Google compute - SSH - port 22 blocked by ufw
Well, I was doing some server setup reading this article and ran the following commands -
sudo apt-get install ufw
sudo ufw enable
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
This basically closed all other ports and now SSH is not working at all. From the browser or from osx terminal.
I have connected via serial login and can see ufw blocking connections -
[ 1292.322021] [UFW BLOCK] IN=eth0 OUT= MAC=... SRC=00.00.00.00 DST=10.142.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=7906 PROTO=TCP SPT=58028 DPT=22 WINDOW=60720 RES=0x00 SYN URGP=0
Is there any way to ssh now as I am unable to access the machine at all.
By Default, all ports are blocked other than port 22 to allow you to ssh to the VM instance. You also have the option to open port 80 and/or 443. You can see which ports are open by default by checking the Firewall rules within the Cloud Console. I am mentioning this to inform you that you do not need to install ufw in the future.
You will have to provide a startup script to the VM instance to enable SSH. You can just create a simple bash script with either command listed below.
$ufw allow ssh
or
ufw allow 22
You do not have to use the sudo prefix since the startup script runs as root already.
Just complimenting the accepted answer.
Some are asking how you can include a start-up script on a VM that you can't even SSH into. You can accomplish this by:
- Navigate to the GCP Console under your VM instance
- Stop your VM Instance
- Click Edit
-
Under custom meta-data, add the key
startup-script
and the value:#! /bin/bash sudo ufw allow 22
Hope this clears some of the confusion :)