Search code examples
sshgoogle-cloud-platformssh-keysgcloud

gcloud compute ssh refuses connection (return code 255)

I cannot get ssh access into the vm instance created by Google Cloud command line tool (gcloud).

Symptom:

sudo gcloud compute ssh myuser@ubuntu
ssh: connect to host 104.155.16.104 port 22: Connection refused
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].

What I did:

1: Verify that firewall is open on port 22

gcloud compute firewall-rules list

returned

NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
allow-rstudio           default  0.0.0.0/0     tcp:8787                                allow-rstudio
default-allow-http      default  0.0.0.0/0     tcp:80                                  http-server
default-allow-https     default  0.0.0.0/0     tcp:443                                 
https-server
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22

2: Renew public key 

ssh-keygen -t rsa -f ~/.ssh/google_compute_engine -C myuser

3: Update metadata with new public key

sudo gcloud compute ssh myuser@ubuntu
Updating project ssh metadata...
Updating project ssh metadata...done.                                                                                                                                     
Waiting for SSH key to propagate.

Then, still the same error message:

ssh: connect to host 35.187.38.82 port 22: Connection refused
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].

I should add that I could access ssh until today, and of course, I did authentication before with gcloud auth login

SSH from the Google Cloud web interface works! What is different there? Would be grateful for any help!!

Solution

  • After a long search, I finally found the underlying reason for this tricky problem. I hope that this will help some people in desperation...

    The reason you may get your ssh connection refused is that accidentally, the internal routing for external ip requests was deleted. You can check this by:

    gcloud compute routes list

    If this does not return a list including the following entry:

    default-internet       default     0.0.0.0/0       default-internet-gateway 1000

    Then you must re-create this entry by:

    gcloud compute routes create default-internet \
--destination-range 0.0.0.0/0 \
--next-hop-gateway default-internet-gateway