Why does google CloudShell not have the same subnet IP address as my vm instance? Cannot ssh, but can get serial port login: prompt

networking ssh google-cloud-platform cloud google-compute-engine
5,762

Cloud Shell provides a limited shell for interactive use only as per the following documentation.

A Google Cloud Shell SSH connection allows users to connect to Google Compute Engine Virtual Machines from within the Google Cloud Platform Console. It differs from SSH connections made from Compute Engine VM instances because they are made from inside another VPC network and can be behind a firewall that if not set correctly can block connections.

Google Compute Engine Instances can be created with or without an external IP address. Creating an instance without an external IP address offers high level security since the instance cannot be directly accessed from the outside. We can still connect to the instance internal ip address from the public but only via other methods that have access to the internal IP address of the instance. These methods include ‘connecting through a VPN connection that has access to the internal IP address’ or through a ‘Bastion Host’ instance as per the following documentation.

Ensure that the ‘Block project-wide SSH keys’ option is not enabled when you create the VM instance or the instance will ignore project-wide SSH keys as per the documentation

Share:
5,762

Related videos on Youtube

rjt
Author by

rjt

Updated on September 18, 2022

Comments

  • rjt
    rjt over 1 year

    The virtual machine instance is up and running and can get the serial port login: prompt, but cannot connect via ssh. What would google's reasoning be for this behavior?

    The VM instance does NOT have an external IP address by design.

    My google cloud shell instance does not have a 10.240.0.0/16 IP address that my VM instance has, so i assume that is why i cannot ssh via cloud shell. Why would an instance need internet access from within the webbrowser based Cloud Shell?
    ERROR: (gcloud.beta.compute.ssh) Instance [instance-centos7] in zone [us-zone-somewhere] does not have an external IP address, so you cannot SSH into it. To add an external IP address to the in stance, use [gcloud compute instances add-access-config].

    Have restarted the Cloud Shell instance in the hopes it would be rebuilt with the correct ip addresses.

    Project wide ssh keys are NOT blocked.

    In the web browser, all SSH options are disabled and greyed out.

    I can tail the serial port output to verify it stops and starts but not interact with it because i did not set a password.

    Over the years, i have had several virtual instances that did not have a public IP address, but was able to connect fine in order to secure the machine before allowing access from the internet.

    Based on the 10.240.0.0/16 ip subnet, it appears i have a legacy network.

    Wanted a virtual machine host base machine that does not have direct access to the internet but which LXC containers would get a public IP.

    • Admin
      Admin over 6 years
      From the menu you can choose NETWORKING > VPC network > VPC networks to see if you are using a legacy network or not. Look in the Mode column.
    • Admin
      Admin over 6 years
      Confirmed it has a legacy network.
    • Admin
      Admin over 6 years
      @kasperd Why would an instance need internet access from within the webbrowser based Cloud Shell? ERROR: (gcloud.beta.compute.ssh) Instance [instance-centos7] in zone [us-zone-somewhere] does not have an external IP address, so you cannot SSH into it. To add an external IP address to the in stance, use [gcloud compute instances add-access-config].
    • Admin
      Admin over 6 years
      Cloud Shell appears to be running in a different virtual network. So the connection would have to go out of that network and then into another virtual network. Doing that depends on having a public IP address.
    • Admin
      Admin over 6 years
      @kasperd, it did not used to be that way. Further, i can now connect to the serial port login from cloud shell without having a public IP address.
    • Admin
      Admin over 6 years
      I don't think using the serial port on a VM has ever required that VM to have an external IP address.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Google Cloud : Remove account form google-sudoers
Google Compute Engine SSH - different username after switching to OS Login
What does it mean if SSH hangs after `Connection Established`?
Unable to SSH Google Cloud Engine instance through gcloud & Putty from Windows 10
I can't connect to my VM on Google cloud
Google Compute Engine ssh: connect to host <IP> port 22: Operation timed out
Unable to connect Google Compute Engine instance via SSH in browser
Google Compute Engine: Trouble accessing internet from an instance without external IP
How to change SSH key on Google Cloud?
default ssh is not working from GCP Console and browser crashes or hang