Problems connecting one GCE instance to another via SSH

1
votes

I am attempting to connect (via SSH) one GCE VM instance to another GCE VM instance (which will be referred to as Machine 1 and Machine 2 from now one).

So far I have generated (via ssh-keygen -t rsa -f ~/.ssh/ssh_key) a public and private key on Machine 1, and have added the contents of ssh_key.pub to the ~/.ssh/authorized_keys file on Machine 2.

However, whenever I try to connect them via ssh using the following command: gcloud compute ssh --project [PROJECT_ID] --zone [ZONE] [Machine_2_Name] it simply times out (Connection timed out. ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].)

I have doubled checked that each VM instance has plenty of disk space, and their firewall settings are permissive, and OS Login is not enabled. I have read through the answer here but nothing is working.

What am I doing wrong? How do I properly SSH from one GCE VM instance to another?

2
sshgoogle-cloud-platformvirtual-machinegoogle-compute-engine
Your error message means that nobody is listening on machine 2. Double check on machine 2 that sshd is running and listening on port 22: superuser.com/questions/529830/…. Also try adding the command line option --tunnel-through-iap to bypass networking issues. Your changes to authorized_keys might have broken ssh.John Hanley
@JohnHanley after running netstat -lntu i see that "tcp6 - 0 - 0 :::22 :::* LISTEN" , so seems like port 22 is listening. After adding --tunnel-through-iap I get the error " Error while connecting [4033: u'not authorized']"manesioz
That is your problem. The account that you are using with gcloud does not have IAM permission to login to compute engine. cloud.google.com/compute/docs/access/iamJohn Hanley
Ok thanks, I will contact my sys-admin and resolve this. If it still does not work I'll reply. I appreciate your help!manesioz

2 Answers

2
votes

The problem I was having was that each VM was using a different network/sub-network with different firewall configurations. After making one using the same network/sub-network, I was able to easily ssh into one from the other via

username@machine1:~$ ssh machine2

0
votes

I tested the same scenario on my side and I got the same result as you said. Then I ran this command inside the machine to debug the SSH process to try to narrow down the issue:

gcloud compute ssh YOUR_INSTANCE_NAME --zone ZONE --ssh-flag="-vvv"

Then I got this result:

debug1: connect to address 35.x.x.x port 22: Connection timed out
ssh: connect to host 35.x.x.x port 22: Connection timed out

So, means the instance 1 is unable to connect to the external IP address of instance 2. I only added a new firewall rule and it works.

After running above mentioned command, if you see any permission denied message, it means you did not copy the public key to the source machine properly.