Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can not connect to Google Compute Engine via SSH

I've set up a new instance of Google Compute Engine on a new project. I start the instance and use command gcloud init to connect to my project. I then use command sudo gcloud compute ssh instance-1. It takes me through SSH key pair generation:

WARNING: The private SSH key file for Google Compute Engine does not exist.
WARNING: You do not have an SSH key for Google Compute Engine.
WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/username/.ssh/google_compute_engine.
Your public key has been saved in /Users/username/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:there_is_a_key_here_but_probably_should_not_show_it [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|There is an image|
|here             |
+----[SHA256]-----+
Updating project ssh metadata...\Updated [link to the project].
Updating project ssh metadata...done.                                                         
Warning: Permanently added 'compute.1788786712041991164' (ECDSA) to the list of known hosts.
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) Could not SSH to the instance.  It is possible that your SSH key has not propagated to the instance yet. Try running this command again.  If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.

Weird. I check the metadata in my Google Cloud Console, they key appeared there after running this command. So it was successfully generated and metadata was updated. I wait a little bit, and try again the same command:

My-MacBook-Air-4:~ myname$ sudo gcloud compute ssh instance-1
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. See https://cloud.google.com/compute/docs/troubleshooting#ssherrors for troubleshooting hints.

So I try some of the troubleshooting hints:

gcloud compute firewall-rules list

NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
default-allow-http      default  0.0.0.0/0     tcp:80                                  http-server
default-allow-https     default  0.0.0.0/0     tcp:443                                 https-server
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22

Firewall seems fine. And that happens to EVERY Google Compute Engine instance I create on ANY project. I don't understand what is going on, the key pairs have been created, I tried all of the steps several times on several different projects and the error persists.

EDIT: The keys appeared in the SSH Tab of the project, the Metadata tab is still empty.

like image 674
Ilya Lapan Avatar asked Feb 10 '17 19:02

Ilya Lapan


People also ask

How do I SSH into Compute Engine GCP?

Connect through a browser from the GCP Marketplace Find and select your project in the project list. Select the “Compute -> Compute Engine” menu item. Locate your server instance and select the SSH button.

Can't connect to SSH Google Cloud?

The firewall rule allowing SSH is missing or misconfigured. By default, Compute Engine VMs allow SSH access on port 22. If the default-allow-ssh rule is missing or misconfigured, you won't be able to connect to VMs. To resolve this issue, Check your firewall rules and re-add or reconfigure default-allow-ssh .

How do I enable SSH on Google Cloud?

In the console, go to the VM instances page. In the list of VMs, click the arrow_drop_down drop-down next to the SSH button of the VM that you want to connect to. Click Open in browser window using provided private SSH key. The SSH-in-browser window opens.

How do I connect Google Compute Engine?

To connect to an instance without an external IP address, use the gcloud compute ssh command with the --internal-ip flag. In the Google Cloud console, go to the VM Instances page and find the internal IP address for the instance that you want to connect to. Connect to the instance.


2 Answers

enter image description here

Solution: Create a new Firewall with Port 22 opened for TCP and UDP as illustrated below.

like image 97
Bharath S Avatar answered Oct 06 '22 00:10

Bharath S


I then use command sudo gcloud compute ssh instance-1

Using sudo is wrong here. It appears that you've created a key in /Users/username/.ssh/google_compute_engine but since it has the comment [email protected], it's probably created with the wrong ownership (i.e. owned by root).

You might be able to fix this up with:

 sudo chown $USER:$GROUPS ~/.ssh/google_compute_engine{,.pub}

And then connect without sudo

 gcloud compute ssh instance-1

Or if that fails just start over but don't use sudo for anything.

like image 29
Grisha Levit Avatar answered Oct 05 '22 23:10

Grisha Levit