I have google account that is not #gmail ; it is "XXXX#myUnuiversity.edu"
I created ubuntu instance in Google Cloud Platform
I want to use mobaXterm to connect to this instance:
I used:
ssh XXXX#myUnuiversity.edu#the_external_IP_for_the_insatnce
But, I got error
Permission denied (publickey).
This error can occur for several reasons. The following are some of the most common causes of this error:
1.- You used an SSH key stored in metadata to connect to a VM that has OS Login enabled. If OS Login is enabled on your project, your VM doesn't accept SSH keys that are stored in metadata.
To resolve this issue, try one of the following:
Connect to your VM using the Google Cloud Console or the gcloud command-line tool.
Add your SSH keys to OS Login.
Disable OS Login
2.- You used an SSH key stored in an OS Login profile to connect to a VM that doesn't have OS Login enabled. If you disable OS Login, your VM doesn't accept SSH keys that were stored in your OS Login profile.
To resolve this issue, try one of the following:
Connect to your VM using the Google Cloud Console or the gcloud command-line tool. .
Enable OS Login.
Add your SSH keys to metadata
3.- You connected using a third-party tool and your SSH command is misconfigured. If you connect using the ssh command but don't specify a path to your private key or you specify an incorrect path to your private key, your VM refuses your connection.
To resolve this issue, try one of the following:
Run the following command:
ssh -i PATH_TO_PRIVATE_KEY USERNAME#EXTERNAL_IP
Replace the following:
PATH_TO_PRIVATE_KEY: the path to your private SSH key file.
USERNAME: the username of the user connecting to the instance. If you manage your SSH keys in metadata, the username is what you specified when you created the SSH key. For OS Login accounts, the username is defined in your Google profile.
EXTERNAL_IP: The external IP address for your VM.
Here you can find the documentation from Google. https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh
This error can occur for several reasons
More details/solutions in the link below:
https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh#permission_denied
But the easiest way to connect via SSH client using the command-line, is to use gcloud using
gcloud compute ssh <YOUR_INSTANCE_NAME>
Below the doc explaining how to install gcloud (Google Cloud SDK) on windows
https://cloud.google.com/sdk/docs/install#windows
Related
I am not able to SSH into my GCP server . I have been getting Permission denied (publickey). I have tried by deleting all SSH keys, restarting the server, increased storage, up-used startup script, and tagged new firewall rules also but still unable to SSH into my server.
This document describes common errors that you may run into when connecting to virtual machine (VM) instances using SSH, ways to resolve errors, and methods for diagnosing failed SSH connections.
This error can occur for several reasons. The following are some of the most common causes of this error:
You used an SSH key stored in metadata to connect to a VM that has OS Login enabled. If OS Login is enabled on your project, your VM doesn't accept SSH keys that are stored in metadata. If you aren't sure if OS Login is enabled.
To resolve this issue, try one of the following:
Connect to your VM using the Google Cloud console or the Google Cloud CLI.
Add your SSH keys to OS Login
Disable OS Login.
Or
You can check this documentation as to how the same concern was resolved.
I am unable to connect to the VM of a compute engine instance.
My account is out of the organization, considering "a.man#company.com" as user, "wordpress-1-vm" as instance and "project-1" as project for example.
My SSH key is already existing, this is the same key for other servers.
At organization level, we added the roles/compute.osLoginExternalUser to my account and enable-oslogin was set to TRUE.
Now connecting with gcloud is ok.
gcloud compute ssh --zone "us-central1-c" "wordpress-1-vm" --tunnel-through-iap --project "project-1"
From the docs, I ran the command:
gcloud compute os-login ssh-keys add --key-file="D:\Path\to\key.pub" --project=project-1 --ttl=730d
According to gcloud command, my user should be "ext_a_man_company_com".
This should work but connecting to ext_a_man_company_com#instance-ip:22 using ppk on PuTTY is returning
"Server refused our key"
Disconnected: No supported authentication methods available (server sent: publickey)
How should I connect to this server ?
NB: I also tried by adding ssh key to metadata with no success.
You can try troubleshooting OS Login configuration using these instructions.
If you are trying to add the key directly via VM's metadata then you need to remember to turn off OS Login for this particular VM to make it work.
Assuming both options don't work then I recommend checking your putty configuration and making sure you're using the correct user. You should be able to see what is happening in sshd logs directly on your instance (logging via console or gcloud to gain access).
I am working on a TPU created on Google cloud. Today evening when I tried ssh into my TPU machine and I got the following error
XXX#ip-address: Permission denied (publickey).
Retrying: SSH command error: [/usr/bin/ssh] exited with return code [255]
I deleted keys from ~/.ssh/ folders and reran the SSH command. It generates public, private key in .ssh folder and I copied public key in the GCP => VM => Metadata.
