We have the same issue, and in our case, the troubleshooting tool hangs. The "VM status" and "User permissions" checks return "OK"  quickly, but the "Network status" check never returns - not even a timeout error.  We have made no changes since the last successful access a few weeks ago, except to add a person to the team, and now access fails for everyone.

How can we verify that the transfer mechanism is working correctly?  It could be failing to transfer the metadata, or it could be storing them on the VM instance with the wrong permissions (in general, not restrictive enough, which will cause the sshd server to ignore the information.) 

This second possibility seems likely, as 3rd party tools (PuTTY, MobaXterm, ssh client on Ubuntu box) all fail with "permission denied (public key)". (This was after setting up a ssh key in the metadata as per the instructions for enabling 3rd party tools.) 

Have there been any changes to firewall rules recently?

In both cases it indicates it is using IAP, do you have the right firewall rule for IAP? see: https://cloud.google.com/iap/docs/using-tcp-forwarding#create-firewall-rule

yes, I have gone through these and set them up per the instructions.  The SSH-in-browser has always been working with the default firewall rules.  Something changed as of May 31 with SSH-in-browser.

Do you have a default allow ssh rule?  If not, do you have a rule that allows access to SSH from the IAP range, see: https://cloud.google.com/iap/docs/using-tcp-forwarding#create-firewall-rule 

This issue recently started affecting me as well. (I'm getting the same "Code: 1006" error.) The default allow ssh rule is in place for my network. SSH via IAP tunneling is working for some of my VMs, but not for others. The only difference I can see between the VMs for which it's not working and the VMs for which it is working is that the not-working VMs are members of backend groups (connected to a backend load balancer). I can't think of any reason that that would contribute to this issue, but I figured I'd mention it.

When I do 

gcloud compute ssh <vm-name> --troubleshoot --tunnel-through-iap

I see "Network Connectivity Test Result: REACHABLE"; the report mentions that it was able to deliver a packet to destination port 22, and it mentions the firewall rule that allowed it. Nevertheless, I am not able to ssh to the machine via SSH-in-browser nor gcloud command.

Do you have any ideas of where I could look next to diagnose this issue? 

I had the same problem yesterday. The solution was to create an Image with the latest VM Snapshot and then I had to delete the VM and create it again with this Image. It was the only way that I found to make it work.

I had created new VM and also could not get into via browser ssh. So boot disk can't be full. 

I have the same problem. I tried the solution suggestions above. Result is zero. But your solution might solve my problem too i thing. But i don't know how to use terminal and how to manage my server via terminal. Can you help me please? 

Your solution worked for me. I login to vm using serial port and run this command 

ufw allow ssh

after that, I can access by browser ssh