Unable to connect to GCE instance via ssh after removing rule from the FW

Quick way to debug the problem try ssh from the CLI , from an authorized IP, if you are getting response like the below, then the FW rule is working.

Koreshs-iMac-2:~ omid$ ssh

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:FIhYUjgJp+b+F7zuadEg4h7UXWSAzdYpyHVsu8OUg8A.
Are you sure you want to continue connecting (yes/no)?

If not – then you have several other reasons for these to fail. [1]

If you are trying to connect via SSH using the GCE console gui and it is not working then you are not using your IP, in this case you are getting a dynamic IP on Google IP ranges and the firewall rule haven’t these sources. On

Read these:

[1] https://cloud.google.com/compute/docs/ssh-in-browser#ssherror
[2] https://support.google.com/a/answer/60764

good step by step manual get the public IP ranges of google :

based on this blog:

nslookup -q=TXT _netblocks.google.com
nslookup -q=TXT _netblocks2.google.com
nslookup -q=TXT _netblocks3.google.com

and then based on the results of each command run something like:

nslookup -q=TXT _netblocks.google.com
Non-authoritative answer:
_netblocks.google.com text = "v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ~all"

 how can connect via ssh from my ip on the terminal? instead of using the gui

Using your terminal, in this document you find information about how to do this [4] [5]. With first document you provide and configure the public key and in the second document you find an explanation about how to connect using SSH command.

Good reads:

[4] https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey
[5] https://cloud.google.com/compute/docs/instances/connecting-advanced#thirdpartytools


I put a lot of thoughts into these blogs, so I could share the information in a clear and useful way. If you have any comments, thoughts, questions, or you need someone to consult with, feel free to contact me:


Contact me at-