Reputation: 3826
Google Cloud - accessing Linux VM via private key
I have created a linux VM in Google cloud, and right now I am trying to access the VM through SSH.
I am able to SSH to the server, if I am loged-in to the console via the interface, However I am trying to generate a portable private key file (pem) which I can use it to remote to the server from anywhere.
I can achieve this easily on AWS, or Azure during the VM creation, but this doesn't seem to be the case on GC.
Upvotes: 3
Views: 4578
Answers (5)
Reputation: 1437
I found this answer and just wanted to update on what works for me
With gcloud client installed on your machine (whichever machine you wish to connect to the VM with).
Authenticate your service using your project JSON key
gcloud auth activate-service-account --key-file=[keyfile_for_project].jsonCreate
sshkey pairs on the local machine
$(which ssh-keygen) -t rsa -C "[email protected]"- Add the public key you just created in
id_rsa.pubto your VM's metadata (great screenshots of this included by Mohit Kumar's answer)
cat $PWD/id_rsa.pub(paste this output into the SSH key metadata) sshto the VM instance using the private key you just created inid_rsa
ssh -v -i id_rsa [user]@[external_ip]
If you want to make this portable, simply carry that private key (id_rsa) public key (id_rsa.pub) pair around with you
Upvotes: 1
Reputation: 2502
I understand what you mean, but google do it in a bit more automatically.
In any local computer, first get a service-account json with right access.
Authorized the gcloud by,
gcloud auth activate-service-account --key-file=KEY_FILE.json
Then,
gcloud compute config-ssh [--ssh-config-file=SSH_CONFIG_FILE] [--ssh-key-file=SSH_KEY_FILE]
You may already have ssh file, but that's fine if you simply let gcloud to generate it.
Finally you can ssh into any compute engine from this computer by,
gcloud compute ssh [USER@]INSTANCE
While, for next time in the same computer, you just need to use gcloud compute ssh to access it again.
Upvotes: 1
Reputation: 166
Open a terminal on your workstation and use the ssh-keygen command to generate a new key. Specify the -C flag to add a comment with your username.
ssh-keygen -t rsa -f ~/.ssh/[KEY_FILENAME] -C [USERNAME]
where:
[KEY_FILENAME] is the name that you want to use for your SSH key files. For example, a filename of my-ssh-key generates a private key file named my-ssh-key and a public key file named my-ssh-key.pub.
[USERNAME] is the user for whom you will apply this SSH key.
Restrict access to your private key so that only you can read it and nobody can write to it.
chmod 400 ~/.ssh/[KEY_FILENAME]
where [KEY_FILENAME] is the name that you used for your SSH key files.
Repeat this process for every user who needs a new key.
If you created a key on a Linux workstation by using the ssh-keygen tool, the keys are saved under the following locations:
Public key file: ~/.ssh/[KEY_FILENAME].pub
Private key file: ~/.ssh/[KEY_FILENAME]
where [KEY_FILENAME] is the filename of the SSH key, which was set when the key was created.
To add or remove project-wide public SSH keys from the GCP Console:
In the Google Cloud Platform Console, go to the metadata page for your project. It can be found under the GCE menu.
Under SSH Keys, click Edit.
Modify the project-wide public SSH keys: To add a public SSH key, click Add item at the bottom of the page. This will produce a text box. Copy the contents of your public SSH key file and paste them into the text box. Repeat this process for each public SSH key that you want to add.
When you are done, click Save at the bottom of the page.
To connect to an instance using ssh
In a terminal, use the ssh command and your private SSH key file to connect to your instance. Specify your username and the external IP address of the instance that you want to connect to.
ssh -i [PATH_TO_PRIVATE_KEY] [USERNAME]@[EXTERNAL_IP_ADDRESS]
where:
[PATH_TO_PRIVATE_KEY] is the path to your private SSH key file.
[USERNAME] is the name of the user connecting to the instance. The username for your public SSH key was specified when the SSH key was created. You can connect to the instance as that user if the instance has a valid public SSH key for that user and if you have the matching private SSH key.
[EXTERNAL_IP_ADDRESS] is the external IP address for your instance.
If the connection is successful, you can use the terminal to run commands on your instance. When you are done, use the exit command to disconnect from the instance.
Upvotes: 4
Reputation: 2491
This is not how gcloud works.
Google Cloud Platform actually takes public key beforehand when you create VM instance in compute service. You can generate the key on your machine by using ssh-keygen and add it by following methods to your instance.
You have 2 options. Either you can add the ssh key instance-wide(screenshot 1) by editing your instance setting or you add ssh key project wise in the meta data section of compute service(screenshot 2).
Screenshot1
Screenshot 2
Upvotes: 4
Reputation: 84
For SSH access, you wouldn't use a pem key. On your client machine, you should run (if in a unix/linux system) ssh-keygen which will walk you through creating your ssh key (default is RSA). You then need to add the public key (~/.ssh/id_rsa.pub or the file specified during creation) to ~/.ssh/authorized_keys on the server.
Upvotes: 0
Related Questions
- Google Cloud Platform: SSH to Google cloud instance will have "Permission denied (publickey)"
- How to access SSH keys for a Google Cloud Platform Compute Engine VM instance?
- Can't connect to GCP VM Permission denied (publickey) error
- Transferring SSH keys to the VM. ( SSH Not working for the instance )
- SSH access to GCP VM
- SSH into VM in private network not working
- GCP VM access on local virtualbox
- Is it possible to set up SSH to Google Cloud Platform VM just with user and password (no private/public keys)?
- How do I SSH into gcloud compute instance as ubuntu user?
- GCE SSH Access to VM Instance