can't connect to instance via SSH

24,148 views
Skip to first unread message

Jackie LaGuardia

unread,
Feb 10, 2016, 7:05:08 AM2/10/16
to gce-discussion

I am just starting on google cloud, and have a trouble connecting to my instance via SSH. I ve launched a bitnami packaged magento site (runs on Debian 7). And when following google instructions (https://cloud.google.com/compute/docs/instances/connecting-to-instance) I run "gcloud compute ssh my-instance", it first generates keys on my local mashine, as said there, and also I ve mentioned that it generates keys in the compute engine metadata section. 

BUT then, when it is supposed to ask for a passphrase, it instead says: "Server refused our key. Fatal error: No supported authentication methods available (server sent: publickey)". That's it. If I type that command again, it just repeats. Did it many times, removed the keys, it generates them again, but makes no sense, as there is probably something I may have missed or didn't find in the instruction. I've found this question on stackoverflow: Cannot connect to Compute Engine instance via SSH, but I don't even get asked for the pass-phrase when generating key. It just jumps to an error. Will appreciate any help. Thanks!

George

unread,
Feb 10, 2016, 11:44:14 AM2/10/16
to gce-discussion
Hello Jackie,

Did you by any chance added any SSH key in the instance metadata, which is different than the project metadata? Keep in mind that the instance metadata overrides the project's metadata. If this is not the case, can run the following command on your local machine:

gcloud auth login 

Authenticate and try again. I hope this helps.

Sincerely,
George

Jackie LaGuardia

unread,
Feb 10, 2016, 2:36:51 PM2/10/16
to gce-discussion
Hello George, thank you for answering!

I am not sure about that. As I ve looked up now, I recognize it may be a cause, but I can't say exactly.
All the time I was looking to the project metadata, which is under the metadata tab. And yes, I ve tried command you re talking about, but without any success. I believe I am authorized at the moment when cloud SDK creates a key-pair, as I can see how keys are appearing in my User/.ssh folder on local mashine, and under the metadata tab of the project. 
You can see how many keys are in there. I have also tried delete all of those that got created during the process, but it didn't change anything.
 












I have now checked instance SSH Keys field, and it is empty. Are keys supposed to be generated in here?
I have also checked if that may have smth to do with firewall restrictions, but it's all good there too.
Will also mention, that tried to do this from another computer, without success either.

Maybe you have any other suggestions?
Thanks!

George

unread,
Feb 11, 2016, 10:59:10 AM2/11/16
to gce-discussion
Hello Jackie,

Have you tried to ssh from the cloud console? 

If SSHing from the cloud console is successful, then you can manually add the keys in the instance's authorized keys file. As there are some Google scripts (google-account-manager...) that run on the instance which can be " turned off " and didn't allow the key to propagate from the metadata to the instance. Therefore, running those scripts can fix the issue for future keys propagation. However, this is one of many reasons that can cause the issue that you are encountering. 

I hope this helps.

Sincerely,
George

Peter Coghill

unread,
Feb 15, 2016, 4:37:12 PM2/15/16
to gce-discussion
Hi George (Jackie you are not alone in your pain!) I'm having exactly the same issue.

SSH from the cloud console is fine.  But from windows cmd, no luck. The keys generate fine (in ~\.ssh) and they appear in the SSH key list of the project. But it refuses to connect - same error.

I've even tried to connect from a different VM (after gcloud init - and successful authentication) but no luck from their either...  In fact, I cant seem to ssh from windows to any of my vms.

Any help gratefully received!

George

unread,
Feb 15, 2016, 7:44:07 PM2/15/16
to gce-discussion
Hello Peter,

Thank you for the clarification.

I was able to reproduce the same issue that you are reporting. I will go ahead and file a bug to our engineering team for review.

As a workaround, you can use " PUTTY " and point it to use the generated key in the following location: C:\Users\YOUR_USER\.ssh which is the default location for the ssh keys on the Microsoft Windows instances.

I hope this helps.

