can't connect to instance via SSH

[Jackie LaGuardia]

wn vote favorite

I am just starting on google cloud, and have a trouble connecting to my instance via SSH. I ve launched a bitnami packaged magento site (runs on Debian 7). And when following google instructions (https://cloud.google.com/compute/docs/instances/connecting-to-instance) I run "gcloud compute ssh my-instance", it first generates keys on my local mashine, as said there, and also I ve mentioned that it generates keys in the compute engine metadata section.  BUT then, when it is supposed to ask for a passphrase, it instead says: "Server refused our key. Fatal error: No supported authentication methods available (server sent: publickey)". That's it. If I type that command again, it just repeats. Did it many times, removed the keys, it generates them again, but makes no sense, as there is probably something I may have missed or didn't find in the instruction. I've found this question on stackoverflow: Cannot connect to Compute Engine instance via SSH, but I don't even get asked for the pass-phrase when generating key. It just jumps to an error. Will appreciate any help. Thanks!

[George]

Hello Jackie,

Did you by any chance added any SSH key in the instance metadata, which is different than the project metadata? Keep in mind that the instance metadata overrides the project's metadata. If this is not the case, can run the following command on your local machine:

gcloud auth login 

Authenticate and try again. I hope this helps.

Sincerely,

George

[Jackie LaGuardia]

Hello George, thank you for answering!

I am not sure about that. As I ve looked up now, I recognize it may be a cause, but I can't say exactly.

All the time I was looking to the project metadata, which is under the metadata tab. And yes, I ve tried command you re talking about, but without any success. I believe I am authorized at the moment when cloud SDK creates a key-pair, as I can see how keys are appearing in my User/.ssh folder on local mashine, and under the metadata tab of the project. 

You can see how many keys are in there. I have also tried delete all of those that got created during the process, but it didn't change anything.

 

I have now checked instance SSH Keys field, and it is empty. Are keys supposed to be generated in here?

I have also checked if that may have smth to do with firewall restrictions, but it's all good there too.

Will also mention, that tried to do this from another computer, without success either.

Maybe you have any other suggestions?

Thanks!

[George]

Hello Jackie,

Have you tried to ssh from the cloud console? 

If SSHing from the cloud console is successful, then you can manually add the keys in the instance's authorized keys file. As there are some Google scripts (google-account-manager...) that run on the instance which can be " turned off " and didn't allow the key to propagate from the metadata to the instance. Therefore, running those scripts can fix the issue for future keys propagation. However, this is one of many reasons that can cause the issue that you are encountering. 

I hope this helps.

Sincerely,

George

[Peter Coghill]

Hi George (Jackie you are not alone in your pain!) I'm having exactly the same issue.

SSH from the cloud console is fine.  But from windows cmd, no luck. The keys generate fine (in ~\.ssh) and they appear in the SSH key list of the project. But it refuses to connect - same error.

I've even tried to connect from a different VM (after gcloud init - and successful authentication) but no luck from their either...  In fact, I cant seem to ssh from windows to any of my vms.

Any help gratefully received!

[George]

Hello Peter,

Thank you for the clarification.

I was able to reproduce the same issue that you are reporting. I will go ahead and file a bug to our engineering team for review.

As a workaround, you can use " PUTTY " and point it to use the generated key in the following location: C:\Users\YOUR_USER\.ssh which is the default location for the ssh keys on the Microsoft Windows instances.

I hope this helps.

Sincerely,

George

[Peter Coghill]

George, thanks I'll give that a go in the AM.  I raised an issue here - https://code.google.com/p/google-cloud-sdk/issues/detail?id=546

Thanks.  PC

[Peter Coghill]

Hi George, no luck with PuTTY either.... I added the key using pagenat, then tried to connect.  I had no luck with any of the usernames that seem to be registered on the server. e.g.

"peter"  - the default name that the server started with

"Peter" - my windows name

On Tuesday, 16 February 2016 00:44:07 UTC, George wrote:

[George]

Hello Peter,

Here is what I did in order to workaround the issue:

1. Download the "Putty Gen"

2. Generate Public and Private keys. NB: enter your username in the "Key Comment".

3. Upload the Public Key to the "Project Metadata" from the cloud console, and into the instance "authorized keys" located in /home/USER/.ssh/authorized_keys

4. Download "Putty" and select the .ppk key generated by "Putty Gen"

5. SSH into the instance

I hope this helps.

