Impossible to run gcloud ssh commands as the system user

[red 888]

Im trying to run gcloud commands as the system user (scheduled task).

It seems this is not possible because its trying to access this folder maybe? C:\Windows\system32\config\systemprofile.ssh\

It should not even need access to that folder because I passing everything in directly:

gcloud auth activate-service-account --key-file=path/to/key
gcloud compute scp --ssh-key-file=path/to/key --force-key-file-overwrite somefile.txt myinst:/tmp --zone us-east1-b
gcloud compute ssh --ssh-key-file=path/to/key --force-key-file-overwrite myinst --zone us-east1-b --command 'echo lskjdflksjdflsjdlfksdf'

But I get errors, this works if I login and do it as a regular user account:

Activated service account credentials for: [myse...@myprog-123.iam.gserviceaccount.com]
WARNING: The PuTTY PPK SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: Your SSH key files are broken.
PuTTY PPK key (NOT FOUND) [****.ppk]
private key   (OK)        [****]
public key    (NOT FOUND) [****.pub]
We are going to overwrite all above files.
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 50:d1:06:c7:xxxxxxxxxxxxxxxxxxxxxxxxxxxx
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) Server refused our key
FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
Updating project ssh metadata...
......................Updated [https://www.googleapis.com/compute/v1/projects/myprog-123].
done.
Waiting for SSH key to propagate.
ERROR: (gcloud.compute.scp) Could not SSH into the instance.  It is possible that your SSH key has not propagated to the instance yet. Try running this command again.  If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
Server refused our key
FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
ERROR: (gcloud.compute.ssh) [C:\google-cloud-sdk\bin\sdk\plink.exe] exited with return code [1].

The windows support for gcp commands in general is awful and almost unusable. I suspect this is a bug?

[Navi Aujla (Google Cloud Support)]

Hello 

Can you provide more information as following:

1. How are you scripting the gcloud commands?
2. Which tool in use to schedule the scripting?
3. File type in use for the scripting?

4. As you mentioned for the 'system user' it do not work and for 'normal user' it works fine, provide more information on these user types and permissions associated. 

If you can provide detail information on your use case with the replication steps, that would be really helpful in order to verify and testing. For information on gcloud command scripting, refer to this documentation link.

Moreover, if you are experiencing any general issue running 'gcloud' commands using Cloud SDK or wants to report bug, feel free to create an issue report using this link[1].

[1] https://cloud.google.com/support/docs/issue-trackers

[Mike Hardy]

Hi Navi, I am having a very similar issue. We want to automatically deploy our code from bitbucket to compute engine. I am authenticating with the default compute engine service account, and I have tried to authenticate with other accounts too but I am getting this error: 

ERROR: (gcloud.compute.ssh) Could not SSH into the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.

Permission denied (publickey).

lost connection

ERROR: (gcloud.compute.scp) [/usr/bin/scp] exited with return code [1].

1. Script:

gcloud compute ssh instance1 --zone us-central1-a --quiet --verbosity=info --command="gracefully shutdown processes" && \
gcloud compute scp ~/ instance1:~/ --zone us-central1-a --quiet --recurse --compress && \
gcloud compute ssh instance1 --zone us-central1-a --quiet --verbosity=info --command="start the services"

2. Bitbucket pipelines

3. yaml

4. I get the same error for all types of users. I don't have any errors when running this locally from my own gcloud account though.

[Mike Hardy]

I've also attempted to solve this by adding my public ssh key to the instance using ssh.

script:

            - echo $PRIVATE_SSH_KEY > ./ssh_key

            - chmod 400 ssh_key

            - ssh -t -t -i ssh_key bitbucket-service-account@<IP>

which, produces Permission denied (publickey).

However, if I use that exact command from my local machine, it works flawlessly. This is driving me mad. Surely, there must be a way to do this. 

[Karthick (Cloud Platform Support)]

Hello Mike, 

Thank you for your patience. I happened to find this instruction on how to setup SSH access and adding the public key to Bitbucket settings. I hope this helps. 

However, this seems like a question that would be better posted to https://stackoverflow.com/ with the right tags to seek assistance from bigger technical community, rather than a google discussion post. This isn't the right place to look for 1-on-1 support, being the forum meant for the general discussion of the platform.