SSH secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. As an administrator, you will be required to connect to machines you manage for various purposes - to deploy applications, to perform maintenance tasks or security patches and to troubleshoot workloads.
In this article we will be discussing the various ways that GCP provides us to establish SSH connections to GCP VM instances. These techniques allow us to connect to the instances via a browser session or natively using third party SSH clients.
Open the ‘VM Instances’ section. It will show all the instances that are created. Open the drop down next to SSH and select the option you want to use to SSH into GCP VM Instance.
Select the option Open in browser window
. A window will open up showing that a connection is being set up. Your public keys are transferred to the remote instance and an SSH over HTTP session is established.
Once the connection is established, a terminal window will open and we can access the VM Instance.
You can use this option to connect to the VM instance in cases where the SSH service is listening on a non default port (ports other than TCP 22). Although this is rarely used, you would be able to use this option to connect to SSH for daemons that run on non default ports or if the port has been changed due to security reasons (to add obscurity for attackers).
Select the option Open in browser window on custom port
next to the SSH button of the VM Instance.
A pop up window will open, in which enter the port to which you want to establish the connection. After this it will transfer SSH Keys to VM and the SSH connection will be established.
You can use this option when you want to connect to a VM instance using a different private key than the one that GCP creates for you.
To connect to your instances with a user-provided provide SSH key, complete these prerequisite steps:
Select the option Open in browser window using provided private SSH key
next to the SSH button of the VM Instance.
A popup window will open, select the option Connect with SSH Key File
and then select the private key file from your local system.
In your terminal, switch to the project in which you want to connect to the VM Instance.
gcloud config set project <project name>
Now run the command that is displayed in the pop up of gcloud command line
gcloud beta compute ssh --zone "us-central1-a" "vm-instance-name" --project "project-name"
This is the same API request that the browser makes when requesting an SSH session.
To SSH into GCP VM Instance from a Linux or macOS machine, use the ssh command from a local machine or another machine on the Internet, including within GCP.
To be able to successfully connect, your external IP address must be allowed through the firewall or you need to be in the same subnet as the target machine in case you are using a GCP instance to connect.
If you need to add your own SSH key then use the command to create SSH keys in your terminal.
ssh-keygen -t id_rsa
Once the key pair is generated, copy the public key into the instance metadata of the VM. Select Metadata under Settings. Once the page opens click on EDIT and then select ADD ITEM and enter the value. Then click on SAVE.
Now go to your Local machine and in terminal use the ssh command along with your private SSH key file, the username, and the external IP address of the instance to connect.
ssh -i PATH_TO_PRIVATE_KEY USERNAME@EXTERNAL_IP
After you connect, run commands on your instance using the terminal. When you finish, disconnect from the instance by running the exit command.
SSH is used to communicate securely with a remote Linux based machine. In this blog, various ways of SSHing into a GCP VM Instance have been discussed. All of the techniques mentioned above are well supported by GCP. Knowing alternate ways of SSHing to the GCP VM instances is always useful when network firewalls or network configurations prevent direct access to the machines.