Sincerely,
George

Peter Coghill

unread,
Feb 15, 2016, 8:04:17 PM2/15/16
to gce-discussion
George, thanks I'll give that a go in the AM.  I raised an issue here - https://code.google.com/p/google-cloud-sdk/issues/detail?id=546

Thanks.  PC

Peter Coghill

unread,
Feb 16, 2016, 4:19:29 AM2/16/16
to gce-discussion
Hi George, no luck with PuTTY either.... I added the key using pagenat, then tried to connect.  I had no luck with any of the usernames that seem to be registered on the server. e.g.
"peter"  - the default name that the server started with
"Peter" - my windows name


On Tuesday, 16 February 2016 00:44:07 UTC, George wrote:

George

unread,
Feb 16, 2016, 12:40:18 PM2/16/16
to gce-discussion
Hello Peter,

Here is what I did in order to workaround the issue:

1. Download the "Putty Gen"
2. Generate Public and Private keys. NB: enter your username in the "Key Comment".
3. Upload the Public Key to the "Project Metadata" from the cloud console, and into the instance "authorized keys" located in /home/USER/.ssh/authorized_keys
4. Download "Putty" and select the .ppk key generated by "Putty Gen"
5. SSH into the instance

I hope this helps.

Sincerely,
George

George

unread,
Feb 18, 2016, 9:39:19 AM2/18/16
to gce-discussion
Hello Jackie and Peter,

I was able to file a bug to our engineering team who are are looking into fixing the issue as a high priority. 

Thank you for your report. Keep in mind that Google strives on improving it's products and that your feedback helps us just do that.

Sincerely,
George

On Wednesday, February 10, 2016 at 7:05:08 AM UTC-5, Jackie LaGuardia wrote:

Jeff Campbell

unread,
Mar 18, 2016, 12:04:32 AM3/18/16
to gce-discussion
Hi George, I think I"m having a similar issue. I'm getting the error "Invalid key. Required format: <protocol> <key-blob> <user...@example.com> or <protocol> <key-blob> google-ssh {"userName":"<user...@example.com>","expireOn":"<date>"} "

But by following the exact instructions in the link below, the format generated by Putty is indeed different than that requested, and I'm not sure how to change it (I tried to manually make it the same format, but that didn't work either).

https://cloud.google.com/compute/docs/instances/connecting-to-instance#generatesshkeypairwindows

This is the public key, as pasted from puttygen:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkBRuokDams6wqbL/1AXGUKU4dLJLjnMBHMZFgeY2vckHavUV0onJRjOjk4LW2DgrcagGb94HuChOROOq+kRUkeJbkAbWlHtr5RuCJol+OGHhl9PhUBOyZKRskx+7Ouy2Nd3KNUKPU/fToDIEVqPx9Nk0mjjTQS0Kvy56nZUQvp4K8cNTn1m80FYfMIQ7MJn1SglqKJhXWxAVKMAq3ZUFf3o3OEEW37G6LNQ4OH7nVfDSntbRxd88E91wCqso5qYikSo5aE3lr97f9z5n5x1WEfZ4OoXse3+2CuezFVRbhb1uRB2OTpU1biog8DxS+++tFVTdCmY6n8wJPyTNmGu8WQ== rsa-key-20160318 asdf...@gmail.com

I tried to make it match the required format manually, resulting in the following, but that also didn't work:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAxVO9e18j+565X4pySFH/UfhJoHv9QIBAdoD7g8WtXs9z79rG8fQWi/xcGqf1mJiBTXHoejbPszgxjqlkiEwAFClpF3RdxrPiVqmG578XAplJbaF9hvT+8k/c4KhDY/k1E2GbzGnLFKLvN721BXaZ4xfkVVuDKhSewHX/Qzwb0bbw01ut10WP0R3krNjfvBA4XpidKmIjf64dvaOMCLulDakb15OZ0ie3THC6/9/KJdM1uoAJu1/N56ZFFkF0Dyeru3yix7bBwNkaB3UldBx5gcEpqzPf6fhBxWXbHMbKWYZgwexLWIlA82EP03jgQt7LjGCdaEThm8w2DYZMSqtIRQ== rsa-key-20160318 {"userName":"asdfasdf@gmail.com","expireOn":"2016-03-17T13:02:31+0000"}


Please advise, as I can't get into my server the way I want to, which is slowing me down.

