Google Cloud Platform is a competitor of AWS that makes running virtualized servers easy and cheap. Unfortunately for beginners, they have a new approach to setting up SSH that requires some explanation and configuration.
Fast SSH Access: Use the Console
If you need fast access, the easiest method is to click "SSH" in the GCP Compute Engine console. This will open a new Chrome window that will transfer keys and connect you to the instance.
This is provided because setting up SSH for a remote client is a bit more involved than you would expect. For other cloud providers such as AWS, you would select a private key pair, download that key pair and normally connect to the instance with ssh -i keyfile
.
However, GCP decides to manage SSH keys that use IAM roles and rights. Instead of downloading a private key for the instance, instead provide your key to your user account and provide your key by setting the OS Login.
Of course, you can always manually add your SSH key to the authorizedkeys
file, which solves the problem, but Google has set up OS Login for a reason, and it's better to do it this way. instead of manually ignoring the key management tools they have set up. [19659003] Setting up your own keys with OS Login
The first step in setting up OS Login is adding your SSH keys to your user account. If you control access for other people, you can use the Directory API, but if you link your own account, you want to use the gcloud
CLI.
Download the installer and run it. The installer opens a new window where you can sign in to the Google account to which you want to add the keys. When it's done, run the following command in your terminal to add ~ / .ssh / id_rsa.pub
to your account keys:
gcloud compute os-login ssh-keys add --key-file ~ / .ssh / id_rsa.pub --ttl 0
OS login is disabled by default, so you must enable it for the entire project or for specific instances. Under "Metadata" in the Compute Engine Console, add a new key pair with enable-oslogin
as the key and TRUE
as the value.
If your account is an IAM administrator, you should now be able to connect to instances with OS Login enabled, using the private key that you provide to your account linked.
If your account is not the owner, you need a few IAM permissions to access the instance:
roles / compute.osAdminLogin
granting administrator permissions, orroles / compute .osLogin
that does not grant administrator rights.
You can set one of these rights at the instance level using IAM policy bindings.
All new instances you create are automatically accessible through the private key associated with your account, with no manual configuration required. If you give other users access and need to revoke them in the future, you can easily revoke their IAM permissions, which will fix the problem without having to run a key.
Source link