SSH is a secure, remote access tool that allows you to connect to your Google Cloud Platform instance from any computer on the network. SSH is used to connect to your instance from a remote location, such as a workstation or home computer. To set up SSH for a Google Cloud Platform instance, you first need to create an account on the Google Cloud Platform website. After creating an account, you can use the following steps to set up SSH for your instance:

  1. In the Accounts page of the Google Cloud Platform website, click on the Add Account button and enter your name and email address.
  2. In the next step, you will be asked to provide a password for your account. You can choose any password that you have been issued by Google. If you do not have a password, you can create one by clicking on the Create Password button and entering a six-digit code into the text field.
  3. After providing your password and clicking on OK, you will be redirected to another page where you will be able to select which type of account (IaaS or PaaS) your cloud platform instance will use: IaaS or PaaS. If you choose IaaS, then you will need to provide an Amazon Web Services public key certificate (PKI) and an Amazon Web Services security group name (Groups). If you choose PaaS, then you will need only provide an Ubuntu 14 LTS hostname and port number (e.g., ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_config ).
  4. After selecting which type of account (IaaS or PaaS) your cloud platform instance will use in step 3, click on Next in the Accounts page and enter your desired settings for SSH: hostname , port number , user name , password . You can also specify whether or not sshd should run as root .

Google Cloud Platform is a competitor to AWS that makes running virtualized servers easy and cheap. Unfortunately for beginners, they have a novel approach to setting up SSH that requires some explanation and setup.

Quick SSH Access: Use the Console

If you need quick access, the simplest method is to click “SSH” from the GCP Compute Engine console. This will bring up a new Chrome window that will transfer keys and connect you to the instance.

This is provided because setting up SSH for a third-party client is a bit more involved than you’d expect. For other cloud providers like AWS, you’d select a private key pair, download that key pair, and connect to the instance as normal using ssh -i keyfile.

However, GCP decides to manage SSH keys using IAM roles and permissions. Rather than downloading a private key for the instance, you instead provide your key to your user account, and provide your key to the instance by setting up OS Login.

Of course, you can always manually add your SSH key to the authorized_keys file, which will solve the issue, but Google has set up OS Login for a reason, and it’s better to manage it this way rather than manually overriding the key management tools they’ve set in place.

Setting Up Your Own Keys With OS Login

The first step to setting up OS Login is to add your SSH keys to your user account. If you’re managing access for other people, you can use the Directory API, but if you’re linking your own account, you’ll want to use the gcloud CLI.

Download the installer and run it. The installer will open a new window allowing you to sign in to the Google account you wish to add the keys to. Once it’s done, run the following command in your terminal to add ~/.ssh/id_rsa.pub to your account’s keys:

OS Login is disabled by default, so you’ll need to enable it either project-wide or for specific instances. Under “Metadata” in the Compute Engine Console, add a new key pair with enable-oslogin as the key and TRUE as the value.

If your account is an IAM administrator, you should now be able to connect to any instances with OS Login turned on, using the private key you linked with your account.

However, if your account isn’t the owner, you’ll need a few IAM Permissions enabled to be able to access the instance:

roles/compute. osAdminLogin, which grants administrator permissions, or roles/compute. osLogin, which does not grant administrator permissions.

You can set either of these permissions at the instance level using IAM policy bindings.

Any new instances you create will automatically be accessible using the private key linked to your account, with no manual configuration required. If you’re giving out access to other users and need to revoke it in the future, you can simply revoke their IAM permissions, which will solve the issue without requiring a key rotations.