Accessing Google Compute Engine as a different ssh user - google-cloud-platform

I ssh onto GCE and submit a job using the following command:
gcutil ssh vmName sh /bin/someScript.sh
This works fine. Now I'd like to run the job under a different user on the GCE, I tried:
gcutil ssh -ssh-key-file MY_SSH_KEY_FILE anotherUser#vmName sh /bin/someScript.sh
it didn't work throwing error: "FATAL Flags parsing error: option -s not recognized"
Can anybody tell me what's wrong in the command? or more things need to be done?

gcutil is deprecated, you should be using instead gcloud compute ssh
To make things easier you can try something like this :
sudo ssh -i /home/testuser/.ssh/google_compute_engine testuser#IP_address sh /script/script.sh
You need to make sure that your key for user "testuser" is added to the server in Developers Console > Compute Engine > your GCE instance > SSH Keys

Related

Why am I getting this permission denied error when I created the ec2 instance?

So I recently created a micro-tier EC2 instance on AWS. I ssh'd into the box with the *.pem key.
I issued a simple command like:
echo "deb http://www.rabbitmq.com/debian/ testing main" > /etc/apt/sources.list.d/rabbitmq.list and get an error:
-bash: /etc/apt/sources.list.d/rabbitmq.list: Permission denied
I tried touch /etc/apt/sources.list.d/rabbitmq.list
and get:
touch: cannot touch '/etc/apt/sources.list.d/rabbitmq.list': Permission denied
If I created the box, aren't I the root user? Or what are the permissions I have by default when I ssh in?
How do I make the above commands work?
If you've SSH'ed into the box you'll be the local user (such as e2-user or ubuntu). By default in Linux you cannot SSH to the root user.
You can confirm this by running the command whoami which will return your username.
Simply add sudo to the prefix of running the command so for example run the below.
sudo echo "deb http://www.rabbitmq.com/debian/ testing main" > /etc/apt/sources.list.d/rabbitmq.list

How to ssh to another server from GCP

I need ssh to another server with SSH from Google Cloud Build. I try run this. But it's not working. echo ${_KEY_STAGING} >> keyStaging && ssh -i keyStaging phihoang#${_SERVER_STAGING} -p 2222
Based on the error message that you are receiving:
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open. It is required that your private key files are NOT accessible by others
It is necessary to run the following command
chmod 600 /Users/tudouya/.ssh/vm/vm_id_rsa.pub
This command must be executed by the user tudouya and will be remove access for other users, fixing your issue.

VSCode open-ssh fail : AWS (SessionManagerPlugin is no found)

Thank you for reading.
I successfully set up the ssh config file to loggin to the AWS.
When I try to do ssh login in my local terminal, it works well, but when I try to do using my VSCode Open-SSH extension, it always fails except the first try.
The output is like this:
[18:38:25.400] Running script with connection command: ssh -T -D 53736 -o ConnectTimeout=15 -F <config> awsserver bash
[18:38:26.521] >
> SessionManagerPlugin is not found. Please refer to SessionManager Documentation here: http://docs.aws.amazon.com/console/systems-manager/session-manager-plugin-not-found
All aws commands are well reached from my terminal environment.
Thank you in advance.
I'm not familiar with the VSCode Open-SSH extension, but appears you are getting a message from Amazon's AWS CLI as if this command was being run:
aws ssm start-session --target i-0d2a6aaaaaaaa61c5
Rather than using ssh, is your extension perhaps configured to use Amazon SSM?

gcloud compute ssh stops

I am using gcloud ssh to connect gce.
> gcloud compute --project "first-medium-2****8" ssh --zone "us-east1-b" "instance-2"
I entered the above command to powershell ,but it replies
>Using username "hogehoge".
>Authenticating with public key "DESKTOP-****hogehoge"
and stops. Nothing happened after all.
Yesterday I did the same thing and there was no problem.
But today, I can't. I tried gcloud init and reinstalled the gcloud.
But nothing changed. What should I do to solve this problem?
Additonal information.
OS Windows10
Google Cloud SDK 237.0.0
PowerShell 5.1.17134.590
Putty 0.70 (only one installation)
note1:I found I could use cloud shell without problem.
But, cloud shell has timeout.So I prefer gcloud to cloud shell.
note2:When I use cloudshell, it connects as "tomotomo".
Not "hogehoge" which username when I use gcloud.
When I run "gcloud compute ssh VM_NAME --verbosity=debug --log-http"
it replies
>DEBUG: SSH Known Hosts File [C:\Users\hogehoge\.ssh\google_compute_known_hosts] could not be opened: Unable to read file
[C:\Users\hogehoge\.ssh\google_compute_known_hosts]: [Errno 2] No such file or directory: u'C:\\Users\\hogehoge\\.ssh\\goo
gle_compute_known_hosts'
DEBUG: Current SSH keys in project: [u'tomotomo:ssh-rsa AAAAB***
DEBUG: Running command [C:\Users\hogehoge\AppData\Local\Google\Cloud SDK\google-cloud-sdk\bin\sdk\putty.exe -t -i C:\User
s\hogehoge\.ssh\google_compute_engine.ppk hogehoge#3*****].
DEBUG: Executing command: [u'C:\\Users\\hogehoge\\AppData\\Local\\Google\\Cloud SDK\\google-cloud-sdk\\bin\\sdk\\putty.ex
e', u'-t', u'-i', u'C:\\Users\\hogehoge\\.ssh\\google_compute_engine.ppk', u'hogehoge#3*****']
It was very long, so I only extract which I think important.
Running
putty -cleanup
solves this problem.
Putty saves some information in registry.(IP address,public key and so on)
This command removes those registries and random seed file.
Running "putty -cleanup" as per #redpawn fixed the issue.

GCP: kubectl exec/logs fails to container on using UBUNTU as OS

I created a 2 node cluster with OS as UBUNTU.
After deploying a container, trying a kubectl exec or logs fail with following error :-
Error from server: error dialing backend: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user <username>
Please tell how to make it work.
Nodes are part of default pool only.
Steps to reproduce:-
gcloud container clusters create "gke-test-cluster" --image-type=UBUNTU --machine-type=n1-standard-2 --zone us-east1-c --num-nodes 2 --cluster-version=1.8
kubectl create -f https://k8s.io/docs/tasks/debug-application-cluster/shell-demo.yaml
kubectl get pod shell-demo
kubectl exec -it shell-demo -- /bin/bash
Error from server: error dialing backend: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user "gke-0c"?
kubectl logs shell-demo
Error from server: Get https://10.142.0.5:10250/containerLogs/default/shell-demo/nginx: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user "gke-0c"?
I am using my laptop for all CLI commands.
This issue has already been raised at:-
https://issuetracker.google.com/issues/77986235
https://serverfault.com/questions/907468/gcp-kubectl-exec-logs-fails-to-container-on-using-ubuntu-as-os/907882?noredirect=1#comment1177112_907882
I reproduced your issue, with your exact commands and it worked just fine. This has to be an issue due to something else (like the firewall, as in the issue tracker is suggested).
Actually, check to confirm you have these three firewall rules:
gke-gke-test-cluster-07424324-all ...
gke-gke-test-cluster-07424324-ssh ...
gke-gke-test-cluster-07424324-vms ...
About cloud shell and your laptop, there is no much difference, if you are correctly authenticated with Cloud SDK. So to say "This issue is also reproducible from gcp cloud-shell" doesn't really make sense.
If you do have the firewall rules, and don't have much done in the project, I would recommend you to create a new project and start over there.
It was some issue with size of project metadata. We cleaned it up and it worked.