1

I've setup a google compute VM, and can access phpmyadmin and the default index page. SSH works when I click the button on the website.

I am having issues remotly connecting to my server instance for any sort of management(ftp or sql)

I followed the firewall section here: https://cloud.google.com/solutions/mysql-remote-access

But I still can't connect.

My firewall is configured: enter image description here

And I have no idea how to get HTTPS working, But it can be a problem to take care of in the future when I fully switch my site over the compute engine. Since I can't switch my domain or current SSL certificates over yet.

EDIT: More information:

When I try to connect to SQL using client "Sequel Pro" it returns: enter image description here

With telnet: enter image description here

When I try connect to SFTP I get:

enter image description here

Could this be caused by me mistyping the password?

theshadow124
  • 661
  • 3
  • 8
  • 29
  • Can't believe I forgot to mention that in the body. I can't connect via ftp or sql on port 21 or 3306. – theshadow124 Nov 18 '15 at 05:45
  • what ftp server is running on your VM? – Kamran Nov 18 '15 at 05:48
  • I dont know exactly. It's a base install of the LAMP stack provided by google – theshadow124 Nov 18 '15 at 05:50
  • I just tried Sequel Pro on my Mac machine, its error output is not useful. On your Mac, open a terminal and try `telnet Your-MySQL-IP-Address 3306` and post the output. When posting remove your IP address from the output. – Kamran Nov 18 '15 at 06:54
  • For sftp, you need a valid key pair. Did you use a valid private key with your sftp client? – Kamran Nov 18 '15 at 06:56
  • No I do not have any keys setup in my sftp client, is there a way to export the keys off the dev console? or can I make any key and just tell my client to use it? Ill post the output of the telnet above – theshadow124 Nov 18 '15 at 07:00
  • Install gcloud tool on your Mac: https://cloud.google.com/sdk/#nix , use `gcloud auth login` command to authenticate with your project, use `gcloud compute ssh VM-Name` to generate a key pair. The keys will be stored in `~/.ssh/` path. Use the `google_compute_engine` which is private key with sftp client. You may need to convert the key depends on client you're using. Take a look at article that I posted before. – Kamran Nov 18 '15 at 07:10
  • The error message of the telnet command shows firewall rule for connecting to MySQL is good but privilege is not properly granted in MySQL server. – Kamran Nov 18 '15 at 07:14
  • Ill try to re-configure SQL for remote again, When I try to ssh using "cloud compute ssh " i get the error: ERROR: (gcloud.compute.ssh) Could not fetch instance: - Invalid value for project: – theshadow124 Nov 18 '15 at 07:21
  • is `bind-address= 127.0.0.1` in your /etc/mysql/my.cnf file? – Kamran Nov 18 '15 at 07:21
  • yes it is(can't write short comment) – theshadow124 Nov 18 '15 at 07:24
  • use this command to fix the configured project name: `gcloud config set project Your-Project-ID` – Kamran Nov 18 '15 at 07:24
  • `bind-address= 127.0.0.1` means it only accepts connection from local network interface. change it to `bind-address= 0.0.0.0` and you should be able connect to it remotely. After edit, you will need to restart the service: `sudo service mysql restart` – Kamran Nov 18 '15 at 07:26
  • wow, great everything is working now! Thanks a lot! Ill transfer my domain and get SSL working a different day, its already 2am here. – theshadow124 Nov 18 '15 at 07:34
  • Thanks for being up this late :) – theshadow124 Nov 18 '15 at 07:35
  • If your still up, I have one more question, how can I SFTP directly to the /var/www/html directory? Also... when i connect with the default user i can't transfer to this directory. Not very surprising but i can't seem to connect as www-data either – theshadow124 Nov 18 '15 at 08:02
  • ill just add my user to the www-data group for now – theshadow124 Nov 18 '15 at 08:11
  • Add your user as a member of `www-data` group using `useradd -G group-name username` command. Add `/var/www/html` to your sftp destination path. – Kamran Nov 18 '15 at 08:14
  • since the user already exists i ran "user mod -G www-data *user*" and it still doesn't work. – theshadow124 Nov 18 '15 at 08:16
  • It works on my side. Try to create a symbolic link in your home: `ln -s /var/www/html /home/yourusername/` – Kamran Nov 18 '15 at 08:35
  • same result, access denied when i try to write anything. Whats really strange is when i try "Groups *My_user*" it shows i am a member – theshadow124 Nov 18 '15 at 08:39
  • Make sure your SSH session is using the same user as SFTP. Otherwise, you're dealing with three usernames (including root when you using sudo). – Kamran Nov 18 '15 at 08:41
  • they are both the same. ill check if i can edit the index.html using nano – theshadow124 Nov 18 '15 at 08:43
  • gives the same error, permission denied. – theshadow124 Nov 18 '15 at 08:46
  • `sudo chmod -R 775 /var/www/html` – Kamran Nov 18 '15 at 09:08
  • odd, refreshing the permissions fixed it. Thanks a lot. Ill load my entire site up and test it now. – theshadow124 Nov 18 '15 at 18:02

1 Answers1

2

Your firewall settings show that you allowed external traffic to both ports 21 and 3306 for TCP protocol. This is good but not enough.

In order to allow remote connections to MySQL, you will need to grant remote access to your username and your external IP address. Take a look at this case for an example. This is also mentioned in step 6 and step 7 of Configure MySQL server on my-server section of the article you specified: 

mysql> GRANT ALL PRIVILEGES ON *.* TO 'TESTUSER'@'<external-ip-my-client>' IDENTIFIED BY '<some-password>';

About the ftp server, the VM instance comes with no ftp service installed, but instead you can use SFTP protocol to connect to it which is more secure than FTP protocol and is highly recommended. Use gcloud compute config-ssh to generate SFTP/SSH key pair. For more information visit Setting up secure FTP on Google Compute Engine artcile.

Community
  • 1
  • 1
Kamran
  • 3,397
  • 26
  • 40
  • I ran that command on the SSH connection, returned no errors. I still can't connect on port 3306 at all. Ill try SFTP, but how can I get the keys when google wants you to let their system automatically handle keys? – theshadow124 Nov 18 '15 at 06:14
  • what command do you use to connect and what error do you get? – Kamran Nov 18 '15 at 06:17
  • Ill post more information in a edit on my OP. instead of comments here give me a sec – theshadow124 Nov 18 '15 at 06:18
  • 1
    We're having a similar issue at work, and no matter what we do we can't seem to get this to work. Any help would be greatly appreciated, @Kamran et al. More detail in [this Q](http://stackoverflow.com/questions/42117446/remotely-connect-to-mysql-on-google-compute-engine-vm). – Fred Rocha Feb 10 '17 at 15:28