如何访问 Google Cloud Platform Compute Engine VM 实例的 SSH 密钥? [英] How to access SSH keys for a Google Cloud Platform Compute Engine VM instance?
问题描述
我通过 Google Cloud 网络控制台从 CentOS 6.x 映像创建了一个新实例.我在创建表单上看到一个空白,我可以在其中粘贴现有的 SSH 密钥;因为这是我的第一个实例,我还没有.我认为它会像 Amazon EC2 一样带我完成密钥创建过程.没有.
I created a new instance via the Google Cloud web console from a CentOS 6.x image. I saw a blank on the creation form where I could paste in an existing SSH key; since this was my first instance, I didn't have one yet. I assumed it would take me through the key creation process like Amazon EC2 does. It didn't.
该实例似乎已创建,但我不知道如何为其获取 SSH 密钥.实例网页有一个按钮,上面写着SSH".它让我通过一个模拟 SSH 会话的弹出式 Web 浏览器窗口简要登录.但是,它只让我进入用户级帐户,而不是 root.弹出窗口有一个菜单项可以更改用户,将其更改为 root 只会产生连接错误.现在我根本无法登录我的实例!
The instance appears to be created, but I can't figure out how to get the SSH key for it. The instance web page has a button that says "SSH" and it let me log in briefly via a pop-up web browser window that simulates an SSH session. However, it only let me into a user-level account, not root. The pop-up had a menu item to change the user and changing it to root does nothing but generate connection errors. Now I can't log into my instance at all!
我已经搜索过,但找不到任何解释 Google Compute 实例这方面的直接文档.
I've searched but can't find any straight-forward documentation that explains this aspect of Google Compute instances.
我是否必须手动创建自己的 SSH 密钥并在创建实例期间将它们粘贴到表单中?是否有我遗漏的明显步骤?
Do I have to create my own SSH keys manually and paste them into the form during instance creation? Is there an obvious step I'm missing?
推荐答案
默认情况下,新的 Google Compute Engine (GCE) VM 实例没有预先分配 SSH 密钥,因此您无法检索"它们,因为它们不存在 - 由您来创建,或者使用像 gcloud(见下文)这样的工具,如果您还没有 SSH 密钥,它会提示您创建它们.
By default, a new Google Compute Engine (GCE) VM instance does not have SSH keys pre-assigned to it, so you cannot "retrieve" them as they don't exist—it's up to you to create them, or use a tool like gcloud (see below) which will prompt you to create them if you don't have SSH keys yet.
您可以通过多种方式连接到新创建的 GCE 虚拟机.
You have several options for connecting to your newly-created GCE VM.
一种选择是使用开发者控制台 GUI 中实例列表中实例旁边的SSH"按钮进行连接,这将打开浏览器窗口和与实例的终端会话.
One option is to connect using the "SSH" button in the Developer Console GUI next to the instance in the list of instances, which will open a browser window and a terminal session to the instance.
如果您想在命令行上通过 SSH 客户端进行连接,您可以使用 gcloud 工具(Google Cloud SDK):
If you would like to connect via SSH client on the command-line, you can use gcloud tool (part of the Google Cloud SDK):
gcloud compute ssh example-instance
您可以在 gcloud 上查看全套标志和选项计算 ssh 帮助页面,以及几个示例.
You can see the full set of flags and options on the gcloud compute ssh help page, along with several examples.
如果您还没有 SSH 密钥,它会提示您创建它们,然后连接到实例.如果您已有密钥,则可以使用现有的 SSH 密钥,它将传输到实例.
If you don't already have SSH keys, it will prompt you to create them and then connect to the instance. If you already have keys, you can use existing SSH keys, which it will transfer to the instance.
默认情况下,gcloud 期望密钥位于以下路径:
By default, gcloud expects keys to be located at the following paths:
$HOME/.ssh/google_compute_engine– 私钥$HOME/.ssh/google_compute_engine.pub– 公钥
$HOME/.ssh/google_compute_engine– private key$HOME/.ssh/google_compute_engine.pub– public key
如果您想通过 gcloud 重用来自不同位置的密钥,请考虑制作符号链接或使用 --ssh-key-file 标志.
If you want to reuse keys from a different location with gcloud, consider either making symlinks or pointing gcloud there using the --ssh-key-file flag.
注意:如果您根本不使用 gcloud,则必须手动将 SSH 密钥添加到实例的元数据中,如 在实例级别设置 ssh 密钥,您可以通过 gcloud 执行此操作 或手动通过 Google Cloud Console.
Note: if you don't use gcloud at all, you have to manually add the SSH keys to the instance's metadata as described in Setting up ssh keys at the instance level which you can do via gcloud or manually via Google Cloud console.
您还可以使用 ssh-keygen 创建自己的密钥,gcloud 也将在幕后使用.您可以直接使用ssh连接到实例gcloud,但您需要指定额外的参数:
You can also create your own keys using ssh-keygen which is what gcloud will also use under the covers. You can connect to the instance using ssh directly instead of gcloud but you will need to specify extra parameters to do so:
ssh -i KEY_FILE -o UserKnownHostsFile=/dev/null \
-o CheckHostIP=no -o StrictHostKeyChecking=no \
USER@IP_ADDRESS
这将需要以下参数:
KEY_FILE– [必需] 计算机上存储密钥的文件,例如~/.ssh/google_compute_engine.
KEY_FILE– [Required] The file where the keys are stored on the computer, e.g.,~/.ssh/google_compute_engine.
USER – [必需] 登录该实例的用户名.通常,这是运行 gcloud compute 的本地用户的用户名.
USER – [Required] The username to log in that instance. Typically, this is the username of the local user running gcloud compute.
IP_ADDRESS – [必需] 实例的外部 IP 地址.
IP_ADDRESS – [Required] The external IP address of the instance.
有关详细信息,请参阅SSH 文档.
For more details, see the SSH docs.
这篇关于如何访问 Google Cloud Platform Compute Engine VM 实例的 SSH 密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