Sincerely,

George

[George]

Hello Jackie and Peter,

I was able to file a bug to our engineering team who are are looking into fixing the issue as a high priority. 

Thank you for your report. Keep in mind that Google strives on improving it's products and that your feedback helps us just do that.

Sincerely,

George

On Wednesday, February 10, 2016 at 7:05:08 AM UTC-5, Jackie LaGuardia wrote:

[Jeff Campbell]

Hi George, I think I"m having a similar issue. I'm getting the error "Invalid key. Required format: <protocol> <key-blob> <user...@example.com> or <protocol> <key-blob> google-ssh {"userName":"<user...@example.com>","expireOn":"<date>"} "

But by following the exact instructions in the link below, the format generated by Putty is indeed different than that requested, and I'm not sure how to change it (I tried to manually make it the same format, but that didn't work either).

https://cloud.google.com/compute/docs/instances/connecting-to-instance#generatesshkeypairwindows

This is the public key, as pasted from puttygen:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkBRuokDams6wqbL/1AXGUKU4dLJLjnMBHMZFgeY2vckHavUV0onJRjOjk4LW2DgrcagGb94HuChOROOq+kRUkeJbkAbWlHtr5RuCJol+OGHhl9PhUBOyZKRskx+7Ouy2Nd3KNUKPU/fToDIEVqPx9Nk0mjjTQS0Kvy56nZUQvp4K8cNTn1m80FYfMIQ7MJn1SglqKJhXWxAVKMAq3ZUFf3o3OEEW37G6LNQ4OH7nVfDSntbRxd88E91wCqso5qYikSo5aE3lr97f9z5n5x1WEfZ4OoXse3+2CuezFVRbhb1uRB2OTpU1biog8DxS+++tFVTdCmY6n8wJPyTNmGu8WQ== rsa-key-20160318 asdf...@gmail.com

I tried to make it match the required format manually, resulting in the following, but that also didn't work:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAxVO9e18j+565X4pySFH/UfhJoHv9QIBAdoD7g8WtXs9z79rG8fQWi/xcGqf1mJiBTXHoejbPszgxjqlkiEwAFClpF3RdxrPiVqmG578XAplJbaF9hvT+8k/c4KhDY/k1E2GbzGnLFKLvN721BXaZ4xfkVVuDKhSewHX/Qzwb0bbw01ut10WP0R3krNjfvBA4XpidKmIjf64dvaOMCLulDakb15OZ0ie3THC6/9/KJdM1uoAJu1/N56ZFFkF0Dyeru3yix7bBwNkaB3UldBx5gcEpqzPf6fhBxWXbHMbKWYZgwexLWIlA82EP03jgQt7LjGCdaEThm8w2DYZMSqtIRQ== rsa-key-20160318 {"userName":"asdfasdf@gmail.com","expireOn":"2016-03-17T13:02:31+0000"}

Please advise, as I can't get into my server the way I want to, which is slowing me down.

[Vijay Ranganathan]

I'm having a similar issue. Not able to connect through Putty. Is there a fix for this issue ?

 

[Sujit Verma]

Facing same issue. I did the all steps of https://cloud.google.com/compute/docs/instances/connecting-to-instance#generatesshkeypair

ssh-keygen -t rsa -f ~/.ssh/my-ssh-key username

chmod 400 ~/.ssh/my-ssh-key

then I copy the content of my-ssh-key.pub file and paste it as a new item in the list of SSH keys.

now i am running below command but its not connecting to my instance - 

ssh -i ~/.ssh/my-ssh-key [USERNAME]@[IP_ADDRESS]

[Thomas Johnson]

What was the response to the this command? 

ssh -i ~/.ssh/my-ssh-key [USERNAME]@[IP_ADDRESS]

[Dima Medvedev]

Anything new? Has someone mananged to resolve this issue?

[Bishwarup Bhattacharjee]

My suggestion is not to open the key in any editor rather just do this in terminal:

cat ~/.ssh/<your-public-key>

Then copy the output to GCE console metadata add key window.

This works in Linux and Mac, not sure about Windows.

[Andrew Ogah]

I had the issue earlier and this worked. Thank you.

[Pankaj Singh]

Add public keys of the source host to the authorized section of the gc e instance and it should work.

