SSH Into Google Cloud Compute Engine Instance Using Secure Shell Client

by on September 23, 2013 · 4 comments· LAST UPDATED December 2, 2013

in , , ,

I need to set and test my web-app using Google cloud compute engine. How do I connect to an Instance Using ssh on Ubuntu Linux or Apple OS X based system?

Tutorial details
DifficultyIntermediate (rss)
Root privilegesNo
RequirementsLinux/OSX
Terminal
Estimated completion time10m
By default, you can always connect to an instance using ssh. This is useful so you can manage and configure your instances beyond the basic configuration enabled by gcutil or the REST API. The easiest way to ssh into an instance is to use gcutil command from your local Linux / OS X based systems. The following steps are required

  1. Install gcutil
  2. Authorize instance
  3. Verify instance status
  4. Create ssh keys
  5. Connect using gcutil or ssh client

Step #1: Install gcutil

gcutil runs on UNIX-based operating systems such as Linux and Mac OS X. To use gcutil, you must have Python 2.6.x or 2.7.x installed on your computer. gcutil does not support Python 3.x. Python is installed by default on most Linux distributions and Mac OS X. Open the Terminal and type the following command or to grab gcutil tool visiting this url.

Debian / Ubuntu / RHEL / CentOS Linux user type the following commands:

Open a terminal and type:
$ cd /tmp
$ wget https://google-compute-engine-tools.googlecode.com/files/gcutil-1.11.0.tar.gz
$ tar xvf gcutil-1.11.0.tar.gz
$ mv gcutil-1.11.0/ $HOME
$ export PATH=${PATH}:$HOME/gcutil-1.11.0
$ echo 'export PATH=${PATH}:$HOME/gcutil-1.11.0' >> $HOME/.bash_profile

Apple Mac OS X user type the following commands:

Open a terminal and type:
$ cd /tmp
$ curl -o gcutil-1.11.0.tar.gz https://google-compute-engine-tools.googlecode.com/files/gcutil-1.11.0.tar.gz
$ tar xvf gcutil-1.11.0.tar.gz
$ mv gcutil-1.11.0/ $HOME
$ export PATH=${PATH}:$HOME/gcutil-1.11.0
$ echo 'export PATH=${PATH}:$HOME/gcutil-1.11.0' >> $HOME/.bash_profile

See how to install gcutil tool to manage Google Compute Engine on Linux / Unix for more information.

Step #2: Authenticating to Google Compute Engine

The syntax is:

 
gcutil auth --project=YOUR-PROJECT-ID-HERE
 

If your project id is "apache-cluster", enter:

 
gcutil auth --project=apache-cluster
 

Sample outputs:

Fig.01: Authenticating to Google Compute Engine using gcutil command

Fig.01: Authenticating to Google Compute Engine using gcutil command


Open a web browser, and go to the specified URL. Click the Grant Access link. The page will display an authorization code. Copy this code. Paste the authorization code into the waiting gcutil auth terminal and press enter. Type the following command to cache project-id:

 
gcutil getproject --project=apache-cluster --cache_flag_values
 

Step #3: Verify instance status

Type the following command:
$ gcutil listinstances
Sample outputs:

Items in zones/us-central1-a:
+------+-------------------------------------+-------+----------------------------------------------+---------+---------------+-----------------+-------------------------+---------------+---------+----------------+
| name |            machine-type             | image |                    kernel                    | network |  network-ip   |   external-ip   |          disks          |     zone      | status  | status-message |
+------+-------------------------------------+-------+----------------------------------------------+---------+---------------+-----------------+-------------------------+---------------+---------+----------------+
| db1  | us-central1-a/machineTypes/f1-micro |       | projects/google/global/kernels/gce-v20130813 | default | 10.xxx.aa.zzz | 173.xxx.ccc.xy  | us-central1-a/disks/db1 | us-central1-a | RUNNING |                |
| db2  | us-central1-a/machineTypes/f1-micro |       | projects/google/global/kernels/gce-v20130813 | default | 10.xxx.bb.zzz | 173.xxx.ddd.vw | us-central1-a/disks/db2 | us-central1-a | RUNNING |                |
+------+-------------------------------------+-------+----------------------------------------------+---------+---------------+-----------------+-------------------------+---------------+---------+----------------+

Note: db1 and db2 are instances running in us-central1-a zone.

Step #4: Create ssh keys

The syntax is:

 
gcutil ssh {instance-name-here}
gcutil -zone={zone-name-here} ssh {instance-name-here}
 

In this example, connect to db1 instance using ssh:
$ gcutil ssh db1
OR
$ gcutil -zone=us-central1-a ssh db1
Sample outputs:

WARNING: Consider passing '--zone=us-central1-a' to avoid the unnecessary zone lookup which requires extra API calls.
INFO: Zone for db1 detected as us-central1-a.
WARNING: You don't have an ssh key for Google Compute Engine. Creating one now...
Enter passphrase (empty for no passphrase): TYPE-YOUR-PASSPHRASE-HERE
Enter same passphrase again: TYPE-YOUR-PASSPHRASE-HERE
INFO: Updated project with new ssh key. It can take several minutes for the instance to pick up the key.
INFO: Waiting 300 seconds before attempting to connect.

gcutil creates local files to store your public and private key, and copies your public key to the project. By default, gcutil stores ssh keys in the following files on your local system:

  • $HOME/.ssh/google_compute_engine - Your private key
  • $HOME/.ssh/google_compute_engine.pub - Your public key

Step #5: Connect using gcutil or ssh client

The syntax is:

 
gcutil ssh {instance-name-here}
 

OR

 
ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i $HOME/.ssh/google_compute_engine -A -p 22 $USER@TYPE-GOOGLE-COMPUTE-ENGINE-PUBLIC-IP-HERE
 

In this example, connect to the db1 instance using gcutil tool:

 
gcutil ssh db1
 

In this example, connect to the db1 (public ip 1.2.3.4) instance using ssh command:

 
ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i $HOME/.ssh/google_compute_engine -A -p 22 vivek@1.2.3.4
 

Sample sessions:

Fig.02: Connecting to an Instance Using ssh

Fig.02: Connecting to an Instance Using ssh

How do I login as root user?

For security reasons, the standard Google do not provide the ability to ssh in directly as root. The instance creator and any users that were added using the --authorized_ssh_keys flag or the metadata sshKeys value are automatically administrators to the account, with the ability to run sudo without requiring a password. Type the following command to switch to root user:

 
sudo -s
 

Sample session:

Fig.03: Root Access and Instance Administrators using the 'sudo -s' command on Google compute instance

Fig.03: Root Access and Instance Administrators using the 'sudo -s' command on Google compute instance

References:
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 4 comments… read them below or add one }

1 Wang Guan September 24, 2013 at 1:28 am

Thanks for sharing.

I feel the mismatched .tar.gz filenames in line {2,3} in OSX command example of Step #1 may be a typo.

Reply

2 nixCraft September 24, 2013 at 5:46 am

Thanks for the heads up! The faq has been updated.

Reply

3 Velodee December 2, 2013 at 4:53 am

$HOME/.bashr_profile should be $HOME/.bashrc_profile?

Reply

4 nixCraft December 2, 2013 at 9:11 am

The faq has been updated. I appreciate appreciate your post.

Reply

Leave a Comment

Tagged as: , , , , , ,

Previous Faq:

Next Faq: