How to setup SSH key based access on Google Compute Engine

by Ruchira on May 23, 2013

ssh-crypt

If you are a Linux newbie and if you are used to Amazon EC2 or any other VPS control panels, Google Compute Engine terminal system will be confusing for you. Google Compute Engine uses Google’s own tool called gcutil tool to manage Compute Engine and its resources. Not only using it but configuring it is bit hard for the newbies. And you wont ever need that if you are just running one or few VMs and not going to unleash the total abilities of Compute Engine.

There is no way to set a root password’s on VM’s from the Console like you do on control panels like SolusVM but you can use SSH keys to access the terminal without ever touching gcutils. Here’s how to do it,

Create SSH key pair

First we need to create SSH key pair on our computer. On this guide I’ll detail how you can do this on a Linux desktop or MacOSX, I don’t have access to Windows computer at the moment to explain it on Windows. However generating key pair on Windows is very easy. Use Puttygen, Google will find you many tutorials about that.

Log in to your Ubuntu desktop or any other Linux or OSX computer that you use to access the Compute Engine VM’s. Open up the terminal.

If you never generated SSH keys before, follow the guide below. If you have generated keys before to use on any other services and never saved the keys on a safe place, entering below commands will overwrite your keys so backup the old keys first or you will loose access to previously configured servers.

Open up the terminal of your desktop/workstation and enter below command to generate keys

ssh-keygen -t rsa

This will generate RSA crypto SSH keys for you and it will ask you where to save it, You can leave the default location and press enter, If your system already have configured keys it will ask to overwrite, press”y” and enter. When it asks for passphrase enter a strong password.
ssh-keys
Now keys are generated. To view your public and private key just type

cat /home/ruchira/.ssh/id_rsa.pub

and

cat /home/ruchira/.ssh/id_rsa

Of course you need to replace the above commands with your own commands which are mentioned when you were generating the key.

ssh-public-private

Now you need to save these keys on a safe place because if you loose these keys, you will loose access to your VM. So copy and paste these keys to text file and save it on a safer and secure place.

Setup SSH keys on Compute Engine Console

Its easy to setup SSH key based access on Compute Engine console. When you are creating the new instances you need to specify they keys as metadata like shown below

 

google-compute-metadataEnter “sshKeys” on the first box of metadata and on the second box you need to add your user name that you wish to setup on the server and the public key like below and follow the normal creation process.

ruchira: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCicJSPZ0nnpo2nXfNFHdrnduGhsf7fTGDkLGhzboX8AEUqk1vyA2NMr5RhlAsqobeNjMwgzsKu8yt5vKTSr/ohWDXP3YeOzLUDslS24esG2abkBTPt5dNKOcdBH1O0pvwznNLPsPzy1lqQJCywmu/bBOyfuuzlfIgsEgbKCrOLg96ju3WqriwTrCz3V8zn5DeNZSpcX7VZjm8vkoAqDNVkLhPq0he6n6tBZg7fP0Euzt3Ug8OHVaTpYLtdXzu6HemVn0jx/7WqJELiKw6QFTW3CsYlekyiUgxoETMBBGuGa/W5ZmfDoQTFCvNfwZYxw+1RkWRuFJtM9nJuhyRrY2rF ruchira@PC

Congratulations you have just setup SSH key based access on Google Compute Engine. Now you can access your VM by your desktop’s terminal with the user name that you have specified on metadata. Just

ssh ruchira@XXXX.XXXX.XXXX.XXXX

And it will take you to your VM’s terminal console.

I'm Ruchira Sahan and all posts on this blog are completely my thoughts and writings. I love DIY and Technology. So feel free to contact me for anything about this blog and don't forget to add a comment if this blog helped you! Thanks
Ruchira
View all posts by Ruchira

Last 5 posts by Ruchira

  • dungnguyen

    Hello Ruchira

    Thanks for your writing, I add key value to metadata value blank and then when connect the cygwin terminal tell me Permission denied (publickey), I dont know how to fix it. Please help me?

Previous post:

Next post: