Can't SSH into my Instance : Connection via Cloud Identity-Aware Proxy Failed

ssh google-cloud-platform

I'm encountering a problem whenever I'm trying to use the Web-SSH-Tool on GCP. I haven't changed anything, it literally happened over night.
I've tired playing with the Firewall Rules,even added a new one, I've also restarted the instance, and done a reset - all to no avail.

This is the error message I get:

Connection via Cloud Identity-Aware Proxy Failed Code: 4010 Reason: destination read failed You may be able to connect without using the Cloud Identity-Aware Proxy.

Can anyone help me with that ?

Thanks


POSSIBLE CASE 1: You have enabled ufw without proper permissions(I did in my earlier days)

If yes you need to add a startup-script in the instance by adding a metadata(by editing the instance) with key startup-script and value

#! /bin/bash
sudo ufw disable

and now when you hard-reset(reset using the reset button in gcp) your VPS it should be ok. and then when its ok you may remove the metadata.

POSSIBLE CASE 2: You have disabled the default-ssh in gcp vpc firewall

If this is the case, still need not worry, simply add a rule and allow port 22 and if you have trouble adding it then simply add tcp port 22 to a existing firewall rule created by default by GCP.

POSSIBLE CASE 3: You have done some changes in IAM that you lost access to gce.

Warning: If you have not touched IAM , Donot edit the IAM unless you really know what you are doing, else unexpected things may occur.

Make Sure you have your email in IAM with role as owner

Hope it helped.

Last Not-so-magical Technique (Dirty Fix):

Warning: If you tried all the above and also tried your best to fix it by your own, but in case if nothing works then only do this.

Create a new PROJECT in gcp and there you need to link the billing account and start over again fresh and everything will be fine.

I know this one is a horrible fix, and thats true , if nothing works and you start to feel you are having a lot of time wasted then only you should consider this fix.


Manav's answer is pretty broad and precise, and I'll just add some information in case you are running long/compute-heavy processes in a VM instance; If that's your use case, try using nohup and setting your processes as a background one. Say you're running a bash script, then you'd do

nohup yourScript.sh &

You can sleep tight and let your routines running for days without interruption - just watch out for charges :-)

Related

When trying to loing to horizon I get: client denied by server configuration: /usr/bin/keystone-wsgi-public
Can't ping between interfaces on one device on the same network
Tesla K80 not showing up in HP DL580 G7
mkisofs - Floppy Image to Disk Image
StrongSwan clients fail to connect, Constraint checking failure
Debian: On same NIC, bridge plus distinct IP address, with different MACs
How to encode Pre-Shared Key (PSK) of and L2TP IPSEC connection managed by Network-Manager
How to make some programs closed by only Administrator in AD GPO
GCE stackdriver logging agent (fluentd) memory leak with COS
ADDITIONAL section - what kind of records can we find here?
Azure webapp: Site-to-Site VPN not working when used with webapp
Why task "promote this server to a domain controller" shows despite the server being already added to a domain?