2

I have a VM on GCP that was previously only accessible by my ssh key. I broke some networking and now the VM has no internet access. I can get to the serial console, but since I had not setup a password, I cannot login with a user/pass there. So it appears that if I could add a password for a current user via metadata, I could use the serial console to login and fix the box. Is this correct, what are my options here?

Can I ssh in to the internal IP, here's the serial console log?

    Jan 27 12:24:48 unifi dhclient[606]: DHCPREQUEST of 10.142.0.3 on eth0 to 169.254.169.254 port 67
    Jan 27 12:24:48 unifi dhclient[606]: send_packet: Destination address required
    Jan 27 12:24:48 unifi dhclient[606]: dhclient.c:2612: Failed to send 300 byte long packet over fallback interface.

Debian GNU/Linux 9 unifi ttyS0

unifi login: Jan 27 12:26:20
Strykar
  • 21
  • 1

1 Answers1

2

ssh in only works your instance is accessible via IP. Without that you need out of band logins to get network access back.

Serial console does not have a fancy GCP metadata integrated auth stack like sshd + PAM. Also, GCP metadata service doesn't transfer Linux passwords as far as I know.

Connect to the serial console per documentation. Get in and reset passwords in the usual ways you would at a console. Such as booting to single user mode. Possibly mount the disk to a different VM to rescue it.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32