3

I've been connecting to a Google Cloud VM instance via gcloud ssh from my macOS:

$ gcloud compute ssh [username]@[instance]

Starting from a week ago, the connection will just drop after ~60 seconds of idle connection and returns:

Connection to [my_external_ip] closed by remote host.
Connection to [my_external_ip] closed.
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].

I configured the TCP keepalive time to 30 seconds on both my macbook and the VM. But that did not solve the problem.

Any idea how do I extend the connection duration?

harvey_qiu
  • 31
  • 4

1 Answers1

0

This is unlikely an issue with your timeout setting, but more likely an issue with your firewall rules or routes.

Firstly I would suggest checking your firewall rules and ensure you have an ingress firewall rule opening port 22. If you have, check the configuration of this rule, in particular:

  • Check the IP range in 'Source filters'. Does the range include the IP address of your home computer? For testing purposes, to ensure it does, you could temporarily set this to 0.0.0.0/0 to include all IP addresses.

  • Check the 'Targets' drop-down. Is this set to apply to 'All instances in the network' or is it set to 'Specified target tags'? If you have set it to 'Specified target tags', make sure that the same tag is added to the 'Network tags' section of the instance, otherwise the firewall rule will not apply to the instance and allow SSH traffic.

  • Ensure this rule has a higher priority than any other rules that could counteract it (when I say higher priority I mean lower number, for example, a a rule with a priority of 1000 is a higher priority than a rule with a priority of 20000).

If the above doesn't resolve the issue, run the following command to check the routes:

gcloud compute routes list

Ensure there is an entry which contains the following:

 default          0.0.0.0/0       default-internet-gateway

EDIT

If you are able to sometimes SSH into the instance but then the connection drops, there may be some useful information in the logs, or the serial console.

You can access the serial console by clicking on the instance name in the GCP Console, then clicking on "Serial port 1 ". When you SSH into the instance, information about the SSH session populates the serial console output (this can be refreshed by hitting the 'Refresh' at the top of the page.) Information about the session ending also populates the serial console. There may be some useful information/clues about why the session ends in this output.

It might also be worth checking the status of SSH daemon on the instance and giving it a restart to see if that makes a difference:

Check status of sshd:

systemctl status sshd

Restart sshd: 

sudo systemctl restart sshd
neilH
  • 3,320
  • 1
  • 17
  • 38
  • I'm not having problems connecting to the instance. My problem is that I can't stay connected for more than 60secs via SSH. I checked everything you suggested and they are all good. Any idea why I can't stay connected? – harvey_qiu Mar 14 '18 at 02:43
  • I've added some additional information to my answer, feel free to attach any serial console output/logs related to ssh to your question and I'll take a look (ensure you don't disclose any sensitive information). – neilH Mar 15 '18 at 08:29
  • Thanks for your answer. The connection somehow stabilised now so I can't find anything buggy in the serial port log. But thanks for your help! – harvey_qiu Mar 20 '18 at 11:35