I can only connect once through SSH into my GCE VM instance

Question

So I created a brand new project in GCP, I created 2 VMs in the default VPC network an default firewall rules.

I SSH into instance-1 and once inside instance-1, if I try to do the following:

• SSH again into instance-1
• SSH into instance-2

I will get a "Permission denied (publickey)." error.

What is happening behind the curtains in GCP? I can see that SSH keys are created in the metadata, I just don't understand how I am unable to SSH again to the same instance or to my other instance.

I know that adding the public key in the metadata of the instances will allow me to do that, I would like to understand why I am unable to recursively SSH into my instances.

Answer 1

you are unable recursively SSH into my instances because you have not the private key associated with other instance.

Answer 2

When you create a VM in GCP you will see a button labeled SSH. When you click that, you will see a shell window open and you will be logged in using the SSH protocol/technology. What is happening is that an SSH public/private key pair are being created. The public key is copied into the meta data associated with the VM instance. The private key is never exposed. Instead, it is held by Google associated with your project and your GCP identity (joe@gmail.com). What this means is that when you (joe@gmail.com) click on the SSH button, the private key (held by Google) is retrieved and used to form the connection to your VM with the corresponding public key.

Now to your question ... imagine you are logged into the target VM. If you try and SSH back into that VM or try and SSH into that VM from elsewhere ... where is your private key? The answer is you don't have access to it. Remember ... in order to use SSH, there is a key pair. The public key and the private key. The public key is known to the target of the SSH and the corresponding private key must be known to the SSH client.