Set up SSH for a Google Cloud Platform instance – CloudSavvy IT

Google Cloud Platform is a competitor of AWS that makes running virtualized servers easy and cheap. Unfortunately for beginners, they have a new approach to setting up SSH that requires some explanation and configuration.

Fast SSH Access: Use the Console

If you need fast access, the easiest method is to click "SSH" in the GCP Compute Engine console. This will open a new Chrome window that will transfer keys and connect you to the instance.

This is provided because setting up SSH for a remote client is a bit more involved than you would expect. For other cloud providers such as AWS, you would select a private key pair, download that key pair and normally connect to the instance with ssh -i keyfile .

However, GCP decides to manage SSH keys that use IAM roles and rights. Instead of downloading a private key for the instance, instead provide your key to your user account and provide your key by setting the OS Login.

Of course, you can always manually add your SSH key to the authorizedkeys file, which solves the problem, but Google has set up OS Login for a reason, and it's better to do it this way. instead of manually ignoring the key management tools they have set up. [19659003] Setting up your own keys with OS Login

The first step in setting up OS Login is adding your SSH keys to your user account. If you control access for other people, you can use the Directory API, but if you link your own account, you want to use the gcloud CLI.

Download the installer and run it. The installer opens a new window where you can sign in to the Google account to which you want to add the keys. When it's done, run the following command in your terminal to add ~ / .ssh / id_rsa.pub to your account keys:

  gcloud compute os-login ssh-keys add 
--key-file ~ / .ssh / id_rsa.pub 
--ttl 0 

OS login is disabled by default, so you must enable it for the entire project or for specific instances. Under "Metadata" in the Compute Engine Console, add a new key pair with enable-oslogin as the key and TRUE as the value.

If your account is an IAM administrator, you should now be able to connect to instances with OS Login enabled, using the private key that you provide to your account linked.

If your account is not the owner, you need a few IAM permissions to access the instance:

• roles / compute.osAdminLogin granting administrator permissions, or
• roles / compute .osLogin that does not grant administrator rights.

You can set one of these rights at the instance level using IAM policy bindings.

All new instances you create are automatically accessible through the private key associated with your account, with no manual configuration required. If you give other users access and need to revoke them in the future, you can easily revoke their IAM permissions, which will fix the problem without having to run a key.