I have replicated your issue in my test environment. I could create the TPU VM using the Cloud TPU VM and successfully logged into SSH using the gcloud command in Cloud Shell.
This error can occur for several reasons. The following are couple of the most common causes of this error:
If You use an SSH key stored in metadata to connect to a VM that has OS Login enabled.
If OS Login is enabled on your project, your VM doesn't accept SSH keys that are stored in metadata. To resolve this issue, you can try one of the following:
Connect to your VM using the Google Cloud Console or the gcloud command-line tool.
Add your SSH keys to OS Login. For more information, see Adding SSH keys to a user account.
Disable OS Login. For more information, see Disabling OS Login.
The firewall rule allowing SSH is missing or misconfigured.
By default, Compute Engine VMs allow SSH access on port 22. If the default-allow-ssh rule is missing or misconfigured, you won't be able to connect to VMs.
To resolve this issue, Check your firewall rules and re-add or reconfigure default-allow-ssh.
Refer to this link for more information on troubleshooting SSH.
I created GCP VM for one month and connect VM instance through GCP console via browser.It worked fine for past one month until VM restart. I did not create ssh key/edit metadata and very thing so far is used default setting. I cannot establish connection after VM restart. The browser kept prompt me cannot establish the connection. I can ping this VM from another VM through VPC. any advise on it. Thank in advance.
There are several ways to connect a Linux instance via the SSH. You can connect to an instance via the terminal. You can connect via the Cloud Console Web UI which is in general the most convenient way to connect to an instance. Also, you can use Google Cloud SDK and run below command to connect to an instance via SSH:
$ gcloud compute ssh [INSTANCE_NAME]
You can also use Cloud Shell to connect your instance from the Cloud Console web UI by using the same command as above. You can connect via the serial console using the Google Cloud Platform Console, the gcloud command-line tool, or a third-party SSH client.
The serial console authenticates users with SSH keys. Specifically, you must add your public SSH key to the project or instance metadata, and store your private key on the local machine from which you want to connect. There are other advanced methods to connect to an instance which you can find at this link.
By default, the gcloud compute command-line tool uses the $USER variable to add users to the /etc/passwd file for connecting to virtual machine instances using SSH. You can specify a different user using the --ssh-key-file PRIVATE_KEY_FILE flag when running the gcloud compute ssh command. Depending on your use case and convenience, you can use any method consistently.
If you fail to connect to your instance upon following these methods then I would suggest to check this troubleshooting page for SSH and follow the instruction that matches your use case.
I am using mac terminal and I want to connect my machine with server instance EC2 in aws with SSH. Since I am using Mac OS X is not necessary to use PUTTY. The problem is that when I download the key it is with extension .ppk but when i need to run it on terminal i need to use a command in which i have to use .pem extension . I tried to run it in that way and it said to me permission denied. Can someone help me what to do in this case? Do i have to change the permission or to convert my key from .ppk to .ppm?
You need to know the .pem file folder you download, and then follow steps below:
download the keypair(.pem file)
cd to keypair(.pem file) location (Note that you can use absolute path name for key pair instead)
chmod 400 [your_key_name].pem (Note that to make SSH work, your key must not be publicly viewable. Use this command if needed.)
ssh -i "[your_key_name].pem" ec2-user#[your ec2 dns name]
You will have to convert your "ppk" file to "pem" file follow this steps.
http://www.ramsmusings.com/2014/02/20/converting-a-putty-ppk-file-to-a-pem-file-for-accessing-aws-ec2-instances/
After you convert connect to the instance using the SSH command and converted "pem" file.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
Quick answer
Instead of working directly with SSH keys I would consider working with AWS ec2-instance-connect.
It saves you the the management of the SSH keys and is much safer then sharing SSH keys for each EC2 machine between team members.
After authentication with the aws credentials (by referring to a profile in .aws/config file or using environment variables ) you can connect to the instance very easily by providing the instance ID:
./bin/mssh <instance-ID>
Installation of this tool can be done via pip or directly from the github repo.
Additional information
Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH).
With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principles to control SSH access to your instances, removing the need to share and manage SSH keys.
When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes a one-time-use SSH public key to the instance metadata where it remains for 60 seconds. An IAM policy attached to your IAM user authorizes your IAM user to push the public key to the instance metadata.
The SSH daemon uses AuthorizedKeysCommand and AuthorizedKeysCommandUser, which are configured when Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance.
You can use Instance Connect to connect to your Linux instances using a
browser-based client,
the Amazon EC2 Instance Connect CLI,
or the SSH client of your choice.
(*) Amazon Linux 2 2.0.20190618 or later and Ubuntu 20.04 or later comes preconfigured with EC2 Instance Connect.
For other supported Linux distributions, you must set up Instance Connect for every instance that will support using Instance Connect. This is a one-time requirement for each instance.
Links:
Connect using EC2 Instance Connect
Securing your bastion hosts with Amazon EC2 Instance Connect