Unable to connect to GCE instance via ssh after removing 0.0.0.0/0 rule from the FW

Quick way to debug the problem try ssh from the CLI , from an authorized IP, if you are getting response like the below, then the FW rule is working.

Koreshs-iMac-2:~ omid$ ssh 35.223.117.66

The authenticity of host '35.223.117.66 (35.223.117.66)' can't be established.
ECDSA key fingerprint is SHA256:FIhYUjgJp+b+F7zuadEg4h7UXWSAzdYpyHVsu8OUg8A.
Are you sure you want to continue connecting (yes/no)?

If not – then you have several other reasons for these to fail. [1]

If you are trying to connect via SSH using the GCE console gui and it is not working then you are not using your IP, in this case you are getting a dynamic IP on Google IP ranges and the firewall rule haven’t these sources. On

Read these:

[1] https://cloud.google.com/compute/docs/ssh-in-browser#ssherror
[2] https://support.google.com/a/answer/60764

good step by step manual get the public IP ranges of google :

based on this blog:

nslookup -q=TXT _netblocks.google.com 8.8.8.8
nslookup -q=TXT _netblocks2.google.com 8.8.8.8
nslookup -q=TXT _netblocks3.google.com 8.8.8.8

and then based on the results of each command run something like:

nslookup -q=TXT _netblocks.google.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
_netblocks.google.com text = "v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"

 how can connect via ssh from my ip on the terminal? instead of using the gui

Using your terminal, in this document you find information about how to do this [4] [5]. With first document you provide and configure the public key and in the second document you find an explanation about how to connect using SSH command.

Good reads:

[4] https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey
[5] https://cloud.google.com/compute/docs/instances/connecting-advanced#thirdpartytools


——————————————————————————————————————————

I put a lot of thoughts into these blogs, so I could share the information in a clear and useful way. If you have any comments, thoughts, questions, or you need someone to consult with, feel free to contact me:

 

Contact me at-