I have two google accounts and 1 Compute Engine Instance. I ssh to it from browser using two different account. Then i run the following command:
sudo gcloud compute ssh myinstance
It succeeds on account1 and fails on account2 with the following error:
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. See https://cloud.google.com/compute/docs/troubleshooting#ssherrors for troubleshooting hints.
I can even run
sudo gcloud compute ssh account2#myinstance when login as account1 and it succeeds.
How to make gcloud compute ssh command on account2 executable?
Similar thing happens when i try to configure shh keys using config-ssh command. I can use ssh myinstance on account1 and get the following error on account2:
ssh: Could not resolve hostname myinstance: Name or service not known
Maybe the problem is that account1 is the creator of instance
Perhaps you forgot adding metadata to compute engine of account2
Related
For security concerns, needed to set GCP Compute Engine instance to not have External IP (external ip = None). In that case, it defaults to Identity Aware Proxy. IAP - to the same targets - does succeed from other machines, but not some in my data center.
Even after fully configuring gcloud logging in/authenticating and:
gcloud config set project $PROJECTNAME
gcloud config set compute/zone us-central1-c
then running: gcloud compute ssh $INSTANCENAME --tunnel-through-iap
Returns:
command-line: line 0: Bad configuration option: ProxyUseFdpass
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
Unclear whether this points to a ssh_config issue or something else, but this is not my area, so am a bit lost and not seeing other related things to this error. Any thoughts? The desired behavior is to not get the error on ProxyUseFdpass. And, for ssh to connect successfully.
I also ran gcloud compute ssh $INSTANCENAME --tunnel-through-iap --dry-run, and what gets returned match the results from successful places that connect.
Also, check if the "Private Google access" is turned-on for the subnet. This will allow the Google services to reach your VM. I had the same problem and turning on "Private Google access" solved the issue for me.
I am using ssh command to connect to one of the nodes in cluster from master node (google cloud shell)
$ kubectl get nodes
$ kubectl describe node gke-hello-server-default-pool-03b44665-ng8w
I selected the external IP and then tried using
ssh 35.247.97.140
Permission denied (publickey).
again below
where nodename is
ssh -i ~/.ssh/id_rsa.pub hostname#35.247.97.140
Permission denied (publickey).
But in both case I am getting permission denied.
Easiest way would be using
gcloud compute ssh --project [PROJECT_ID] --zone [ZONE] [INSTANCE_NAME]
to connect to an Linux instance.
There is a documentation available on cloud about Connecting to instances.
And if for some reasons that will not work you should navigate to GCP > Compute Engine > VM instances, choose the instance you wish to connect and click on ssh button.
This will connect you on your home user.
So you can add a new user to the system and generate ssh-key for it.
Here is a documentation about Managing SSH keys in metadata.
I'd like to solve the following problem using command line:
I'm trying to run the following PoC script from a GCE VM in project-a.
gcloud config set project project-b
gcloud compute instances create gce-vm-b --zone=us-west1-a
gcloud compute ssh --zone=us-west1-a gce-vm-b -- hostname
The VM is created successfully:
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
gce-vm-b us-west1-a n1-standard-16 10.12.34.56 12.34.56.78 RUNNING
But get the following error when trying to SSH:
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/google_compute_engine.
Your public key has been saved in /root/.ssh/google_compute_engine.pub.
The key fingerprint is:
...
Updating project ssh metadata...
.....................Updated [https://www.googleapis.com/compute/v1/projects/project-b].
>.done.
>Waiting for SSH key to propagate.
>ssh: connect to host 12.34.56.78 port 22: Connection timed out
>ERROR: (gcloud.compute.ssh) Could not SSH into the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
Running gcloud compute config-ssh hasn't changed anything in the error message. It's still ssh: connect to host 12.34.56.78 port 22: Connection timed out
I've tried adding a firewall rule to the project:
gcloud compute firewall-rules create default-allow-ssh --allow tcp:22
.
Creating firewall...
...........Created [https://www.googleapis.com/compute/v1/projects/project-b/global/firewalls/default-allow-ssh].
done.
NAME NETWORK DIRECTION PRIORITY ALLOW DENY
default-allow-ssh default INGRESS 1000 tcp:22
The error is now Permission denied (publickey).
gcloud compute ssh --zone=us-west1-a gce-vm-b -- hostname
.
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'compute.4123124124324242' (ECDSA) to the list of known hosts.
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
P.S. The project-a "VM" is a container run by Prow cluster (which is run by GKE).
"Permission denied (publickey)" means it is unable to validate the public key for the username.
You haven't specified the user in your command, so the user from the environment is selected and it may not be allowed into the instance gce-vm-b. Specify a valid user for the instance in your command according to the public SSH key metadata.
We have a VM Instance in Google Cloud that is being used by two user. We want to create another user the can be accessible by both. We chose the user ubuntu for that like in AWS. But the problem is we can login when running the following command.
gcloud compute --project "project" ssh --zone "us-east1-b" "gpunew3"
It's showing the following error.
ubuntu#35.196.254.72: Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
What can be the possible way to achieve this.
I suspect a key pair mismatch. Please run the follow command to remove the private key file:
rm .ssh/google_compute_engine
Then run your command to ssh again, which will recreate a new key pair.
I had the same problem before,and i fixed it by adding my public key in VM Instance and then connect to VM Instance by ssh like this
ssh VM External IP
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
I'm running a google cloud instance. I'm able to successfully connect to the instance via ssh.
But I'm not able to do the port forwarding to my localhost.
Here's the command I used:
ssh -L 16006:127.0.0.1:8080 username#instance_external_ip
When I run the above command , I get the following error
The authenticity of the host cannot be determined.
username#instance_external_ip : Permission Denied (public key)
How to solve this problem?
I found the answer for this question. The problem I had was that the server did not know the ssh keys. So, I did the following and it worked.
I deleted all the ssh keys in the my local machine and connect to my gcloud instance using the following command. gcloud command creates the ssh keys automatically and it transfers to the cloud ssh keys automatically. So, no need to manually copy paste the keys.
gcloud compute --project "project_name" ssh --zone "zone_name" "instance_name"
After this I connected to my instance using ssh. Before doing if you try to ssh tunnel , as the server won't be aware of the localhost, it will say permission denied on running ssh -L .....
Therefore, instead of directly connecting through ssh -L ... , connect along with ssh-key file stored in .ssh directory. Use the following command.
ssh -i ~/.ssh/google_compute-engine -L <ur localhost port number>:127.0.0.1:<remote_host_port> username#server_ip