Add SSH keys to VMs  |  Compute Engine Documentation  |  Google Cloud (2024)

Table of Contents
Before you begin Console gcloud Terraform REST Add keys to VMs that use OS Login gcloud Terraform REST Add SSH keys to project metadata Console gcloud Terraform REST Add SSH keys to instance metadata Console gcloud Terraform REST Console gcloud REST What's next? FAQs

Linux Windows

This document describes how to add SSH keys to virtual machine (VM) instancesthat use OS Login and VMs that usemetadata-based SSH keys. If you or your organization administratorhasn't enabled OS Login, your VMs use metadata-based SSH keys.

Before you begin

  • For information about managing access to your Compute Engine VMs, seeChoosing an access method.
  • If you haven't already,create an SSH key pair.
  • If you haven't already, set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine as follows.

    Select the tab for how you plan to use the samples on this page:

    Console

    When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

    gcloud

    1. Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init
    2. Set a default region and zone.

    Terraform

    To use the Terraform samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

    1. Install the Google Cloud CLI.

    2. To initialize the gcloud CLI, run the following command: 

      gcloud init

    3. If you're using a local shell, then create local authentication credentials for your user account: 

      gcloud auth application-default login

      You don't need to do this if you're using Cloud Shell.

    For more information, see Set up authentication for a local development environment.

    REST

    To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

      Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init

    For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Add keys to VMs that use OS Login

VMs that use OS Login accept SSH keys that are associated with your GoogleAccount. You can associate a public SSH key with your Google Account using thegcloud CLI or using the OS Login API. If you're an administrator foryour organization, you can add SSH keys to user accounts using theDirectory API.

When you add SSH keys to your Google Account, Compute Engine generates ausername for you by combining the username and domain from the email associatedwith your Google Account. For example, if your email address iscloudysanfrancisco@gmail.com, your username is cloudysanfrancisco_gmail_com.If you add an SSH key in a project that is outside of your organization, yourusername is prefixed with ext_, for example,ext_cloudysanfrancisco_gmail_com. Your organization administrator cancustomize your username using theDirectory API. Ifyou already have a username configured, Compute Engine uses thatusername when you add SSH keys.

Permissions required for this task

To perform this task, you must have the following permissions:

  • All permissions in the Compute OS Login External User role, if you add an SSH key in a project outside of your organization.

gcloud

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. To add a public SSH key to your account, use thegcloud compute os-login ssh-keys add command:

    gcloud compute os-login ssh-keys add \ --key-file=KEY_FILE_PATH \ --project=PROJECT \ --ttl=EXPIRE_TIME

    Replace the following:

    • KEY_FILE_PATH: the path to the public SSH keyon your workstation. The key must use the public-openssh format
    • PROJECT: Optional: a project where you intend touse your SSH key. Specify this field to use your SSH key in a projectoutside of your organization, or you are not a member of aCloud Identity organization

    • EXPIRE_TIME: Optional: the expiration time for theSSH key

      For example, if you specify 30m the SSH key expires after 30 minutes.

      This flag uses the following units:

      • s for seconds
      • m for minutes
      • h for hours
      • d for days

Terraform

To add a public SSH key to your account, use the google_client_openid_userinfo resource along with the google_os_login_ssh_public_key resource.

data "google_client_openid_userinfo" "me" {}resource "google_os_login_ssh_public_key" "default" { user = data.google_client_openid_userinfo.me.email key = file("id_rsa.pub") # path/to/ssl/id_rsa.pub}

REST

To add a public SSH key to your account, use the OS Login APIusers.importSshPublicKey method:

POST https://oslogin.googleapis.com/v1/users/ACCOUNT_EMAIL:importSshPublicKey{ "key": "SSH_KEY", "expirationTimeUsec": "EXPIRATION_TIMESTAMP"}

Replace the following:

  • ACCOUNT_EMAIL: the email address associated withyour account
  • SSH_KEY: the public key that you want to addto the account
  • EXPIRATION_TIMESTAMP: the expiration time forthe key, in microseconds since epoch (1 second = 106microseconds)

VMs that don't use OS Loginstore SSH keys in Compute Engine project and instance metadata. You canuse SSH keys stored in project metadata to access all VMs in a project. You canuse SSH keys stored in instance metadata to access individual VMs.