Vijay Ranganathan

unread,
Apr 23, 2016, 12:58:31 AM4/23/16
to gce-discussion
I'm having a similar issue. Not able to connect through Putty. Is there a fix for this issue ?
 

Sujit Verma

unread,
Jun 13, 2017, 9:04:58 AM6/13/17
to gce-discussion
Facing same issue. I did the all steps of https://cloud.google.com/compute/docs/instances/connecting-to-instance#generatesshkeypair
ssh-keygen -t rsa -f ~/.ssh/my-ssh-key username
chmod 400 ~/.ssh/my-ssh-key
then I copy the content of my-ssh-key.pub file and paste it as a new item in the list of SSH keys.
now i am running below command but its not connecting to my instance - 
ssh -i ~/.ssh/my-ssh-key [USERNAME]@[IP_ADDRESS]

Thomas Johnson

unread,
Sep 19, 2017, 9:32:07 AM9/19/17
to gce-discussion
What was the response to the this command? 

ssh
-i ~/.ssh/my-ssh-key [USERNAME]@[IP_ADDRESS]

Dima Medvedev

unread,
Oct 23, 2017, 9:03:49 AM10/23/17
to gce-discussion
Anything new? Has someone mananged to resolve this issue?

Bishwarup Bhattacharjee

unread,
Oct 31, 2017, 4:37:57 PM10/31/17
to gce-discussion
My suggestion is not to open the key in any editor rather just do this in terminal:

cat ~/.ssh/<your-public-key>


Then copy the output to GCE console metadata add key window.
This works in Linux and Mac, not sure about Windows.

Andrew Ogah

unread,
Mar 8, 2018, 3:47:29 PM3/8/18
to gce-discussion
I had the issue earlier and this worked. Thank you.

Pankaj Singh

unread,
May 9, 2018, 9:23:29 AM5/9/18
to gce-discussion
Add public keys of the source host to the authorized section of the gc e instance and it should work.
Thanks
Pankaj

Tomer Sagi

unread,
Nov 1, 2018, 3:31:58 PM11/1/18
to gce-discussion
For me the issue was that I had a metadata setting enable-OS-login set to true which turns out disables private key login:

Josh Wortman

unread,
Jan 11, 2019, 7:50:38 PM1/11/19
to gce-discussion
Tomer is correct. I removed the enable-oslogin meta tag, reset my instance, and suddenly I could connect with Putty.

OMG Thank you Tomer for figuring this out.

Youssouf Sakaly

unread,
Jan 17, 2019, 11:38:45 AM1/17/19
to gce-discussion
Hello
I'am adressing the same issue on the GCP. I'am testing the plateform to know if we can use for our office ERP. No way to have access form Putty (Windows). Really disturbing beaucoup should be the first way for us to access to our machines.

Want to understand what you mean  buy reset : restart or complety reinit the VM...?

Regards,

Justin Reiners

unread,
Jan 17, 2019, 1:47:19 PM1/17/19
to Youssouf Sakaly, gce-discussion
a reboot should be fine.

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/ae008878-e346-4be6-ad46-f9306d682b7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Youssouf Sakaly

unread,
Jan 17, 2019, 2:53:56 PM1/17/19
to Justin Reiners, gce-discussion
Hello,
It does not work for me.  I tried many config and test my public/private key even in an other cloud and it's works.. (key generated in my linux machine on GCP I mean... )
image.png
--

Cordialement,
Youssouf Sakaly
BP 403 Bamako Mali
Tel 223 66 72 18 59

John (Cloud Platform Support)

unread,
Jan 17, 2019, 4:38:52 PM1/17/19
to gce-discussion
I understand that you are unable to log in to your instance using Putty in Windows. I just want to confirm with you if the steps you followed were these ones [1]. Additionally, you can check the following documentation [2] where you can find some extra information related to SSH troubleshoot for: firewall rules, testing the network, create a new user, etc. 

