GCP computer engine ssh 連線失敗

google cloud platform google雲端平台 ssh ssh key ufw

aad61404 2020-07-04 11:37:43 ‧ 6595 瀏覽

各位大大好
小弟在GCP 上新建了一個 computer engine
想在我的mac 使用 ssh 連線登入我的執行個體

gcloud beta compute ssh --zone "us-west1-b" "mac-vm" --project "mac-vm-282201"

ssh: connect to host 34.105.11.187 port 22: Operation timed out
ERROR: (gcloud.beta.compute.ssh) [/usr/bin/ssh] exited with return code [255].

ssh -I ~/.ssh/mac-vm-key asd61404@34.105.11.187

ssh: connect to host 34.105.11.187 port 22: Operation timed out

gcloud compute ssh —zone "us-west1-b" "mac-vm" —project "mac-vm-282201" —ssh-flag="-vvv"

return

OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname 34.105.11.187 is address
debug2: ssh_connect_direct
debug1: Connecting to 34.105.11.187 [34.105.11.187] port 22.

Serial Port

Jul  4 02:28:39 mac-vm google_network_daemon[684]: For info, please visit https://www.isc.org/software/dhcp/
Jul  4 02:28:39 mac-vm dhclient[684]: 
Jul  4 02:28:39 mac-vm dhclient[684]: Listening on Socket/ens4
[   19.458355] google_network_daemon[684]: Listening on Socket/ens4
Jul  4 02:28:39 mac-vm google_network_daemon[684]: Listening on Socket/ens4
Jul  4 02:28:39 mac-vm dhclient[684]: Sending on   Socket/ens4
[   19.458697] google_network_daemon[684]: Sending on   Socket/ens4
Jul  4 02:28:39 mac-vm google_network_daemon[684]: Sending on   Socket/ens4
Jul  4 02:28:39 mac-vm systemd[1]: Finished Wait until snapd is fully seeded.
Jul  4 02:28:39 mac-vm systemd[1]: Starting Apply the settings specified in cloud-config...
Jul  4 02:28:39 mac-vm systemd[1]: Condition check resulted in Auto import assertions from block devices being skipped.
Jul  4 02:28:39 mac-vm systemd[1]: Reached target Multi-User System.
Jul  4 02:28:39 mac-vm systemd[1]: Reached target Graphical Interface.
Jul  4 02:28:39 mac-vm systemd[1]: Starting Update UTMP about System Runlevel Changes...
Jul  4 02:28:39 mac-vm systemd[1]: systemd-update-utmp-runlevel.service: Succeeded.
Jul  4 02:28:39 mac-vm systemd[1]: Finished Update UTMP about System Runlevel Changes.
[   20.216129] cloud-init[718]: Cloud-init v. 20.1-10-g71af48df-0ubuntu5 running 'modules:config' at Sat, 04 Jul 2020 02:28:39 +0000. Up 20.11 seconds.
Jul  4 02:28:39 mac-vm cloud-init[718]: Cloud-init v. 20.1-10-g71af48df-0ubuntu5 running 'modules:config' at Sat, 04 Jul 2020 02:28:39 +0000. Up 20.11 seconds.
Jul  4 02:28:39 mac-vm systemd[1]: Finished Apply the settings specified in cloud-config.
Jul  4 02:28:39 mac-vm systemd[1]: Starting Execute cloud user/final scripts...
Jul  4 02:28:41 mac-vm google-clock-skew: INFO Synced system time with hardware clock.
[   20.886105] cloud-init[725]: Cloud-init v. 20.1-10-g71af48df-0ubuntu5 running 'modules:final' at Sat, 04 Jul 2020 02:28:41 +0000. Up 20.76 seconds.
[   20.886430] cloud-init[725]: Cloud-init v. 20.1-10-g71af48df-0ubuntu5 finished at Sat, 04 Jul 2020 02:28:41 +0000. Datasource DataSourceGCE.  Up 20.87 seconds
Jul  4 02:28:41 mac-vm cloud-init[725]: Cloud-init v. 20.1-10-g71af48df-0ubuntu5 running 'modules:final' at Sat, 04 Jul 2020 02:28:41 +0000. Up 20.76 seconds.
Jul  4 02:28:41 mac-vm cloud-init[725]: Cloud-init v. 20.1-10-g71af48df-0ubuntu5 finished at Sat, 04 Jul 2020 02:28:41 +0000. Datasource DataSourceGCE.  Up 20.87 seconds
Jul  4 02:28:41 mac-vm systemd[1]: Finished Execute cloud user/final scripts.
Jul  4 02:28:41 mac-vm systemd[1]: Reached target Cloud-init target.
Jul  4 02:28:41 mac-vm systemd[1]: Starting Google Compute Engine Startup Scripts...
Jul  4 02:28:41 mac-vm startup-script: INFO Starting startup scripts.
Jul  4 02:28:41 mac-vm startup-script: INFO Found startup-script in metadata.
Jul  4 02:28:42 mac-vm startup-script: INFO startup-script: sudo: ufw: command not found
Jul  4 02:28:42 mac-vm startup-script: INFO startup-script: Return code 1.
Jul  4 02:28:42 mac-vm startup-script: INFO Finished running startup scripts.
Jul  4 02:28:42 mac-vm systemd[1]: google-startup-scripts.service: Succeeded.
Jul  4 02:28:42 mac-vm systemd[1]: Finished Google Compute Engine Startup Scripts.
Jul  4 02:28:42 mac-vm systemd[1]: Startup finished in 1.396s (kernel) + 20.065s (userspace) = 21.461s.
Jul  4 02:29:06 mac-vm systemd[1]: systemd-hostnamed.service: Succeeded.
Jul  4 02:43:32 mac-vm systemd[1]: Starting Cleanup of Temporary Directories...
Jul  4 02:43:32 mac-vm systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
Jul  4 02:43:32 mac-vm systemd[1]: Finished Cleanup of Temporary Directories

