Getting locked out of Google Compute Engine Instance

Question

So I've read through quite a few posts related to my similar issue. I've followed the explanations with no success. No matter what user I log in as, I receive "Permission denied (publickey).".

I've even attempted to create a new Google RSA key pair on my workstation. When I created that, I receive the standard message: "INFO: Updated project with new ssh key. It can take some time for the instance to pick up the key. INFO: Waiting 10 seconds before attempting to connect."

Any thoughts how I can get back into my server?

Answer 1

We have created a startup script to self-manage and troubleshoot ssh connectivity issues https://github.com/GoogleCloudPlatform/compute-ssh-diagnostic-sh/

what you describe is easiest to resolve by destroying the instance with deleteinstance --nodelete_boot_pd bring up a brand new instance from a stock image, attach your original disk as a second disk to the new instance, inspect and fix any issues with your configuration on the disk, destroy the new instance and disk, recreate your original instance with the original disk

Answer 2

Check if your instance has instance-specific sshKeys metadata using "gcutil getinstance " and looking for an sshKeys entry under the metadata section. If the instance has an sshKeys entry, you can try adding your new key to it using the custom instance metadata command of "gcutil setinstancemetadata --metadata=sshKeys: --fingerprint=", using the ssh key syntax for mapping a key to a user in GCE.

Alternatively, given that gcutil added your new ssh key to the project-level metadata, you could try deleting the instance-level sshKeys metadata altogether and see if it reverts to using the project-level sshKeys metadata.