Reputation: 185
Remote SSH from VSCode to Google Cloud VMs over IAP tunnel
I am using the below command for SSH to GCP VMs. How can I configure VSCode to use these settings?
gcloud beta compute ssh --zone "asia-south1-a" "jump-box" --tunnel-through-iap --project "Project Name"
(editor note: notice --tunnel-through-iap in particular)
Upvotes: 0
Views: 3309
Answers (3)
Reputation: 804
If you are checking this question in looking in vain for a Windows solution and you don't know why OpenSSH in VS code is giving you arcane errors like CreateProcessW failed try the following.
The short story for all of the problems is just that OpenSSH in VSCode on Windows has significant issues attempting to parse strings. More detailed troubleshooting steps follow.
If you have installed gcloud tools on Windows using default settings, then they have likely installed into C:\...\AppData\Google Cloud\.... That space in the install causes the CreateProcessW failure. Go to settings -> Installed Apps -> Google Cloud SDK and uninstall it. Reinstall it in C:\gcp or some other short folder without a space.
After you've installed and restarted your terminal and ran gcloud auth login again, you can run
gcloud compute ssh [Instance] --project=[Project] --zone=[Zone] --tunnel-through-iap --dry-run
This will spit out something like
C:\gcp\google-cloud-sdk\bin\sdk\putty.exe -t -i C:\Users\User\.ssh\google_compute_engine.ppk -proxycmd ""C:\\gcp\\google-cloud-sdk\\bin\\..\\platform\\bundledpython\\python.exe" "-S" "C:\\gcp\\google-cloud-sdk\\bin\\..\\lib\\gcloud.py" compute start-iap-tunnel "[Instance]" "%port" --listen-on-stdin --project=[Project] --zone=[Zone] --verbosity=warning" [email protected]
Now to create a string that VSCode can actually use with OpenSSH's string parsing. Turn that int something that looks like this:
ssh -t -i C:\Users\User\.ssh\google_compute_engine -o ProxyCommand="C:/gcp/google-cloud-sdk/platform/bundledpython/python.exe -S C:/gcp/google-cloud-sdk/lib/gcloud.py compute start-iap-tunnel [Instance] 22 --listen-on-stdin --project=[Project] --zone=[Zone] --verbosity=warning" [email protected]
It may very well be possible to get there without all of the transformations, but in my experience, OpenSSH on VSCode will give you unhelpful errors like host name cannot contain the character " because the string parse logic believes the final " is somehow part of the [email protected]. Transforming the string into that shape allows it to work with OpenSSH in VSCode. Namely the connection string can work in terminal, but will still fail in VSCode for unknown VSCode specific reasons.
Test your string in powershell, it should connect to the VM through IAP.
Now go to VSCode connect to remote host and then "Add New SSH Host" then paste your changed string into that to add it to the ssh config. Just trying to use even that string in the "Connect to Host" will fail, but "Add New SSH Host" will finally parse it correctly.
Then go through the Connect to Host from the Remote-SSH button again and this time select the "compute.numbers" entry that was just added. VSCode should connect finally.
Upvotes: 0
Reputation: 15366
The following provides a tutorial: https://medium.com/@albert.brand/remote-to-a-vm-over-an-iap-tunnel-with-vscode-f9fb54676153 .
Briefly, add --dry-run to your normal gcloud compute ssh command to see what gcloud is doing under the hood. Those options need to get set in your VSCode SSH config file.
When using --tunnel-through-iap, you'll see a few ProxyCommand that invokes gcloud.py, and HostName and HostKeyAlias set to the instance ID (looks like compute.123456789123456789), as well as a few others.
An archive of this page is available: https://web.archive.org/web/20220520113631/https://medium.com/@albert.brand/remote-to-a-vm-over-an-iap-tunnel-with-vscode-f9fb54676153
Upvotes: 2
Reputation: 1704
Given the title I'm guessing what you're trying to do is use a compute ssh command for https://code.visualstudio.com/docs/remote/ssh
I couldn't find a way to use this directly, but a workaround that I found is to run:
gcloud compute config-ssh --dry-run --project "Project Name"
This will produce an SSH configuration for all the instances in your project.
I was then able to add the hosts I was interested to my vscode ssh config (~/.ssh/config by default). It'll be something like this, but I've redacted the bits related to my project.
Host INSTANCE-NAME.ZONE.PROJECT_NAME
HostName IP
IdentityFile /Users/USER/.ssh/google_compute_engine
UserKnownHostsFile=/Users/USER/.ssh/google_compute_known_hosts
HostKeyAlias=compute.ID
IdentitiesOnly=yes
CheckHostIP=no
You could also omit the --dry-run to automatically add the entries.
Upvotes: 1
Related Questions
- How to connect VSCode to GCP instances
- Error Public Key when trying to ssh into Google Cloud Platform VM
- IAP tunnel to VM
- Is possible to integrate vs code with vm-instance on gcloud with no public ip?
- Connecting VSCode and GCP
- Google Compute Engine VM - set up SSH tunnel through Python using google cloud API?
- Setting up SSH tunnel through GCE
- VC Code can't SSH into Google Cloud (stderr> OpenSSH_8.1p1, LibreSSL 2.7.3)
- How to SSH/SCP from Cloud Build thru IAP Tunnel?
- using google gcloud to ssh tunnel into linux machine inside network