)。

  3. 检查完整启动日志中是否存在任何错误或/和警告。

  4. 如果发现与磁盘空间相关的错误/警告您可以尝试根据文档调整其大小调整区域永久性磁盘的大小或关注这篇文章恢复无法访问的实例或完整的启动磁盘

  5. 如果您需要更多帮助,请使用以下方式分享完整日志pastebin.com

相关内容