網路上目前還沒找到適用的方法
請問有大大解過類似問題或是提供一些方向?
非常感激

Angeloli iT邦新手 5 級 ‧ 2021-02-19 10:40:13 檢舉

把key加到安全殼層金鑰試試
這個翻譯好像才是SSH KEY

登入發表討論

直播研討會

{{ item.channelVendor }} {{ item.webinarstarted }} |

直播中

4 個回答

BMG50

iT邦新手 5 級 ‧ 2020-07-04 11:45:26

VPC Network -> Firewall -> Create Firewall Rule -> Allow port 22

回應 1
分享
檢舉

aad61404 iT邦新手 5 級 ‧ 2020-07-04 12:33:42 檢舉

謝謝大大即時回覆
請問圖片裡面算是開起來了嗎？

登入發表回應

ckp6250

iT邦好手 1 級 ‧ 2020-07-04 14:51:46

我是建議直接用瀏覽器ssh比較方便，

然後，建議安裝

https://chrome.google.com/webstore/detail/ssh-for-google-cloud-plat/ojilllmhjhibplnppnamldakhpmdnibd

好用又美觀，而且到任何一台電腦都能直接連入，很方便。

回應 3
分享
檢舉

aad61404 iT邦新手 5 級 ‧ 2020-07-06 10:51:42 檢舉

目前我也是用這個方式 XD
只是想說能從否從mac terminal 下指令連過去

ssh 一直連不到，在這上面花太多時間仍沒解決
好像有點浪費時間

㊣浩瀚星空㊣ iT邦大神 1 級 ‧ 2020-07-06 11:12:16 檢舉

「而且到任何一台電腦都能直接連入」
光這一點，其實我就怕怕的了。

個人對安全性的解釋不同。
雖然該操作是得要先登入gcp的後台才可以進去。
看起來很安全。
其實如果是在自已家的電腦也就算了。

光在別人家登入gcp。我就覺得是很可怕的動作了。
更不要說再用瀏覽器來java登入ssh的動作了。

ckp6250 iT邦好手 1 級 ‧ 2020-07-06 14:53:03 檢舉

浩大說得對，我其實有簡略掉了說法。

GCP上，我有設防火牆，限定port22只有幾個IP可以連入，平常沒用時是全擋，等真要ssh時，會先去設定防火牆之後，再連入，連完後，立刻再關掉。

在別人家若是真要登入，也得先設定允許之ip後才行，用後立刻刪掉該ip，並非門戶洞開。

登入發表回應

liaowenming23

iT邦新手 5 級 ‧ 2020-07-05 23:49:37

試看看

ssh -i ~/.ssh/mac-vm-key asd61404@34.105.11.187

回應 2
分享
檢舉

aad61404 iT邦新手 5 級 ‧ 2020-07-06 10:35:00 檢舉

感謝大大回答只是它會回傳

ssh: connect to host 34.105.11.187 port 22: Operation timed out

我是可以ping 到34.105.11.187
請問大大我除了在mac 上設定好key

防火牆需要做什麼調整嗎？

/etc/ssh/ssh_config

#	$OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

 Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication no
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   IdentityFile ~/.ssh/mac-vm-key
#   Port 22
#   Protocol 2
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h

# Host *
	# SendEnv LANG LC_*

/etc/ssh/sshd_config

#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

...
# 皆是註解

Port 22
HostKey /etc/ssh/ssh_host_rsa_key
AuthorizedKeysFile	.ssh/authorized_keys
UsePAM yes
AcceptEnv LANG LC_*
Subsystem	sftp	/usr/libexec/sftp-server

感謝大大回答 只是它會回傳
```
ssh: connect to host 34.105.11.187 port 22: Operation timed out
```
我是可以ping 到34.105.11.187
請問大大我除了在mac 上設定好key
![https://ithelp.ithome.com.tw/upload/images/20200706/20103798p6XFko3VSd.png](https://ithelp.ithome.com.tw/upload/images/20200706/20103798p6XFko3VSd.png)

防火牆需要做什麼調整嗎 ？

/etc/ssh/ssh_config

```
#	$OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication no
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   IdentityFile ~/.ssh/mac-vm-key
#   Port 22
#   Protocol 2
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h

# Host *
	# SendEnv LANG LC_*

```

/etc/ssh/sshd_config 
```
#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

...
# 皆是註解

Port 22
HostKey /etc/ssh/ssh_host_rsa_key
AuthorizedKeysFile	.ssh/authorized_keys
UsePAM yes
AcceptEnv LANG LC_*
Subsystem	sftp	/usr/libexec/sftp-server
```

修改

liaowenming23 iT邦新手 5 級 ‧ 2020-07-06 21:11:14 檢舉

telnet 34.105.11.187 22,先檢查22 port有沒有通吧

登入發表回應