Make sure connect via the SSH browser[3]. Try executing the following commands on your Cloud Shell (Just replace INSTANCE-NAME and INSTANCE-ZONE): 
'gcloud compute ssh INSTANCE-NAME --zone=INSTANCE-ZONE --verbosity=debug' which will provide you with error which can help with debugging.

Also make sure you have enough disk space on your boot disk.


On Thursday, January 17, 2019 at 2:53:56 PM UTC-5, Youssouf Sakaly wrote:
Hello,
It does not work for me.  I tried many config and test my public/private key even in an other cloud and it's works.. (key generated in my linux machine on GCP I mean... )
image.png

Le jeu. 17 janv. 2019 à 18:47, Justin Reiners <jus...@hotlinesinc.com> a écrit :
a reboot should be fine.

On Thu, Jan 17, 2019 at 10:38 AM Youssouf Sakaly <ysa...@gmail.com> wrote:
Hello
I'am adressing the same issue on the GCP. I'am testing the plateform to know if we can use for our office ERP. No way to have access form Putty (Windows). Really disturbing beaucoup should be the first way for us to access to our machines.

Want to understand what you mean  buy reset : restart or complety reinit the VM...?

Regards,

Le samedi 12 janvier 2019 00:50:38 UTC, Josh Wortman a écrit :
Tomer is correct. I removed the enable-oslogin meta tag, reset my instance, and suddenly I could connect with Putty.

OMG Thank you Tomer for figuring this out.

On Thursday, November 1, 2018 at 12:31:58 PM UTC-7, Tomer Sagi wrote:
For me the issue was that I had a metadata setting enable-OS-login set to true which turns out disables private key login:

https://cloud.google.com/compute/docs/instances/managing-instance-access

On Monday, October 23, 2017 at 4:03:49 PM UTC+3, Dima Medvedev wrote:
Anything new? Has someone mananged to resolve this issue?

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.

Youssouf Sakaly

unread,
Jan 18, 2019, 3:05:42 PM1/18/19
to John (Cloud Platform Support), gce-discussion
Hello John,
Thank for your response.
[1] I used this process in the correct way [3] my ssh in browser is working also.

[2] Please see bellow results from this process :

ssh rule is activated
image.png
Not able to get the Public address from cli :
image.png
But I guess I've got it here :

image.png
About the user restriction I'am the owner of the project... adding to this I change the permission on authorized_keys file

image.png

I created a new instance and I able to connect to this one... the only difference between the 2 instances is the address IP which is persistent on the issued VM. I've also installed an application on the issued one that doesn't exist on in the new VM. But this application has noting to deal with ssh...

image.png

I have not tested yet to create a new instance and attached my old disk because I'am not really interested in this solution.

Regards,





Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.


--

Cordialement,
Youssouf Sakaly
BP 403 Bamako Mali
Tel 223 66 72 18 59

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/31647b0e-186d-4482-b0db-6470a5e7b1dc%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Rahi (Google Cloud Support)

unread,
Jan 22, 2019, 6:08:18 PM1/22/19
to gce-discussion
Hi Youssouf,

Would you please check if your generated key belongs to the accepted format or not? It is possible that you are unable to ssh from putty as key is not accepted due to format. When you are using putty, check whether the private key is OpenSSH format or PPK format. If your key is OpenSSH format (I assume yes as you said you created ssh key using linux), try to convert to ppk (you may use putty key-gen application) and try using converted private key in ppk format to SSH using putty.
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.


--

Cordialement,
Youssouf Sakaly
BP 403 Bamako Mali
Tel 223 66 72 18 59

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.

Xin Zhao

unread,
Feb 27, 2019, 11:10:12 AM2/27/19
to gce-discussion
That works for me! thx

在 2018年11月2日星期五 UTC+8上午3:31:58,Tomer Sagi写道:

Luke Schlather

unread,
Jul 12, 2019, 7:27:02 PM7/12/19
to gce-discussion
Is it possible to use OS Login with gcloud ssh on Windows?