Thanks

Pankaj

[Tomer Sagi]

For me the issue was that I had a metadata setting enable-OS-login set to true which turns out disables private key login:

https://cloud.google.com/compute/docs/instances/managing-instance-access

[Josh Wortman]

Tomer is correct. I removed the enable-oslogin meta tag, reset my instance, and suddenly I could connect with Putty.

OMG Thank you Tomer for figuring this out.

[Youssouf Sakaly]

Hello

I'am adressing the same issue on the GCP. I'am testing the plateform to know if we can use for our office ERP. No way to have access form Putty (Windows). Really disturbing beaucoup should be the first way for us to access to our machines.

Want to understand what you mean  buy reset : restart or complety reinit the VM...?

Regards,

[Justin Reiners]

a reboot should be fine.

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/ae008878-e346-4be6-ad46-f9306d682b7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Youssouf Sakaly]

Hello,

It does not work for me.  I tried many config and test my public/private key even in an other cloud and it's works.. (key generated in my linux machine on GCP I mean... )

--

Cordialement,
Youssouf Sakaly
BP 403 Bamako Mali
Tel 223 66 72 18 59

[John (Cloud Platform Support)]

I understand that you are unable to log in to your instance using Putty in Windows. I just want to confirm with you if the steps you followed were these ones [1]. Additionally, you can check the following documentation [2] where you can find some extra information related to SSH troubleshoot for: firewall rules, testing the network, create a new user, etc. 

Make sure connect via the SSH browser[3]. Try executing the following commands on your Cloud Shell (Just replace INSTANCE-NAME and INSTANCE-ZONE): 

'gcloud compute ssh INSTANCE-NAME --zone=INSTANCE-ZONE --verbosity=debug' which will provide you with error which can help with debugging.

Also make sure you have enough disk space on your boot disk.

[1] https://cloud.google.com/compute/docs/instances/connecting-advanced#thirdpartytools 

[2] https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh 

[3] https://cloud.google.com/compute/docs/ssh-in-browser

On Thursday, January 17, 2019 at 2:53:56 PM UTC-5, Youssouf Sakaly wrote:

Hello,

It does not work for me.  I tried many config and test my public/private key even in an other cloud and it's works.. (key generated in my linux machine on GCP I mean... )

Le jeu. 17 janv. 2019 à 18:47, Justin Reiners <jus...@hotlinesinc.com> a écrit :

a reboot should be fine.

On Thu, Jan 17, 2019 at 10:38 AM Youssouf Sakaly <ysa...@gmail.com> wrote:

Hello

I'am adressing the same issue on the GCP. I'am testing the plateform to know if we can use for our office ERP. No way to have access form Putty (Windows). Really disturbing beaucoup should be the first way for us to access to our machines.

Want to understand what you mean  buy reset : restart or complety reinit the VM...?

Regards,

Le samedi 12 janvier 2019 00:50:38 UTC, Josh Wortman a écrit :

Tomer is correct. I removed the enable-oslogin meta tag, reset my instance, and suddenly I could connect with Putty.

OMG Thank you Tomer for figuring this out.

On Thursday, November 1, 2018 at 12:31:58 PM UTC-7, Tomer Sagi wrote:

For me the issue was that I had a metadata setting enable-OS-login set to true which turns out disables private key login:

https://cloud.google.com/compute/docs/instances/managing-instance-access

On Monday, October 23, 2017 at 4:03:49 PM UTC+3, Dima Medvedev wrote:

Anything new? Has someone mananged to resolve this issue?

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 

Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/ae008878-e346-4be6-ad46-f9306d682b7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Youssouf Sakaly]

Hello John,

Thank for your response.

[1] I used this process in the correct way [3] my ssh in browser is working also.

[2] Please see bellow results from this process :

ssh rule is activated

Not able to get the Public address from cli :

But I guess I've got it here :

About the user restriction I'am the owner of the project... adding to this I change the permission on authorized_keys file

I created a new instance and I able to connect to this one... the only difference between the 2 instances is the address IP which is persistent on the issued VM. I've also installed an application on the issued one that doesn't exist on in the new VM. But this application has noting to deal with ssh...

I have not tested yet to create a new instance and attached my old disk because I'am not really interested in this solution.