Compute Engine doesn't automatically remove expired SSH keys frommetadata at expiration time, but expired keys can't be used to establish newconnections to VMs. If you want to remove expired keys from metadata, seeRemove SSH keys from VMs that use metadata-based keys.

You can add a public SSH key to project or VM instance metadatausing the Google Cloud console, the gcloud CLI, or REST.

Add SSH keys to project metadata

You can add a public SSH key to project metadata to access all VMs in a project,except VMs that block project-wide SSH keys. For more information aboutblocking project-wide SSH keys, seeBlock SSH keys from VMs that use metadata-based SSH keys.

Permissions required for this task

To perform this task, you must have the following permissions:

  • compute.projects.setCommonInstanceMetadata on the project.
  • iam.serviceAccounts.actAs on the project. For more information about service account permissions, see Roles for service account authentication.

Console

To add a public SSH key to project metadata using theGoogle Cloud console, do the following:

  1. In the Google Cloud console, go to the Metadata page.

    Go to Metadata

    See Also
    Create and host an SSH key | Selectel DocumentationAccess an Oracle Cloud Service Using SSHIBM Cloud DocsAdding an SSH Key

  2. Click the SSH keys tab.

  3. Click Edit.

  4. Click Add item.

  5. In the SSH key field that opens, add your public SSH key. The keymust be in one of the following formats:

    • Format for a key without an expiration time: 
      KEY_VALUE USERNAME
    • Format for a key with an expiration time: 
      KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

    Replace the following:

    • KEY_VALUE: the public SSH key value
    • USERNAME: your username. For example, cloudysanfrancisco or cloudysanfrancisco_gmail_com.

      For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connect to Linux VMs as the root user.

      For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

    • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

  6. Click Save.

gcloud

In the Google Cloud console, activate Cloud Shell.

Activate Cloud Shell

At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  1. If there are existing SSH keys in project metadata, you mustre-add them to project metadata every time you add a new SSH key using thegcloud CLI. If you don't re-add your existing keys,adding a new key erases the existing keys.

    To add a public SSH key to project metadata using the gcloud CLI,do the following:

    1. If your project already has project-wide public SSH keys, get them frommetadata and add them to a new file:

      1. Run thegcloud compute project-info describe commandto get the SSH keys for the project:

        gcloud compute project-info describe \ --format="value(commonInstanceMetadata[items][ssh-keys])"

        The output is similar to the following:

        username:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... username:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...

      2. Copy the ssh-keys metadata value.

      3. Create and open a new text file on your workstation.

      4. In the file, paste the list of keys that you just copied.

      5. Add your new key at the end of the list, in one of the followingformats:

        • Format for a key without an expiration time: 
          USERNAME:KEY_VALUE
        • Format for a key with an expiration time: 
          USERNAME:KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

        Replace the following:

        • KEY_VALUE: the public SSH key value
        • USERNAME: your username. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.

          For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

          For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

        • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

      6. Save and close the file.

    2. Run the gcloud compute project-info add-metadatacommand to set the project-wide ssh-keys value:

      gcloud compute project-info add-metadata --metadata-from-file=ssh-keys=KEY_FILE

      Replace KEY_FILE with one of the following:

      • The path to the file you created in the previous step, if the projecthad existing SSH keys
      • The path to your new public SSH key file, if the project didn't haveexisting SSH keys

Terraform

To add a public SSH key to your project metadata, use the google_compute_project_metadata resource.

resource "google_compute_project_metadata" "default" { metadata = { ssh-keys = <<EOF dev:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILg6UtHDNyMNAh0GjaytsJdrUxjtLy3APXqZfNZhvCeT dev test:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILg6UtHDNyMNAh0GjaytsJdrUxjtLy3APXqZfNZhvCeT test EOF }}

REST

If there are existing SSH keys in project metadata, you mustre-add them to project metadata every time you add a new SSH key using thethe Compute Engine API. If you don't re-add your existing keys,adding a new key erases the existing keys.

