can't access compute instance, how is this done? what am I doing wrong?

[Thomas Walker Lynch]

I have an instance for which I am the owner role.  It is running and I can see the stats on the dashboard.  I want to ssh to it, but it isn't let me in.   What am I doing wrong here?  When I go to the dashboard and list instances there is a beautiful ssh button that promises to pull up a shell in a browser window.  It pops up in the browser but fails with a timeout.  The message may be seen at the bottom of this post  (The 'Click here' did not help).   When I use the gcloud sdk CLI from a local machine:

> gcloud compute config-ssh

WARNING: The public SSH key file for gcloud does not exist.

WARNING: The private SSH key file for gcloud does not exist.

WARNING: You do not have an SSH key for gcloud.

WARNING: SSH keygen will be executed to generate a key.

Generating public/private rsa key pair.

...

Updating project ssh metadata...⠼Updated [https://www.googleapis.com/compute/v1/projects/<project>].

Updating project ssh metadata...done.

You should now be able to use ssh/scp with your instances.

For example, try running:

  $ ssh <instance>

That looks good, but then:

>ssh <instance>

The authenticity of host '<machine>' can't be

established.  ECDSA key fingerprint is <fingerprint>.

Are you sure you want to continue connecting (yes/no/[fingerprint])?yes

Warning: Permanently added '<machine>' (ECDSA) to the list of known

hosts.  <local user>@<IP address instance>: Permission denied (publickey).

Now one thing is true, the <local user> name is unlikely to be a user on the remote instance, unless there is some sort of google magic that has been added.  I had expected a root shell rather than a user shell.

How is this done?

Connecting...

Transferring SSH keys to the VM.

The key transfer to project metadata is taking an unusually long time. Transferring instead to instance metadata may be faster, but will transfer the keys only to this VM. If you wish to SSH into other VMs from this VM, you will need to transfer the keys accordingly.

Click here to transfer the key to instance metadata. Note that this setting is persistent and needs to be disabled in the Instance Details page once enabled.

You can drastically improve your key transfer times by migrating to OS Login.

[Jad El Houssami]

Hello Thomas, 

There are a few things you can do troubleshoot the Permission denied (publickey) error message.

To start, you must ensure that you have properly authenticated yourself with gcloud using an IAM user with the compute instance admin role. You can do that by running gcloud auth login [USER] then try gcloud compute ssh again.

You can also verify that the Linux Guest Environment scripts are properly installed and running. Please refer to this page for information about validating, updating, or manually installing the guest environment.

Another possibility is that the private key was lost or that we have a mismatched keypair. To force gcloud to generate a new SSH keypair, you must first move ~/.ssh/google_compute_engine and ~/.ssh/google_compute_engine.pub if present, for example:

mv ~/.ssh/google_compute_engine.pub ~/.ssh/google_compute_engine.pub.old
mv ~/.ssh/google_compute_engine ~/.ssh/google_compute_engine.old

Once that is done, you may then try gcloud compute ssh [INSTANCE-NAME] again, a new keypair should be created and a public key will be added to the SSH keys metadata.

I hope that this helps point you in the right direction and please don’t hesitate to let us know if you’re still unable to SSH into it (don’t forget to share any new error messages that you may have encountered).

On a side note, since Google Groups are generally reserved for discussions and opinions about Google products, you may want to refer to Stack Exchange for how-to and technical questions since the answer-question format on those sites will give your question greater visibility.