1

I'm trying to ssh into a gce instance:

C:\Users\Kevin>gcloud compute config-ssh
You should now be able to use ssh/scp with your instances.
For example, try running:

  $ ssh sdkmanager.us-central1-a.canigraduate-43286


C:\Users\Kevin>ssh sdkmanager.us-central1-a.canigraduate-43286
kevin@35.184.189.41: Permission denied (publickey).

So I guess "should" doesn't mean "can". What can I do to figure out why this doesn't work? I have OS login disabled.

kevmo314
  • 4,223
  • 4
  • 32
  • 43
  • @NestorDanielOrtegaPerez I'm specifically asking why `config-ssh` doesn't work. I have a fleet of machines, I'd like to avoid having to manually configure ssh every time. Using `gcloud compute ssh` isn't an option either as I need to use the default ssh agent. – kevmo314 Apr 18 '22 at 12:46
  • Friendly advice: if your original question lacks important details, you won't be able to receive the answer you're looking for as per Stack Overflow's established [rules](https://stackoverflow.com/help/closed-questions). – Hector Martinez Rodriguez Apr 25 '22 at 19:34
  • @HectorMartinezRodriguez I can appreciate that, however it would also be nice if `gcloud` offered any more details for me to go off of here too... – kevmo314 Apr 25 '22 at 19:37
  • Without specific details, can you please check [here](https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh#permission_denied), and go 1 by 1 on the scenarios? I think this is the correct path to find the root cause. – Hector Martinez Rodriguez Apr 25 '22 at 23:24
  • 1
    @HectorMartinezRodriguez Thanks for that link, I hadn't seen it before. Going through that, I did end up figuring out what was wrong and I posted an answer. It seems like it would be useful to link that page in the command output :) – kevmo314 Apr 26 '22 at 00:31

1 Answers1

1

Ok I figured out what was going on with Hector's suggestion. It turns out on Windows, gcloud generates a (I think) PuTTY-compatible RSA key instead of an OpenSSH key. That is, my private key begins with

-----BEGIN RSA PRIVATE KEY-----

On the other hand, on WSL it generates an OpenSSH private key.

-----BEGIN OPENSSH PRIVATE KEY-----

However, in Windows 10+ if you use the default ssh command without PuTTY or similar installed, it's actually an OpenSSH client, not a PuTTY client. Therefore, it will reject the key.

If I copy the key from WSL into my C:\Users\Kevin\.ssh\ directory, overwriting the one that gcloud generates, the ssh client in Windows works.

I'm not sure if this was intentional on gcloud's part but I guess it's expecting a different ssh client than the default one in Windows.

kevmo314
  • 4,223
  • 4
  • 32
  • 43