Google Cloud Platform: SSH to Google cloud instance will have "Permission denied (publickey)"

Question

I have come across the issue as below when I use ssh login google cloud instance

$ ssh -i DD2 [email protected]
Permission denied (publickey).

After some testing, I found that the cause of the error is that public key signature is not consistent with the account for google cloud:

For example :

scuio33@chef-server:~$ 

here you account is scuio33 then your pub file will be :

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBpNeFZyXXXehjPuGCkEjb/t
laNQt0fztORSCFFQIoKHkQzi7SNhp48kagyOHDNj6mY1LmVZB/sIj2oCa1AFupoFuBYc/XILP
rTX60fIlnBYkHl+6Kq/TX2hzKv scuio33

scuio33 will be exactly same as your google account, or there will have the issue "Permission denied (publickey)". Only google cloud has this restriction.

This is not a "question". But a hint for ssh to google cloud failure.

Answer 1

I experienced this issue when trying to set up Kubernetes for the first time on Google Cloud Platform.

I was running into the error below each time I tried to SSH into my instance from my terminal:

[email protected]: Permission denied (publickey)

Here's how I solved it:

Open a terminal on your workstation and use the ssh-keygen command to generate a new key. Specify the -C flag to add a comment with your username.

ssh-keygen -t rsa -f ~/.ssh/[KEY_FILENAME] -C [USERNAME]

In my case it was:

ssh-keygen -t rsa -f ~/.ssh/kubernetes-trial -C promisepreston

Navigate into the .ssh directory:

cd ~/.ssh

Restrict access to your private key so that only you can read it and nobody can write to it.

chmod 400 [KEY_FILENAME]

In my case it was:

chmod 400 kubernetes-trial

Double click on kubernetes-trial.pub to open it OR print it on the console using the cat command:

sudo cat kubernetes-trial.pub

The public SHH key should be of this format:

ssh-rsa [KEY_VALUE] [USERNAME]

OR

ssh-rsa [KEY_VALUE] google-ssh {"userName":"[USERNAME]","expireOn":"[EXPIRE_TIME]"}

In my case it was:

ssh-rsa AAAAB3MzaC1yc2EAAAADAQABAAABAQDdLjLb2b97m9NSK5Z8+j6U8awAwIx1Sbn9o4cEpYT2USYlFhJPRckgnmCQ+Eaim/sgL40V2v3Jwt6HVAY0L9bl84jmvox9QP4FOY7+LM02ZqfRB6LaEukM1tGdObVr+HBvhOwrxGCI06GFjnD3vVzW4jEsK75Y7MPzXd5YSpebGvU+7ZOuEcuSKp/R9dJcJn4kdXeaqor4gh8uTKQ43PGPTEvyoNlCWLkwSgy8khbo2BpoChLA7B53pVEhviMvVVIbmwpc6V2AIhRYY7ppR8oBzklLgh8CtTBPXtQRYiahLOIhds6ORf7wGNFI+A4sbBqwEL3J6av5fE1+zkUBhAHX promisepreston

Copy its contents and paste in the SSH Section of your instance under the Metadata section Adding or removing instance-level public SSH keys

In a local terminal, navigate to the directory where you have the private SSH key file, use the ssh command along with your private SSH key file, the username, and the external IP address of the instance to connect. For example:

ssh -i private-key username@external-ip-of-the-virtual-instance

In my case it was:

ssh -i kubernetes-trial [email protected]

After you connect, run commands on your instance using this terminal. When you finish, disconnect from the instance by running the exit command.

Note:

• Ensure that you added the instance-level public SSH keys Adding or removing instance-level public SSH keys
• Ensure that you are not blocking project-wide public SSH keys from the Linux instance Allowing or blocking project-wide public SSH keys from a Linux instance
• Ensure that OS Login is not enabled Enabling or disabling OS Login

That's all.

I hope this helps

Answer 2

Connecting with an SSH key to a Google Cloud Compute Engine instance is not limited to the users of the project the instance belongs to. You can generate an SSH key and as long as it’s added to the instance and the user exists on the OS, you should be able to SSH. You can connect with other usernames. Make sure that:

1. You add the public key to the instance via the Google Cloud Console [1]

2. Your username exists on the OS of your instance

3. If you want to SSH as "root", change the configuration in your /etc/ssh/sshd_config file.