This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

SSH not working on Google Cloud VM (UFW BLOCK, Guest Agent Issues)

Posted on 03-17-2025 10:32 AM
Jahi
New Member
Reply posted on --/--/---- --:-- AM

I am unable to access my Google Cloud VM via SSH. When I try to connect, I get a "Connection Failed" error stating that SSH on port 22 is not accessible. I have already checked the firewall rules, ensured SSH is allowed, and restarted the SSH service, but the issue persists. The UFW logs show "BLOCK" messages, and the Google guest agent is failing to update SSH keys. I also tried mounting the disk on another VM to manually update the keys, but I still cannot connect. How can I regain SSH access to my VM?

1 2 193
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
DarwinVinoth
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Have you tried to access the Compute engine through serial console? 

Thanks, 
Darwin Vinoth.
Linkedin 

0 Likes

Posted on --/--/---- --:-- AM
nmagcalengjr
Staff
Reply posted on --/--/---- --:-- AM

Hi @Jahi,

Welcome to Google Cloud Community! 

Here is a basic step-by-step troubleshooting guide on how you can recover SSH access:

  1. Use the Google Cloud Serial Console to access the instance since SSH is inaccessible.
  • To enable the Serial Console, go to Compute Engine, select your VM under VM instances, and click on Serial Console.
  1. Disable UFW to Restore Access if the UFW logs indicate "BLOCK," as it might be blocking the SSH connections.
  • Temporarily Disable UFW by running this from the serial console:

sudo ufw disable

sudo systemctl restart ssh

  • Then try reconnecting via SSH.
  • Manually Allow SSH via UFW if you want to keep UFW enabled:

sudo ufw allow OpenSSH

sudo ufw allow 22/tcp

sudo ufw reload

  • Then restart SSH:

sudo systemctl restart ssh

  1. Verify and Restart the Google Cloud Guest Agent, as it manages SSH key injection for the instance.
  • Check if the Guest Agent is Running

sudo systemctl status google-guest-agent

  • If it's not running, restart it:

sudo systemctl restart google-guest-agent

  1. Manually Add SSH Key if the guest agent fails to inject SSH keys, to regain access.
  • Generate a new SSH key on your local machine:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/gce_key -C "your-email@example.com"

  • Copy the public key from ~/.ssh/gce_key.pub.
  • On the VM’s serial console, add it to the authorized keys:

echo "ssh-rsa AAAAB3..." | sudo tee -a /home/YOUR_USERNAME/.ssh/authorized_keys

sudo chmod 600 /home/YOUR_USERNAME/.ssh/authorized_keys

sudo chown YOUR_USERNAME:YOUR_USERNAME /home/YOUR_USERNAME/.ssh/authorized_keys

  • Restart SSH:

sudo systemctl restart ssh

  • Now try SSH using:

ssh -i ~/.ssh/gce_key YOUR_USERNAME@YOUR_VM_IP

  1. If you still can't connect, review the SSH logs for errors related to authentication, permissions, or denied connections.

sudo journalctl -u ssh --no-pager | tail -n 50

If you need further assistance, you can reach out to Google Cloud Support at any time.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

Top Labels in this Space
Top Solution Authors
View all