To add a public SSH key to project metadata using the Compute Engine API,do the following:

  1. Get the fingerprint and ssh-keys values from metadata by using theprojects.get method

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID

    Replace PROJECT_ID with your project ID.

    The response is similar to the following:

    ..."fingerprint": "utgYE_XWtE8=","items": [{ "key": "ssh-keys", "value": "cloudysanfrancisco:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF...\nbaklavainthebalkans:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQDx3FNVC8... google-ssh {"userName":"baklavainthebalkans","expireOn":"2021-06-14T16:59:03+0000"}"}]...

  2. Add the new ssh-keys value by using theprojects.setCommonInstanceMetadatamethod.

    POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/setCommonInstanceMetadata{"items": [ { "key": "ssh-keys", "value": "EXISTING_SSH_KEYS\nNEW_SSH_KEY" }]"fingerprint": "FINGERPRINT"}

    Replace the following:

    • PROJECT_ID: your project ID
    • EXISTING_SSH_KEYS: the value of the ssh-keyskey from the response of the projects.get request
    • FINGERPRINT: the value of the fingerprintfrom the response of the projects.get request

    • NEW_SSH_KEY: the new SSH key, in one of thefollowing formats:

      • Format for a key without an expiration time: 
        USERNAME:KEY_VALUE
      • Format for a key with an expiration time: 
        USERNAME:KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

      Replace the following:

      • KEY_VALUE: the public SSH key value
      • USERNAME: your username. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.

        For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

        For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

        See Also
        SSH keys in Google Cloud Platform

      • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

Add SSH keys to instance metadata

You can add a public SSH key to instance metadatawhen you create a VM orafter you create a VM.

Add SSH keys to instance metadata during VM creation

You can add SSH keys to instance metadata during VM creation, using theGoogle Cloud console, gcloud CLI, or Compute Engine API.

Console

To create a VM and add a public SSH key to instance metadata at the sametime using the Google Cloud console, do the following:

  1. In the Google Cloud console, go to the Create an instance page.

    Go to Create an instance

  2. Specify the VM details.

  3. Expand the Advanced options section, and do the following:

    1. Expand the Security section.

    2. Select Add manually generated SSH keys.

    3. Click Add item.

    4. Add your public key in the text box. The key must be in one of the following formats:

      • Format for a key without an expiration time: 
        KEY_VALUE USERNAME
      • Format for a key with an expiration time: 
        KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

      Replace the following:

      • KEY_VALUE: the public SSH key value
      • USERNAME: your username. For example, cloudysanfrancisco or cloudysanfrancisco_gmail_com.

        For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connect to Linux VMs as the root user.

        For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

      • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

  4. To create and start the VM, click Create.

gcloud

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. To create a VM and add a public SSH key to instance metadata at the same timeusing the gcloud CLI, use thegcloud compute instances create command:

    gcloud compute instances create VM_NAME \ --metadata=ssh-keys=PUBLIC_KEY

    Replace the following:

    • VM_NAME: the name of the new VM

    • PUBLIC_KEY: your public SSH key, in one of thefollowing formats:

      • Format for a key without an expiration time: 
        USERNAME:KEY_VALUE
      • Format for a key with an expiration time: 
        USERNAME:KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

      Replace the following:

      • KEY_VALUE: the public SSH key value
      • USERNAME: your username. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.