I'm getting the same error but I'm a little confused by what the correct sequence of steps is to set up gcloud ssh so it works on Windows. There are a lot of conflicting suggestions on stackoverflow and other threads here.

Fady (Google Cloud Platform)

unread,
Jul 13, 2019, 7:46:39 PM7/13/19
to gce-discussion

The short answer is yes. The Cloud SDK (gcloud) SSH command would achieve just that when OS-Login is enabled, and even when using a Windows machine. However, OS-Login verifies the user’s Google account for IAM permissions as detailed in this open source Github description. Hence, you would have to verify that the user has the necessary IAM roles as per this document. In addition, the user should authenticate his account on his local Windows machine against the SDK. 


To further explain, and this is not limited to OS Login, the command is just a wrapper around an SSH client that “takes care of authentication and the translation of the instance name into an IP address” [1] . Using Linux, an SSH client is already built-in. However, using Windows, and depending on the Windows version, the SDK may either use the built in client, or use a third party client like Putty.  


I reproduced the above in my test environment where the command propagated the keys automatically, and launched Putty for me. Here [2] is a debug output that should explain the wrapping. That said, if you are getting a particular error, please post your question at serverfault.com where you have access to a large community of enthusiasts and experts to share ideas with and get support from. I hope this helps.


[2] 

gcloud compute ssh instance-1 --zone=us-central1-f --verbosity=debug 

DEBUG: Running [gcloud.compute.ssh] with arguments: [--verbosity: "debug", --zone: "us-central1-f", [USER@]INSTANCE: "instance-1"] 

Using OS Login user [REDACTED_google_com] instead of default user [REDACTED] 

DEBUG: SSH Known Hosts File [C:\Users\REDACTED\.ssh\google_compute_known_hosts] could not be opened: Unable to read file [C:\Users\REDACTED\.ssh\google_compute_known_hosts]: [Errno 2] No such file or directory: u'C:\\Users\\REDACTED\\.ssh\\google_compute_known_hosts' 

DEBUG: Running command [C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\bin\sdk\putty.exe -t -i C:\Users\REDACTED\.ssh\google_compute_engine.ppk REDACTED_...@35.x.x.x]. 

DEBUG: Executing command: [u'C:\\Program Files (x86)\\Google\\Cloud SDK\\google-cloud-sdk\\bin\\sdk\\putty.exe', u'-t', u'-i', u'C:\\Users\\REDACTED\\.ssh\\google_compute_engine.ppk', u'REDACTED_...@35.x.x.x'] 


Андрей Загороднев

unread,
Jul 15, 2019, 1:07:06 PM7/15/19
to gce-discussion


вторник, 16 февраля 2016 г., 23:40:18 UTC+6 пользователь George (Google Cloud Support) написал:
1. Download the "Putty Gen"
2. Generate Public and Private keys. NB: enter your username in the "Key Comment".
3. Upload the Public Key to the "Project Metadata" from the cloud console, and into the instance "authorized keys" located in /home/USER/.ssh/authorized_keys
4. Download "Putty" and select the .ppk key generated by "Putty Gen"
5. SSH into the instance
its work! 
My mistake was that I was using the wrong username. Taking the username from the console and inserting it into the Putty public key, everything worked according to your recipe.

Thanks George! 

Luke Schlather

unread,
Jul 15, 2019, 6:33:24 PM7/15/19
to gce-discussion
My output looks similar to yours, however I always get the key validation failing.

My understanding of gcloud ssh is that it should automatically create a key and add it to authorized_keys on the host. However that does not appear to be the case - I was able to manually ssh in via the console and add the key it generated to ~/.ssh/authorized_keys on the instance. I'm not sure why this was the case. With the same account it works flawlessly when I'm running gcloud ssh from an Ubuntu instance.
Reply all
Reply to author
Forward
0 new messages