Menu
I've set up a new instance of Google Compute Engine on a new project. I start the instance and use command gcloud init to connect to my project. I then use command sudo gcloud compute ssh instance-1. It takes me through SSH key pair generation:
WARNING: The private SSH key file for Google Compute Engine does not exist.
WARNING: You do not have an SSH key for Google Compute Engine.
WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/username/.ssh/google_compute_engine.
Your public key has been saved in /Users/username/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:there_is_a_key_here_but_probably_should_not_show_it [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| |
| |
| |
| |
|There is an image|
|here |
+----[SHA256]-----+
Updating project ssh metadata...\Updated [link to the project].
Updating project ssh metadata...done.
Warning: Permanently added 'compute.1788786712041991164' (ECDSA) to the list of known hosts.
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) Could not SSH to the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
Weird. I check the metadata in my Google Cloud Console, they key appeared there after running this command. So it was successfully generated and metadata was updated. I wait a little bit, and try again the same command:
My-MacBook-Air-4:~ myname$ sudo gcloud compute ssh instance-1
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. See https://cloud.google.com/compute/docs/troubleshooting#ssherrors for troubleshooting hints.
So I try some of the troubleshooting hints:
gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
Firewall seems fine. And that happens to EVERY Google Compute Engine instance I create on ANY project. I don't understand what is going on, the key pairs have been created, I tried all of the steps several times on several different projects and the error persists.
EDIT: The keys appeared in the SSH Tab of the project, the Metadata tab is still empty.
674
Connect through a browser from the GCP Marketplace Find and select your project in the project list. Select the “Compute -> Compute Engine” menu item. Locate your server instance and select the SSH button.
The firewall rule allowing SSH is missing or misconfigured. By default, Compute Engine VMs allow SSH access on port 22. If the default-allow-ssh rule is missing or misconfigured, you won't be able to connect to VMs. To resolve this issue, Check your firewall rules and re-add or reconfigure default-allow-ssh .
In the console, go to the VM instances page. In the list of VMs, click the arrow_drop_down drop-down next to the SSH button of the VM that you want to connect to. Click Open in browser window using provided private SSH key. The SSH-in-browser window opens.
To connect to an instance without an external IP address, use the gcloud compute ssh command with the --internal-ip flag. In the Google Cloud console, go to the VM Instances page and find the internal IP address for the instance that you want to connect to. Connect to the instance.
Solution: Create a new Firewall with Port 22 opened for TCP and UDP as illustrated below.
97
I then use command
sudo gcloud compute ssh instance-1
Using sudo is wrong here. It appears that you've created a key in /Users/username/.ssh/google_compute_engine but since it has the comment [email protected], it's probably created with the wrong ownership (i.e. owned by root).
You might be able to fix this up with:
sudo chown $USER:$GROUPS ~/.ssh/google_compute_engine{,.pub}
And then connect without sudo
gcloud compute ssh instance-1
Or if that fails just start over but don't use sudo for anything.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
