2

I'm using Cloud Shell within Google Cloud Console to connect to my Google Cloud Datalab GCE VM using these instructions. I have a firewall on my Google Cloud Datalab GCE VM that restricts SSH access to certain IP addresses only. The problem I have is that the cloud shell IP address changes frequently. Is it possible to set a static external IP address for Cloud Shell, or is there a list of IP ranges that will be used for cloud shell machines? I'm open to other suggestions about how to connect via ssh to a GCE VM with restricted firewall within cloud shell as well.

Anthonios Partheniou
  • 1,699
  • 1
  • 15
  • 25

2 Answers2

4

Recommendation here is leverage a bastion host that you allow access to. Cloudshell ssh there, then interact with the environment. Its a pain, believe me. Alternatively you can whitelist all of googles published external ranges associated with gcp, but you pick up the random users of services as well. Good luck.

Continuous-Intuition
  • 41
  • 1
2

  1. Yes you can set static external IP of your VM. Please follow following link of google documentation for same.

    https://cloud.google.com/compute/docs/configure-ip-addresses

Go to Section "Reserving a new static external IP address".

I have tried it previously an 6 months back it works smoothly.

  1. Even if VM change IP external so often . Solution :-It should be better to have a Domain Name for that VM. i.e. even if IP changes beneath it ( Dynamic DNS server) would handle it. Search for Dynamic DNS it would helpful.

But in your no. 2 won't be valid as your firewall would block it anyways.

Community
  • 1
  • 1
Inder R Singh
  • 652
  • 1
  • 6
  • 21
  • 3
    My understanding is that these instuctions are for compute engine resources and not for Cloud Shell. – Anthonios Partheniou May 04 '17 at 04:58
  • 2
    This will not work for Cloud Shell, these instructions are for VMs – Noa May 04 '17 at 07:02
  • I'm open to other suggestions about how to connect via ssh to a GCE VM with restricted firewall within cloud shell as well. :- To answer this question you can directly ssh through "putty" to VM , by giving VM "Static external IP address" . Which fits your needs "Simple". – Inder R Singh May 04 '17 at 13:40
  • "...within cloud shell". I need to set a static IP in Cloud Shell – Anthonios Partheniou May 04 '17 at 15:50
  • 1
    why do you need "cloud shell static IP " ... you have to understand how your google shell works. Google shell is just hosted on a "temporary VM or a Server" --> which is running a server code ( taking commands from jquery browser) for replicating commands & sending it to over your actual "hosted VM." – Inder R Singh May 04 '17 at 16:29
  • This is a legitimate need. In highly secured/regulated environments, resources are often restricted by firewall rules to incoming connections from whitelisted IP addresses only. There is currently no way to add Cloud Shell to a whitelist like this without whitelisting virtually all of Google's IP space, which is enormous. Cloud Shell would be an outstanding solution to act as a client to such resources because of it's fully managed and tightly secured nature, but it *can't* be used in these scenarios because of the inability to fix an IP address. – Michael Ames Nov 06 '17 at 20:11