connect to a
Compute instance
over SSH
on Google Cloud
Navigate to the Compute Engine section of the Google Cloud console in a web browser, if you are not already there.
You could just click the ssh button at the end of a row to open an ssh terminal in a browser window, but that would require logging in to the Google Cloud Compute Engine every time you need an ssh shell.
It is far more convenient to use another ssh client in the long run, but it requires a little bit of setup at first.
There is likely already an ssh client installed in the terminal native to your operating system.
Windows contains ssh in PowerShell, macOS includes ssh in Terminal, and whatever Linux distribution you might be using likely has OpenSSH already installed.
If you are unsure about the options in your specific ssh client, reference the manual page by entering the Get-Help New-PSSession command in PowerShell on Windows,
or entering man ssh command in the Linux shell or Terminal on macOS.
Some people like to use PuTTY.
SSH keys
"The Secure Shell Protocol (ssh) is a cryptographic network protocol for operating network services securely over an unsecured network."
In other words, it is a safe and efficient way to manage remote computers through the command line over the internet
The first step in initiating an ssh connection is generating a key pair on your local computer.
One is for the client, the other for the server.
OpenSSH includes several commands other than ssh to help manage identities, keys, and services such as
ssh-add,
ssh-agent,
sshd,
sshd-config,
ssh-keygen, and
ssh-keyscan.
Navigate to the folder that should contain the keys with the cd and ls commands,
because keys will be generated in the working directory.
Then run the ssh-keygen command on the client machine to generate a set of keys.
PS C:\Users\The Anarchitect\.ssh> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\The Anarchitect/.ssh/id_rsa): _____
Name the key set and hit enter. It could be the name of the server or cloud service you are using.
Enter passphrase (empty for no passphrase):
Enter a password for the key set if you want one. If set, you will be prompted for it every time an ssh connection is made.
Enter same passphrase again:
Enter the same password again.
Your identification has been saved in _____.
Your public key has been saved in _____.pub.
The key fingerprint is:
SHA256:•••••••••••••••••••••••••••••••••••••••••••
anarchitect@computer
The key's randomart image is:
+---[RSA 3072]----+
|. . . . . . . . .|
| . . . . . . . . |
|. . . . . . . . .|
| . . . . . . . . |
|. . . . . . . . .|
| . . . . . . . . |
|. . . . . . . . .|
| . . . . . . . . |
|. . . . . . . . .|
+----[SHA256]-----+
The terminal will output the fingerprint and randomart image for your key.
Print the public key to the terminal to display it as text.
You may need to use the type command if you're using a Windows Batch ("CMD") terminal or
the cat command on Linux or macOS.
cat also works in PowerShell because it is an alias for Get-Content.
You will need this later, so you may want to copy the text output to your clipboard.
PS C:\Users\The Anarchitect\.ssh> cat *.pub
ssh-rsa •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••= anarchitect@computer
Navigate to the Google Cloud Metadata page in a browser, and select the SSH keys tab.
Click the edit button > then + add item.
Enter the public key ( *.pub as text ) copied from the terminal earlier in the Value field.
The Key field should automatically populate based on Value.
Click the save button.
Navigate back to the Compute Engine console page in a browser again.
Now that the public SSH key has been added to the Cloud Metadata, you can click the ssh button on the right to share it with the server.
You may have to "allow pop-ups for ssh.cloud.google.com" in your browser and/or
click Authorize to "Allow SSH-in-browser to connect to VMs."
Notice how the window says "Transferring SSH keys to the VM."
Once the connection to the server has been established, you may close the pop-up window.
The ssh key from the local client has been transferred from Cloud Metadata, so we don't need the pop-up browser terminal anymore.
In your PowerShell, macOS, or Linux terminal enter the ssh command followed by the -i option, passing the name and location of your private key as an argument, and then the IP address of your server.
The IP address will be listed in the Compute Engine console under the External IP column.
PS C:\Users\The Anarchitect> ssh -i ~/.ssh/_____ __.__.__.__
The authenticity of host '__.__.__.__ (__.__.__.__)' can't be established.
ECDSA key fingerprint is SHA256:•••••••••••••••••••••••••••••••••••••••••••.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Type yes and hit enter.
Warning: Permanently added '__.__.__.__' (ECDSA) to the list of known hosts.
Enter passphrase for key 'C:\Users\The Anarchitect/.ssh/_____':
Enter the password you set earlier.
Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.19.0-1027-gcp x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon Jul 24 18:56:06 UTC 2023
System load: 0.0 Processes: 104
Usage of /: 20.2% of 9.51GB Users logged in: 1
Memory usage: 6% IPv4 address for ens4: __.__.__.__
Swap usage: 0%
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
If you see a text welcome page like this, then you've successfully connected to your Ubuntu Linux server on Google Cloud Compute via ssh!