If you use Google Compute Engine to run your applications, you might want to allow specific users to access your instances via SSH. You must add an authorized key to your Google Compute Instance.
This article will guide you through the steps required to add an authorized key to your Google Compute Instance.
Google Compute Engine is a powerful cloud computing platform that allows you to run your applications on virtual machines (VMs).
VM instances are preconfigured templates allowing you to create and run instances quickly.
You can configure and manage your instances using the Google Cloud console or the command-line interface.
Setting up your Authorized Key:
Now that you have generated an SSH key pair, you must add your public key to a Google Compute Engine instance.
Doing this will allow you to connect to the instance using your private key.
There are a few ways to accomplish this, but we will use the Google Cloud Platform Console. If you have not already done so, please head to Google Cloud Console and create a project.
Once your project is created, select Compute Engine from the left-hand menu and then click on Metadata. At the top of the page, select SSH Keys from the drop-down menu and then click on Add Item.
In the popup box, enter your key’s name and paste your public key into the value field. Include the ssh-rsa prefix and the trailing comment with your email address. When you are finished, click Add.
You should now see your new SSH Key listed under SSH Keys. You can add keys by repeating these steps or edit/delete existing keys by clicking the respective buttons next to each entry.
Managing SSH Keys with the Metadata API
You can use the Metadata API to manage your SSH keys for Google Compute Engine. The Metadata API enables you to add, remove, and list SSH keys for your project’s instances.
You can also use the Metadata API to specify which SSH keys should be used for a particular instance.
Adding an authorized key:
To add an authorized key, you’ll need to specify the following values in your request:
- The name of the instance where you want to add the SSH key.
- The public key that you want to add. This should be in the standard ssh-rsa format.
- A fingerprint of the public key. This can be generated using the ssh-keygen command.
Removing an authorized key:
To remove an authorized key, you’ll need to specify the following values in your request:
- The name of the instance where you want to remove the SSH key.
- The public key that you want to remove. This should be in the standard ssh-rsa format.
- A fingerprint of the public key. This can be generated using the ssh-keygen command line tool.
Creating a Key Pair
Google Compute Engine uses public-key cryptography to encrypt and decrypt login information.
Your private key is stored on your local computer and should be kept safe and secure. Your public key is uploaded to Google Compute Engine and used to authenticate your login.
You will need to use a tool such as ssh-keygen to generate a key pair. This will create a private and public key pair to upload to Google Compute Engine.
When creating your key pair, it is essential to use a strong passphrase. A strong passphrase is challenging to guess or brute force.
Combining upper and lowercase letters, numbers, and symbols is an excellent way to create a strong passphrase.
Once you have generated your key pair, you must upload the public critical portion to Google Compute Engine.
You can log into the Google Cloud Platform Console and visit the VM Instances page.
From there, select the instance you want to add the authorized key for and click the Edit button. In the Authorized Keys section, paste your public key and click Save.
Setting the Keystone and SSH Keyring
Before adding an authorized key to your Google Compute Engine instance, you must set up a keystone and SSH keyring. Here’s how:
- Create a new file called “keystone” in your home directory. $ touch ~/keystone
- Add the following lines to the file, replacing ” and ” with the appropriate values for your account: [auth]
- Save and close the file.
- Create a new SSH key pair using ssh-keygen: $ ssh-keygen -t rsa -f ~/.ssh/ -C @
- Enter a passphrase when prompted. This will be used to encrypt your private key; make sure to choose a strong passphrase that you won’t forget! $ enter passphrase: *
confirm passphrase: *
- Next, we’ll add our newly generated public key to the Google Compute Engine instance. Log into the GCE console, select the project containing your instance, and click on the “Compute” tab. Then, click “Networking,” followed by “SSH Keys.” Click on the “Add SSH Key” button.
- In the “Name” field, enter a memorable name for the key. In the “Public Key” field, enter the content of your public key (located at ~/.ssh/id_rsa.pub) and click “Add.”
- Finally, save your SSH keyring using ssh-add: $ ssh-add ~/.ssh/
Verifying the Public Key
Assuming you have generated a public/private key pair, the next step is to verify the public key. There are two main ways to do this:
- Manually check the SSH fingerprint: When you connect to a server for the first time, you will be presented with an SSH fingerprint. Compare this fingerprint to the one listed on the server’s website or in its documentation. If they match, you can be confident that you are connecting to the correct server.
- Use a known_hosts file: A known_hosts file contains a list of all the servers you have previously connected to. When you connect to a new server, its fingerprint will be compared against the fingerprints in your known_hosts file. If there is a match, you can connect without any warnings. If there is no match, you will receive a warning and will be given the option to continue or cancel the connection.
How to Add an Authorized Key to Google Compute Instance
To add an authorized key to your Google Compute Instance, you need to follow these steps:
- Log in to your Google Cloud console and navigate the VM instances page.
- Select the instance you want to add an authorized key and click the “Edit” button.
- Scroll to the “SSH Keys” section and click the “Add item” button.
- In the text box, paste the public key you want to add.
- Click the “Save” button to save the changes.
That’s it! Now you have added an authorized key to your Google Compute Instance, which you can use to log in via SSH.
It’s worth noting that SSH keys consist of public and private keys. The public key is added to your Google Compute Instance, while the private key is kept on your local machine.
When you log in via SSH, your local machine uses the private key to authenticate with the public key on the instance.
To create an SSH key, you can use the ssh-keygen command on your local machine. This will generate a public/private key pair that you can use to authenticate with your Google Compute Instance.
In addition to adding an authorized key to your instance, you can view and manage your instance metadata from the Google Cloud console.
Instance metadata is a collection of information about your instance available to applications running on the instance.
To view your instance metadata, you can use the following command in the Cloud console:
curl "http://metadata.google.internal/computeMetadata/v1/instance/?recursive=true" -H "Metadata-Flavor: Google"
This will display a list of all the metadata associated with your instance.
If you want to make your SSH key project-wide, add it to your project’s “Metadata” section. This will allow you to use the same SSH key across all of the instances in your project.
In conclusion, adding an authorized key to your Google Compute Instance is straightforward.
Following the steps outlined in this article, you can quickly add an SSH key to your instance and allow specific users to access it.
Remember to keep your private key safe and secure and to configure your instance metadata as required. With these best practices in mind, you can confidently enjoy the benefits of Google Compute Engine.