Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to deativate UFW from outside the VM on Google Cloud Compute Instance

Tags:

google-compute-engine

google-cloud-platform

I accidentaly enabled the UFW on my Google Cloud Compute debian instance and unfortunately port 22 is blocked now. I've tried every way to go inside the VM but i can't...

I'm trying to access trhougth the serial port but it's asking me for user and password that was never set.

Does anyone have any idea what can I do?

If I could 'edit' the files on disk, it would be possible to change firewall rules and disable it. Already thought on mounting the VM disk on another instance but Google doesn't allow to "hot detach" it.

Also tried to create another VM from a snapshot of VM disk, but of course, the new instance came with the same problem.

Lots of important files inside and can't go in...

like image 958
Diogo Hartmann Avatar asked Jan 28 '23 05:01

Diogo Hartmann

1 Answers

This is the classical example when you close yourself outside of the house with the key inside.

There are several ways to get back inside a virtual machine when the ssh is not currently working in Google Cloud Platform, from my point of view the easiest is to make use of the startup script.

You can use them to run a script as Root when your machine starts, in this way you can basically change the configuration without accessing the virtual machine.

Therefore you can:

  • simply launch some command in order to deactivate UFW and then access again the machine

  • if it is not enough and you rally need to access to fix the configuration, you can set up username and password for the root user making use of the startup script and then accessing through the serial console therefore without ssh (basically it is like you had your keyboard directly connected to the hardware). Note as soon you access the instance remove or at least change the password you have just used was visible to the people having access to the project. A safer way is to write down the password in on a private file on a bucket and download it on the instance with the startup script.

Note that you can redirect the output of command to a file and then upload the file to a bucket if you need to debug the script, read the content of a file, understanding what is going on, etc.

like image 73
GalloCedrone Avatar answered Feb 13 '23 07:02

GalloCedrone
Sign in to Comment

Related questions

Google Cloud Dataproc - Spark and Hadoop Version
What are BigQuery audit logs supposed to produce?
If number of replicas in a deployment is 1, and the deployment is bad, the deployment happens anyway, can i change this behaviour?
Hosting Vapor Swift App on Google Cloud Platform
How to push container to Google Container Registry (unable to create repository)
Unable to read csv file uploaded on google cloud storage bucket
Proguard configuration for Big query
Google PubSub : How to customize distribution of messages to consumers?
What is the difference between gcloud alpha commands and gcloud beta commands?
Google cloud functions cannot deploy
Allow user to write access to gcp dataflow project
How to handle backpressure using google cloud functions
Support for openApi 3 in Google Cloud Endpoints [closed]
insufficient regional quota to satisfy request: resource "IN_USE_ADDRESSES"
Google Cloud Run Authentication Service-to-Service

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!