Unable to SSH into VM instance on Google Cloud Platform

0
votes

I have created a firewall rule in VPC network for port 22 by assigning an IP with the port e.g (192.168.xx.yy) instead of 0.0.0.0/0 in the rules. Now, when I create a compute engine VM instance in Google Cloud Platform and SSH into it, it states that "cannot connect to port 22".

I don't want the port tcp:22 to have ip range 0.0.0.0/0 but only have a single ip as stated above? How can I solve this issue?

2
networkingsshgoogle-cloud-platformgoogle-compute-engine
Did you try to connect from 192.168.xx.yy ?Ahmed Abdelazim
I simply created a rule in firewall rules then created the instance and press the ssh button next to created instance to open it.Saad Tahir
this rule is blocking you. you have to remove or create an instance with IP 192.168.xx.yy so you can connect using that instanceAhmed Abdelazim

2 Answers

0
votes

The 192.168.x.x is an internal IP address, and in your situation would apply to a VM instance within the same network as the instance you want to connect to.

If you want to connect from outside that network, you'll need to set the source of the firewall rule to the external IP of the instance/machine you want to connect from. You can get your external IP by going to https://whatismyipaddress.com for example.

The firewall rule setting would be something like this:

Direction of traffic: Ingress

Action on match: Allow

Targets: Specified target tags (for example)

Source filter: IP ranges

Source IP ranges: x.x.x.x/32 (your external IP)

0
votes

If you would not like to have your GCE instance's port 22 open to internet, but you would like to connect to it, I propose you 2 different solutions:

  • Create a bastion host. This VM is a proxy to access to your GCE instances. You log into the bastion and then you can perform a ssh hop to your GCE instance. Only the bastion host is opened to internet on port 22. And you can start this Bastion VM only when you need to connect to your others GCE instances, that increase the security and decrease the risk of attack on this "backdoor" instance.
  • For both the bastion and for directly reaching your VM on port 22, you can limit the source IP of your firewall rule to your current IP.

But remember, the IP is not a source of truth.