Hello Lenna, As explained in the 'Troubleshooting SSH <https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh>' guide, you need to try access the instance via its serial console <https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#enable_project_access>. You can enable the interactive serial console access either at the project level or for a particular VM.
Once you are able to access the instance via serial console, you should be able to change the /etc/hosts.deny file of the VM. However, sometimes when you tried to access the instance via serial console <https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#connectserialconsole>, a login prompt may appear. In that scenario, you need to set-up a local user name and password either by using this guide <https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#setting_up_a_local_password> or following the below mentioned steps: 1. In the GCP menu go to compute engine and click your instance name. 2. There, click the pencil at the top bar to edit the instance. 3. At the beginning, just down your instance name is check box which says “Enable connecting to serial ports” please enable it. 4. After that, go down to “custom metadata” there add in the “key” textbox this “startup-script” and into the “value” field add next: #! /bin/bash useradd -G sudo USERNAME echo 'USERNAME:PASSWORD' | chpasswd Please change the values in capital letters for a user name which you like to use, and the password for this user, keep in mind that linux is case sensitive and further you will be prompted to write user and password as was set here. 5. Click save button at the bottom of the page. 6. In the left panel click Metadata. (Here(steps 6-10) I am enabling the interactive serial access at the Project level. If you would like to enable it only for a particular instance, please follow this guide <https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#enable_instance_access> ) 7. There click edit button which is under “Metadata” name section. 8. Click “+Add item”. 9. In “key” field write “serial-port-enable” and in the “value” field write TRUE 10. Click save. 11. Reboot your instance. 12. Once your instance get ready click your instance name. 13. Under “details” you will see two buttons, click the button which says “Connect to serial console” 14. In the new window click enter to enable the console. 15 Enter the user name and password which you set in the startup-script(step number:4),if a login prompt comes. 16 Navigate to necessary files and make necessary changes. You might need to disable the lines 'ALL : 192.168.100.1' & 'ALL : ALL' in /etc/hosts.allow & '/etc/hosts.deny' 17 Do a Instance restart again, and then try to access the via any of mentioned methods <https://cloud.google.com/compute/docs/instances/connecting-to-instance>. If the above mentioned steps didn't help to gain access to your GCE VM, then the next best step is to save the data from the old VM. To achieve that you need to create a snapshot of the old VM(problematic) and then attach the snapshot as a secondary disk to a working VM. A detailed explanation on how to save files from the old problematic VM is provided in *this Stackoverflow.com thread* <https://stackoverflow.com/questions/53527063/how-do-i-get-files-from-gcp-vm/53542425#53542425> . I hope this helps. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/8769aea0-33a0-42ff-ac27-c54ca2f2d575o%40googlegroups.com.
