2

I created a Container-Optimized OS instance in the Google Cloud. When I try to connect to it via ssh from outside the ssh host key fingerprint shown differs from the output of

ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub

in the instance:

enter image description here

What am I missing?

Jodka Lemon
  • 120
  • 1
  • 11

3 Answers3

0

This might mean that you somehow "cloned" your VM and it's real fingerprint has changed but the old one is still in the ssk-key you generated. This is the most typical reason for this kind of issue - it was discussed here on ServerFault.

Generate new ssh key for your server and it should be the same as the one you're getting while trying to connect.

You may also get some more ideas from those threads:

Wojtek_B
  • 1,013
  • 4
  • 14
0

I found the solution myself:

The sshd configuration in use lies under /mnt/stateful_partition/etc/ssh/ and not under /etc/ssh/.

So ssh-keygen -lf /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key.pub gives the correct fingerprint.

Jodka Lemon
  • 120
  • 1
  • 11
-2

To connect a Linux VM instance, you need your own SSH key, which consists of a unique private SSH key file and a matching public SSH key file.

Due to you are generating your ssh-key via command line ssh-keygen then you must provide the Public SSH key to the instance using one of the following options:

  1. Use OS Login, which allows you to maintain consistent Linux user identity and avoid providing and managing SSH keys across VM instances.
  2. Use IAM roles to manage instance access, which allows you to provide your public SSH key to the instance through your Google account or a managed user account.
  3. Add SSH keys to metadata for the project or a specific instance.
  4. Have another user manually configure your public SSH key for you on the instance.

After you apply your public SSH key to the instances that you want to connect to, you can use your private SSH key to gain access to the instance.

In your case, seems like you need to add your Public SSH Key on the GCP Metadata (SSH Keys). You can find more details about Adding or removing project-wide public SSH Keys on this link

user10880591
  • 24
  • 2
  • 1
    You seem to have completely misunderstood the question. It is about the _host_ key, not the user's key. – Michael Hampton May 07 '19 at 18:02
  • Is possible to get more context about this behavior? For example, where did you create the "ssh_host_ed25519_key.pub" key? And how did you link the key to your Container-Optimized OS instance in the Google Cloud? – user10880591 May 09 '19 at 17:30