        For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

        For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

      • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

    You can add multiple SSH keys by using the--metadata-from-file=ssh-keys=FILE_PATH flag.In the file, add a list of usernames and public SSH keys in one of thepreceding formats.

Terraform

To add a public SSH key to your instance metadata, use the google_compute_instance resource.

resource "google_compute_instance" "default" { name = "my-vm" machine_type = "n1-standard-1" zone = "us-central1-a" boot_disk { initialize_params { image = "ubuntu-1404-trusty-v20160627" } } # Local SSD disk scratch_disk { interface = "SCSI" } network_interface { network = "default" access_config {} } metadata = { "ssh-keys" = <<EOT dev:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILg6UtHDNyMNAh0GjaytsJdrUxjtLy3APXqZfNZhvCeT dev test:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILg6UtHDNyMNAh0GjaytsJdrUxjtLy3APXqZfNZhvCeT test EOT }}

REST

To create a VM and add a public SSH key to instance metadata at the sametime using the Compute Engine, construct a POST request to theinstances.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

Replace the following:

  • PROJECT_ID: the project ID
  • ZONE: the zone of the VM

In the body of the request, provide usernames and public SSH keys in theitems property:

...{ "items": [ { "key": "ssh-keys", "value": "PUBLIC_KEY" } ]}...

Replace PUBLIC_KEY with your public key, in oneof the following formats:

  • Format for a key without an expiration time: 
    USERNAME:KEY_VALUE
  • Format for a key with an expiration time: 
    USERNAME:KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

Replace the following:

  • KEY_VALUE: the public SSH key value
  • USERNAME: your username. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.

    For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

    For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

  • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

You can add multiple SSH keys by adding \n between keys.

Add SSH keys to instance metadata after VM creation

You can add SSH keys to instance metadata after VM creation, using theGoogle Cloud console, gcloud CLI, or Compute Engine API.

Permissions required for this task

To perform this task, you must have the following permissions:

  • compute.instances.setMetadata on the VM

Console

To add a public SSH key to instance metadata using theGoogle Cloud console, do the following:

  1. In the Google Cloud console, go to the VM instances page.

    Go to VM Instances

  2. Click the name of the VM that you want to add an SSH key for.

  3. Click Edit.

  4. Under SSH Keys, click Add item.

  5. Add your public key into the text box. The key must be in one of thefollowing formats:

    • Format for a key without an expiration time: 
      KEY_VALUE USERNAME
    • Format for a key with an expiration time: 
      KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

    Replace the following:

    • KEY_VALUE: the public SSH key value
    • USERNAME: your username. For example, cloudysanfrancisco or cloudysanfrancisco_gmail_com.

      For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connect to Linux VMs as the root user.

      For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

    • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

  6. Click Save.

gcloud

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. If there are existing SSH keys in instance metadata, you must re-add them toinstance metadata every time you add a new SSH key using thegcloud CLI. If you don't re-add your existing keys, adding anew key erases the existing keys.

    To add a public SSH key to instance metadata using thegcloud CLI, do the following:

    1. If your VM already has instance-level public SSH keys, get them frommetadata and add them to a new file:

      1. Run the gcloud compute instances describe commandto get the metadata for the VM:

        gcloud compute instances describe VM_NAME

        Replace VM_NAME with the name of the VM for which youneed to add or remove public SSH keys.

        The output is similar to the following:

        ...metadata:...- key: ssh-keys value: |- cloudysanfrancisco:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF... baklavainthebalkans:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQDx3FNVC8... google-ssh {"userName":"baklavainthebalkans","expireOn":"2021-06-14T16:59:03+0000"}...

      2. Copy the ssh-keys metadata value.

      3. Create and open a new text file on your workstation.

      4. In the file, paste the list of keys that you just copied.

      5. Add your new key at the end of the list, in one of the followingformats:

      • Format for a key without an expiration time: 
        USERNAME:KEY_VALUE
      • Format for a key with an expiration time: 
        USERNAME:KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

      Replace the following:

      • KEY_VALUE: the public SSH key value
      • USERNAME: your username. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.