Regards,

Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/ae008878-e346-4be6-ad46-f9306d682b7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Cordialement,
Youssouf Sakaly
BP 403 Bamako Mali
Tel 223 66 72 18 59

--

© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 

Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/31647b0e-186d-4482-b0db-6470a5e7b1dc%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Rahi (Google Cloud Support)]

Hi Youssouf,

Would you please check if your generated key belongs to the accepted format or not? It is possible that you are unable to ssh from putty as key is not accepted due to format. When you are using putty, check whether the private key is OpenSSH format or PPK format. If your key is OpenSSH format (I assume yes as you said you created ssh key using linux), try to convert to ppk (you may use putty key-gen application) and try using converted private key in ppk format to SSH using putty.

Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/ae008878-e346-4be6-ad46-f9306d682b7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Cordialement,
Youssouf Sakaly
BP 403 Bamako Mali
Tel 223 66 72 18 59

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 

Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/31647b0e-186d-4482-b0db-6470a5e7b1dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Xin Zhao]

That works for me! thx

在 2018年11月2日星期五 UTC+8上午3:31:58，Tomer Sagi写道：

[Luke Schlather]

Is it possible to use OS Login with gcloud ssh on Windows?

I'm getting the same error but I'm a little confused by what the correct sequence of steps is to set up gcloud ssh so it works on Windows. There are a lot of conflicting suggestions on stackoverflow and other threads here.

[Fady (Google Cloud Platform)]

The short answer is yes. The Cloud SDK (gcloud) SSH command would achieve just that when OS-Login is enabled, and even when using a Windows machine. However, OS-Login verifies the user’s Google account for IAM permissions as detailed in this open source Github description. Hence, you would have to verify that the user has the necessary IAM roles as per this document. In addition, the user should authenticate his account on his local Windows machine against the SDK. 

To further explain, and this is not limited to OS Login, the command is just a wrapper around an SSH client that “takes care of authentication and the translation of the instance name into an IP address” [1] . Using Linux, an SSH client is already built-in. However, using Windows, and depending on the Windows version, the SDK may either use the built in client, or use a third party client like Putty.  

I reproduced the above in my test environment where the command propagated the keys automatically, and launched Putty for me. Here [2] is a debug output that should explain the wrapping. That said, if you are getting a particular error, please post your question at serverfault.com where you have access to a large community of enthusiasts and experts to share ideas with and get support from. I hope this helps.

[2] 

gcloud compute ssh instance-1 --zone=us-central1-f --verbosity=debug 

DEBUG: Running [gcloud.compute.ssh] with arguments: [--verbosity: "debug", --zone: "us-central1-f", [USER@]INSTANCE: "instance-1"] 

Using OS Login user [REDACTED_google_com] instead of default user [REDACTED] 

DEBUG: SSH Known Hosts File [C:\Users\REDACTED\.ssh\google_compute_known_hosts] could not be opened: Unable to read file [C:\Users\REDACTED\.ssh\google_compute_known_hosts]: [Errno 2] No such file or directory: u'C:\\Users\\REDACTED\\.ssh\\google_compute_known_hosts' 

DEBUG: Running command [C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\bin\sdk\putty.exe -t -i C:\Users\REDACTED\.ssh\google_compute_engine.ppk REDACTED_...@35.x.x.x]. 

DEBUG: Executing command: [u'C:\\Program Files (x86)\\Google\\Cloud SDK\\google-cloud-sdk\\bin\\sdk\\putty.exe', u'-t', u'-i', u'C:\\Users\\REDACTED\\.ssh\\google_compute_engine.ppk', u'REDACTED_...@35.x.x.x'] 

[Андрей Загороднев]

вторник, 16 февраля 2016 г., 23:40:18 UTC+6 пользователь George (Google Cloud Support) написал:

1. Download the "Putty Gen"

2. Generate Public and Private keys. NB: enter your username in the "Key Comment".

3. Upload the Public Key to the "Project Metadata" from the cloud console, and into the instance "authorized keys" located in /home/USER/.ssh/authorized_keys

4. Download "Putty" and select the .ppk key generated by "Putty Gen"

5. SSH into the instance

its work! 

My mistake was that I was using the wrong username. Taking the username from the console and inserting it into the Putty public key, everything worked according to your recipe.

Thanks George! 

[Luke Schlather]

My output looks similar to yours, however I always get the key validation failing.

My understanding of gcloud ssh is that it should automatically create a key and add it to authorized_keys on the host. However that does not appear to be the case - I was able to manually ssh in via the console and add the key it generated to ~/.ssh/authorized_keys on the instance. I'm not sure why this was the case. With the same account it works flawlessly when I'm running gcloud ssh from an Ubuntu instance.