Connect to GCE Instance on GCP using a Third Party ssh tool from a Linux System or Mac

Prerequisites:

• Basic command of terminal use

Today I will be sharing a brief means of connecting to a gcp instance using your own ‘ssh’ tool rather than the usual gcp sdk connection means using the commandgcloud compute ssh INSTANCE_NAME[ — zone ZONE_NAME] .

Let’s begin, let me quickly outline the steps:

1. Create the GCE Instance,
2. Generate both private and public keys on my local machine using the ssh-keygen command from an ssh terminal ,
3. Create a copy of the public key, format it and add it to your instance metadata,
4. Use the command ssh -i PATH_TO_PRIVATE_KEY USERNAME@IP_ADDRESS_OF_INSTANCE to connect

Step 1:

We create an instance using the gcloud console, then we ssh into the instance from the console and name it “connect-instance”:

Step 2:

Now in that terminal of your local machine we run the command to create the ssh keys. The default location presented to you is fine and kindly note that as stated on their documentation page this has to be done for each user that needs ssh access to that instance, so in that case the command would take the form:

ssh-keygen -t rsa -f /home/$USERNAME/.ssh/[NAME_OF_USER]

Say we are creating for uduak and his username is ‘usank’ and will be added to the end of the private key value, then we will run that command:

ssh-keygen -t rsa -f /home/$USERNAME/.ssh/uduak

Step 3:

We now make a copy of the public version of that key and format it as directed on the official document page:

• make copy: cd ~/.ssh/uduak.pud ~/.ssh/uduak_copy.pub
• format it:[USERNAME]:ssh-rsa [EXISTING_KEY_VALUE] [USERNAME]

Note: the normal format for that public file is

ssh-rsa [EXISTING_KEY_VALUE] [USERNAME]

so simple add the username to the beginning of the entry and save is it.

• Copy it to a text file: cp ~/.ssh/uduak_copy.pub ~/.ssh/uduak.txt
• Send the formatted public key to the instance so admin can add it: gcloud compute scp ~/.ssh/udauk.txt <ADMIN_USERNAME>@<IP_ADDRESS_OF_INSTANCE>:~/ or scp ~/.ssh/uduak.txt <ADMIN_USERNAME>@<IP_ADDRESS_OF_INSTANCE>:~/
• Admin adds the instance metadata (or you do so if your admin) : gcloud compute instances add-metadata <NAME_OF_INSTANCE> --metadata-from-file ssh-keys=~/.ssh/uduak.txt

Note: this is an instance metadata addition other options exists for project wide etc see official documentation. This simple means that ‘uduak’ can only connect to this instance.

Step 4:

• Now connect to the instance from your machine:

ssh -i /path/to/uduak/privatekey uduak@ip_address_on_instance

With that we uduak can connect to that instance only and no other and this has to be done for each user so this is most likely best used when setting up a development vm and not suited for production. But note it is far safer to use the tools provided by gce.

If you found this useful please leave a clap.