using google gcloud to ssh tunnel into linux machine inside network

Question

I have an Ubuntu 16.04 VirtualBox machine (i.e. machine A) running on OSX connected to a university campus network. I would like to occasionally ssh into the machine from my laptop to remotely assist my colleagues, and I looked at different options.

It seems one of the options is "reverse ssh" (related to "port forwarding" or "ssh tunnelling"). My laptop does not have a fixed IP, so I can't do straight reverse ssh. The possible solution is to use a proxy machine. The idea is that when I need to assist my colleagues, they will type in the connection instructions from machine A, this will create a running GCP instance, and I will be able to then connect to machine A from the outside using this bridging (proxy?) GCP machine.

                                            / Academic intranet
                          +----------+     |  
                          |   GCE    |     |  +----------+
                          | instance |<----|--| Machine A|
                          +----------+     |  +----------+
                                           |  
                                            \ 



                                            / Academic intranet
                          +----------+     |  
+-------------+    ssh    |   GCE    | ssh |  +----------+
| Laptop dynIP|---------->| instance |-----|->| Machine A|
+-------------+           +----------+     |  +----------+
                                           |
                                            \

We have a Google cloud account and gcloud installed on machine A. For what I can tell, GCP already has a very simple way to set up a tunnel in GCP:

https://cloud.google.com/community/tutorials/ssh-tunnel-on-gce

I tried it and it works. Which makes me guess that the same should be possible on GCP for the final step: for me to be able to open an SSH browser window on the running GCP instance so that I can ssh into machine A from there.

Any ideas?

EDITED:

Here is how far I got following the ssh tunnel on gce instructions:

On machine A:

gcloud compute instances create --zone us-west1-a tunnel
gcloud compute ssh --zone us-west1-a tunnel -- -N -p 22 -D localhost:2210

On my laptop, I can open https://console.cloud.google.com/compute/instances and then open a browser window to SSH connect.

From the GCP instance hostname tunnel, I guess I am missing something like:

ssh-into-machine-A-from-here

This is the last command that I am missing. Or maybe the ssh tunnel in gcloud needs extra flags/parameters.

Answer 1

0) Create an instance on GCP with a command like:

gcloud compute instances create --zone us-west1-a tunnel

0b) Click on the 'SSH' link on https://console.cloud.google.com/compute/instances to open a browser window.

0c) On the browser window, edit the sshd_config file to enable GatewayPorts yes.

0d) Set up gcloud CLI and connect the first time as shown below:

gcloud compute ssh --zone us-west1-a tunnel

This will create the ssh keys in $HOME/.ssh/google_compute_engine. Disconnect from it. Now that the keys are created, follow the next steps.

1) To establish forwarding from GCE to machine A: run following on machine A:

ssh -i ~/.ssh/google_compute_engine -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -f -N -R 2022:*:22 gce_user@gce_address

2) Now, to connect to machine A from your laptop, you can use the browser window with the GCP instance and do:

ssh -p 2022 A_machine_user@localhost

This should then ask for the password on A_machine_user and connect you to machine A.