February 1, 2022

5 ways to connect to your GCP VM instances using SSH

GCP provides various ways by which you can SSH to a Linux compute instance, especially useful when you have firewall rules preventing external access. This article shows the 5 ways to connect to a GCP VM instance using SSH.

Table of Contents

Introduction

Various methods of Setting Up SSH in GCP VM Instances

     1. Opening in browser window

     2. Open in browser window on Custom Port

     3. Open in browser window using provided private SSH key

     4. gcloud Command Line

     5. Use another SSH client

Conclusion


Introduction

SSH secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. As an administrator, you will be required to connect to machines you manage for various purposes - to deploy applications, to perform maintenance tasks or security patches and to troubleshoot workloads.

In this article we will be discussing the various ways that GCP provides us to establish SSH connections to GCP VM instances. These techniques allow us to connect to the instances via a browser session or natively using third party SSH clients.

Various methods of Setting Up SSH in GCP VM Instances

1. Opening in browser window

Open the ‘VM Instances’ section. It will show all the instances that are created. Open the drop down next to SSH and select the option you want to use to SSH into GCP VM Instance.


Opening in browser window


Select the option `Open in browser window`. A window will open up showing that a connection is being set up. Your public keys are transferred to the remote instance and an SSH over HTTP session is established.


Open in browser window


Once the connection is established, a terminal window will open and we can access the VM Instance.

2. Open in browser window on Custom Port

You can use this option to connect to the VM instance in cases where the SSH service is listening on a non default port (ports other than TCP 22). Although this is rarely used, you would be able to use this option to connect to SSH for daemons that run on non default ports or if the port has been changed due to security reasons (to add obscurity for attackers).

Select the option `Open in browser window on custom port` next to the SSH button of the VM Instance.

Open in browser window on custom port


A pop up window will open, in which enter the port to which you want to establish the connection. After this it will transfer SSH Keys to VM and the SSH connection will be established.

3. Open in browser window using provided private SSH key

You can use this option when you want to connect to a VM instance using a different private key than the one that GCP creates for you.

To connect to your instances with a user-provided provide SSH key, complete these prerequisite steps:

  1. Enable the OS Login feature on your project or on individual instances.
  2. Configure the public SSH key with the user's OS Login profile. Include the project ID in the request to ensure that your profile is properly configured.

Select the option `Open in browser window using provided private SSH key` next to the SSH button of the VM Instance.



A popup window will open, select the option `Connect with SSH Key File` and then select the private key file from your local system. 

4. gcloud Command Line


In your terminal, switch to the project in which you want to connect to the VM Instance.

gcloud config set project <project name>

Now run the command that is displayed in the pop up of `gcloud command line`

gcloud beta compute ssh --zone "us-central1-a" "vm-instance-name"  --project "project-name"

This is the same API request that the browser makes when requesting an SSH session.

5. Use another SSH client

To SSH into GCP VM Instance from a Linux or macOS machine, use the ssh command from a local machine or another machine on the Internet, including within GCP. 

To be able to successfully connect, your external IP address must be allowed through the firewall or you need to be in the same subnet as the target machine in case you are using a GCP instance to connect.

Add your SSH public key to the VM Instance


If you need to add your own SSH key then use the command to create SSH keys in your terminal.

ssh-keygen -t  id_rsa

Once the key pair is generated, copy the public key into the instance metadata of the VM. Select Metadata under Settings. Once the page opens click on EDIT and then select ADD ITEM and enter the value. Then click on SAVE.

Now go to your Local machine and in terminal use the ssh command along with your private SSH key file, the username, and the external IP address of the instance to connect.

ssh -i PATH_TO_PRIVATE_KEY USERNAME@EXTERNAL_IP

After you connect, run commands on your instance using the terminal. When you finish, disconnect from the instance by running the exit command.

Conclusion

SSH is used to communicate securely with a remote Linux based machine. In this blog, various ways of SSHing into a GCP VM Instance have been discussed. All of the techniques mentioned above are well supported by GCP. Knowing alternate ways of SSHing to the GCP VM instances is always useful when network firewalls or network configurations prevent direct access to the machines.

***

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. If you wish to give your feedback on this article, you can write to us here.

Written by:
Priyam Singh

Priyam Singh

Cloud Security Specialist

Priyam is a Cloud Security Specialist at Kloudle. She also has experience as DevSecOps Engineer. She is part of security communities such as Infosecgirls and null - The Open Security Community. An active speaker and contributor to various security communities. She has given various technical talks and published content on DevSecOps.

Read more