Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to deativate UFW from outside the VM on Google Cloud Compute Instance

I accidentaly enabled the UFW on my Google Cloud Compute debian instance and unfortunately port 22 is blocked now. I've tried every way to go inside the VM but i can't...

I'm trying to access trhougth the serial port but it's asking me for user and password that was never set.

Does anyone have any idea what can I do?

If I could 'edit' the files on disk, it would be possible to change firewall rules and disable it. Already thought on mounting the VM disk on another instance but Google doesn't allow to "hot detach" it.

Also tried to create another VM from a snapshot of VM disk, but of course, the new instance came with the same problem.

Lots of important files inside and can't go in...

like image 958
Diogo Hartmann Avatar asked Jan 28 '23 05:01

Diogo Hartmann


1 Answers

This is the classical example when you close yourself outside of the house with the key inside.

There are several ways to get back inside a virtual machine when the ssh is not currently working in Google Cloud Platform, from my point of view the easiest is to make use of the startup script.

You can use them to run a script as Root when your machine starts, in this way you can basically change the configuration without accessing the virtual machine.

Therefore you can:

  • simply launch some command in order to deactivate UFW and then access again the machine

  • if it is not enough and you rally need to access to fix the configuration, you can set up username and password for the root user making use of the startup script and then accessing through the serial console therefore without ssh (basically it is like you had your keyboard directly connected to the hardware). Note as soon you access the instance remove or at least change the password you have just used was visible to the people having access to the project. A safer way is to write down the password in on a private file on a bucket and download it on the instance with the startup script.

Note that you can redirect the output of command to a file and then upload the file to a bucket if you need to debug the script, read the content of a file, understanding what is going on, etc.

like image 73
GalloCedrone Avatar answered Feb 13 '23 07:02

GalloCedrone