Accessing GCP VMs
Google Cloud Platform has some fundamental variations as compared to other cloud providers when it comes to interaction with services, resources. Let’s talk about the Compute Engine — a processing offering by GCP. It can be used to launch virtual servers aka Virtual Machines often referred to as VM. These VMs can serve the purpose of website hosting, content distribution, data processing, etc. The procedure to launch a VM is pretty simple — you are given a form, you fill-up the necessary details, choose parameters from a set of predefined options and the VM will spin up on your command. The options to access these VMs, however, are slightly varying. We’ll try to explore a few basic of them below—
Direct Access option from GCP console —
The Compute Engine console panel enlists all the instances launched in a project. This list has a description option titled ‘Connect’. Under this, there are dedicated buttons for each VM instance. Depending upon the type of instance, we can observe “SSH” or “RDP” button associated. Upon clicking this instance, GCP initiates the tunnel connection to the destination instance by utilizing its Cloud IAP service. All of the procedure is automated. Within a few minutes, it connects the user with the instance. For SSH tunnels, the connection is rendered in a dedicated chrome browser window tab itself. For RDP connections, the view is rendered in the RDP client.
Leveraging CloudShell —
Cloudshell, an innovative command utility functionality introduced by Google Cloud is indeed a favorite of everyone due to its excellent management capabilities as well as gcloud tools. We can easily connect over an SSH tunnel from the CloudShell to VM instance by using the command -gcloud compute ssh [instance-name] --zone=[instance-zone]
The command can be extended with flags for specific instance communication. Note that this type of connection doesn’t require ssh keys or specialized authentication. Hence, one of the favorite options of admins.
Connecting from SSH client —
Both above methods are simple, straightforward, and need no extra steps to be taken. However, these methods cannot be used in the following scenarios -
- The user wants to connect to an instance in another GCP account.
- The user wants to access an instance from the local terminal.
- The user has set up a multi-cloud connection and wishes to access VM from a remote cloud instance
For any of the requirements listed above, we need to setup dedicated ssh keys access first as well as set up incoming network configuration. The keypair components can later be used to access the instance securely. Here’s how —
Generating ssh keypair for access setup —
First of all generate the SSH keys by using commands ssh-keygen. Locate the keys by navigating to the directory. Default directory for newly created ssh keys is -
~/.ssh/
The command generates a keypair i.e. one public key and one private key. We need to set the public key as an authorized key. Later we can use the private key to clear authorization and access the instance.
Go to the ~/.ssh directory and locate id_rsa file. Copy the content of this file and save them with a local text editor. You can name the text file as per your preference, however, try to restrict it to instance_name.pem format.
Also, locate id_rsa.pub file. Copy this file.
Setting up keys for access —
Go to GCP Console >> Compute Engine >> Metadata.
Go to “SSH keys” tab in metadata. Click on “Add item” and paste the id_rsa.pub file copied earlier.
Next, you need to configure firewall rules to allow traffic from the IP of the machine that you’ll be initiating the ssh tunnel from.
Now, go to your terminal and initiate ssh tunnel connection using regular connection command
ssh -i instance_name.pem username@ip_addressThe instance_name.pem here is the private key that we have saved from earlier. In case you want to use an ssh client, you can initiate the connection from such a client by using this same information.
Note: While using putty as ssh connection client, you’ll need to go through the .pem to .ppk key conversion procedure by using puttygen.exe utility.
