如何获取新的Google Compute Engine实例的ssh密钥? [英] How to get the ssh keys for a new Google Compute Engine instance?

问题描述

我是来自Amazon EC2世界的新Google Cloud试用用户，我对如何通过ssh登录到新的Google Compute Engine VM实例感到困惑.

I'm a new Google Cloud trial user coming from the Amazon EC2 world and I'm totally baffled as to how I log in via ssh to a new Google Compute Engine VM instance.

我通过Google Cloud Web控制台(如果需要的话，从CentOS 6.x映像创建了一个新实例).我在创建表单上看到一个空白，可以在其中粘贴现有的ssh密钥，但是由于这是我的第一个实例，因此我还没有一个.我假设它将像Amazon EC2一样带领我完成密钥创建过程.没有.它似乎已经创建了实例，但是我不知道如何获取它的ssh密钥.实例网页上有一个显示为"ssh"的按钮，它使我可以通过模拟ssh会话的弹出式Web浏览器窗口短暂登录.但是，它只允许我进入用户级别的帐户，而不是root用户.弹出窗口中有一个菜单项可以更改用户，我将其更改为"root"，此后除了产生连接错误外什么都不做，现在我根本无法登录到实例.

I created a new instance via the Google Cloud web console (from a CentOS 6.x image, if that matters). I saw a blank on the creation form where I could paste in an existing ssh key but since this was my first instance, I didn't have one yet. I assumed it would take me through the key creation process like Amazon EC2 does. It didn't. It appears to have created the instance but I can't figure out how to get the ssh keys for it. The instance web page has a button that says "ssh" and it let me log in briefly via a pop-up web browser window that simulates an ssh session. However, it only let me in to a user-level account, not root. The pop-up had a menu item to change the user and I changed it to "root" after which it does nothing but generate connection errors and now I can't log into my instance at all.

我已经搜索过，但是找不到任何直接的文档来解释谷歌计算实例的这一方面.我已经搜索了Web控制台，但是找不到ssh密钥创建/选择机制，也找不到任何为实例创建或下载密钥的方法.

I've searched but can't find any straight-forward documentation that explains this aspect of google compute instances. I've searched the web console but can't find the ssh key creation/selection mechanism, nor any way to create or download the keys for an instance.

我是否必须在一端手动创建自己的ssh密钥，然后在创建过程中将其粘贴到表单中?还是我缺少其他明显的步骤?

Do I have to create my own ssh keys manually on my end and paste them into the form during creation or is there some other obvious step I'm missing?

推荐答案

默认情况下，新的Google Compute Engine(GCE)VM实例没有预先为其分配SSH密钥，因此您无法检索"它们不存在-由您决定要创建它们，或者使用gcloud这样的工具(请参见下文)，如果还没有SSH密钥，则会提示您创建它们.

By default, a new Google Compute Engine (GCE) VM instance does not have SSH keys pre-assigned to it, so you cannot "retrieve" them as they don't exist—it's up to you to create them, or use a tool like gcloud (see below) which will prompt you to create them if you don't have SSH keys yet.

您可以使用多种选择来连接到新创建的GCE VM.

You have several options for connecting to your newly-created GCE VM.

一种选择是使用开发人员控制台GUI中实例列表中该实例旁边的"SSH"按钮进行连接，这将打开一个浏览器窗口和该实例的终端会话.

One option is to connect using the "SSH" button in the Developer Console GUI next to the instance in the list of instances, which will open a browser window and a terminal session to the instance.

如果您想在命令行上通过SSH客户端进行连接，则可以使用gcloud工具( Google Cloud SDK ):

If you would like to connect via SSH client on the command-line, you can use gcloud tool (part of the Google Cloud SDK):

gcloud compute ssh example-instance

您可以在 gcloud compute ssh 帮助页面，以及几个示例.

You can see the full set of flags and options on the gcloud compute ssh help page, along with several examples.

如果您还没有SSH密钥，它将提示您创建它们，然后连接到实例.如果已经有了密钥，则可以使用现有的SSH密钥，它将将其传输到实例.

If you don't already have SSH keys, it will prompt you to create them and then connect to the instance. If you already have keys, you can use existing SSH keys, which it will transfer to the instance.

默认情况下，gcloud期望键位于以下路径:

By default, gcloud expects keys to be located at the following paths:

• $HOME/.ssh/google_compute_engine –私钥
• $HOME/.ssh/google_compute_engine.pub –公钥

• $HOME/.ssh/google_compute_engine – private key
• $HOME/.ssh/google_compute_engine.pub – public key

如果要使用gcloud重用来自其他位置的密钥，请考虑使用gcloud /compute/ssh"rel =" noreferrer> --ssh-key-file 标志.

If you want to reuse keys from a different location with gcloud, consider either making symlinks or pointing gcloud there using the --ssh-key-file flag.

注意:如果您根本不使用gcloud，则必须按照 Google云控制台.

Note: if you don't use gcloud at all, you have to manually add the SSH keys to the instance's metadata as described in Setting up ssh keys at the instance level which you can do via gcloud or manually via Google Cloud console.

您还可以使用ssh-keygen创建自己的密钥，这也是gcloud在幕后使用的键.您可以直接使用ssh 而不是gcloud来连接到实例您将需要指定额外的参数来做到这一点:

You can also create your own keys using ssh-keygen which is what gcloud will also use under the covers. You can connect to the instance using ssh directly instead of gcloud but you will need to specify extra parameters to do so:

ssh -i KEY_FILE -o UserKnownHostsFile=/dev/null \
    -o CheckHostIP=no -o StrictHostKeyChecking=no \
    USER@IP_ADDRESS

这将需要以下参数:

• KEY_FILE – [必需]密钥在计算机上存储的文件，例如~/.ssh/google_compute_engine.

• KEY_FILE – [Required] The file where the keys are stored on the computer, e.g., ~/.ssh/google_compute_engine.

USER – [必需]登录该实例的用户名.通常，这是运行gcloud compute的本地用户的用户名.

USER – [Required] The username to log in that instance. Typically, this is the username of the local user running gcloud compute.

IP_ADDRESS – [必需]实例的外部IP地址.

IP_ADDRESS – [Required] The external IP address of the instance.

有关更多详细信息，请参见 SSH文档.

For more details, see the SSH docs.

这篇关于如何获取新的Google Compute Engine实例的ssh密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！