How to solve : Gcloud compute ssh SFATAL ERROR: No supported authentication methods available (server sent: publickey)

Question

I'm facing this famous error and after many research I could fix it for one VM using :

print('ssh front-end begin')
host = "frontend-lab1"
    
cmd= f'gcloud compute ssh {host} --force-key-file-overwrite'
res = subprocess.check_output(cmd, shell=True)
    
cmd = f'gcloud compute ssh {host} --zone=europe-west1-b --command="cd /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/ && sudo echo \'NEXT_PUBLIC_API_URL=http://{ip_back}:4000\' | sudo tee /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/.env && sudo npm install pm2 -g && sudo npm run build && sudo pm2 --name counter-app start npm -- start"'
print(cmd)
res = subprocess.check_output(cmd, shell=True)
print(res)
print('ssh front-end end')

which open a window and dispaly three buttons where I can click "yes" and it works.

But when I try to an other VM (exactly the same configuration, Ubuntu 20.04 lts VM)

print('ssh back-end begin')
host = "backend-lab1"
    
cmd= f'gcloud compute ssh {host} --force-key-file-overwrite'
res = subprocess.check_output(cmd, shell=True)
    
cmd = f'gcloud compute ssh {host} --zone=europe-west1-b --command="cd /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/ && sudo echo \'DATABASE_HOST=http://{ip_db}:3000\' | sudo tee /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/.env && sudo echo \'DATABASE_USER=postgres\' | sudo tee -a /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/.env && sudo echo \'DATABASE_USER=postgres\' | sudo tee -a /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/.env && sudo echo \'DATABASE_PASS=postgres\' | sudo tee -a /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/.env && sudo echo \'DATABASE_NAME=counter\' | sudo tee -a /home/jeromevialhes/mse-tsm-cloudsys-lab1/app/.env && sudo npm install pm2 -g &&  pm2 --name counter-api start npm -- start"'
print(cmd)
res = subprocess.check_output(cmd, shell=True)
print(res)
print('ssh back-end end')   

I keep getting the following error :

WARNING - POTENTIAL SECURITY BREACH!
The server's host key does not match the one PuTTY has
cached in the registry. This means that either the
server administrator has changed the host key, or you
have actually connected to another computer pretending
to be the server.
The new ssh-ed25519 key fingerprint is:
ssh-ed25519 255 99:f3:06:93:57:2d:8e:10:2b:4d:c3:18:90:aa:bc:00
If you were expecting this change and trust the new key,
enter "y" to update PuTTY's cache and continue connecting.
If you want to carry on connecting but without updating
the cache, enter "n".
If you want to abandon the connection completely, press
Return to cancel. Pressing Return is the ONLY guaranteed
safe choice.
Update cached key? (y/n, Return cancels connection) SFATAL ERROR: No supported authentication methods available (server sent: publickey)

What can I do to fix this ? Also it would be nice if I could set in code to automatically use the "yes" option.

Answer 1

In Google Cloud, you often get the same IP address when you create, delete and then create a new virtual machine instance. This means the host key will be different for the same IP address.

The file ~/.ssh/known_hosts contains a list of hosts by IP address. Edit the file, find the line with the matching IP address and delete the line. Then retry SSH.

Under the hood, the CLI gcloud calls either SSH (Linux) or Putty (Windows). For Linux, you can execute the command ssh-keygen -r host.example.com (or specifying the IP address) to update the host fingerprint before executing the SSH connect attempt.