        For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

        For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

      • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000
      1. Save and close the file.

    2. Run the gcloud compute instances add-metadata command to setthe ssh-keys value:

      gcloud compute instances add-metadata VM_NAME --metadata-from-file ssh-keys=KEY_FILE

      Replace the following:

      • VM_NAME: the VM you want to add theSSH key for
      • KEY_FILE with one of the following:
      • The path to the file you created in the previous step, if the VM hadexisting SSH keys
      • The path to your new public SSH key file, if the VM didn't haveexisting SSH keys

REST

If there are existing SSH keys in instance metadata, you must re-add them toinstance metadata every time you add a new SSH key using theCompute Engine API. If you don't re-add your existing keys, adding anew key erases the existing keys.

To add a public SSH key to instance metadata using theCompute Engine API, do the following:

  1. Get the fingerprint and ssh-keys values from metadata by using theinstances.getmethod.

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME

    Replace the following:

    • PROJECT_ID: your project ID
    • ZONE: the zone of the VM to add an SSHkey
    • VM_NAME: the VM you're adding an SSH key for

    The response is similar to the following:

    ..."fingerprint": "utgYE_XWtE8=","items": [{ "key": "ssh-keys", "value": "cloudysanfrancisco:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF...\nbaklavainthebalkans:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQDx3FNVC8... google-ssh {"userName":"baklavainthebalkans","expireOn":"2021-06-14T16:59:03+0000"}"}]...

  2. Add the new ssh-keys value by using theinstances.setMetadatamethod.

    POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME/setMetadata{"items": [ { "key": "ssh-keys", "value": "EXISTING_SSH_KEYS\nNEW_SSH_KEY" }]"fingerprint": "FINGERPRINT"}

    Replace the following:

    • PROJECT_ID: your project ID
    • EXISTING_SSH_KEYS: the value of the ssh-keyskey from the response of the instances.get request
    • FINGERPRINT: the fingerprintfrom the response of the projects.get request

    • NEW_SSH_KEY: the new SSH key, in one of thefollowing formats:

      • Format for a key without an expiration time: 
        USERNAME:KEY_VALUE
      • Format for a key with an expiration time: 
        USERNAME:KEY_VALUE google-ssh {"userName":"USERNAME","expireOn":"EXPIRE_TIME"}

      Replace the following:

      • KEY_VALUE: the public SSH key value
      • USERNAME: your username. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.

        For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

        For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.

      • EXPIRE_TIME: the time the key expires, in ISO 8601 format. For example: 2021-12-04T20:12:00+0000

What's next?

  • Learn how to connect to VMs.
  • Learn how to manage access to VMs.
  • Learn how to transfer files to VMs.
  • Learn how SSH connections to Linux VMswork on Compute Engine.
Add SSH keys to VMs  |  Compute Engine Documentation  |  Google Cloud (2024)

FAQs

How to add ssh keys to google cloud VM? ›

In the Google Cloud console, go to the Metadata page. Click the SSH keys tab. Click Edit. Click Add item.

Read On
How do I enable SSH on my VM Google cloud? ›

Connect to a VM using SSH by running the gcloud compute ssh command:
  1. In the Google Cloud console, activate Cloud Shell. Activate Cloud Shell. ...
  2. Run the following command: gcloud compute ssh --project= PROJECT_ID --zone= ZONE VM_NAME.

Discover More Details
How to connect to VM using SSH key? ›

Establish a connection using the PuTTY app:
  1. Run the Pageant application. Right-click on the Pageant icon in the task bar. In the context menu, select Add key. ...
  2. Run PuTTY. In the Host Name (or IP address) field, enter the public IP address of the VM you want to connect to. Specify port 22 and SSH as the connection type.

Continue Reading
How to add ssh keys? ›

For Windows 10 & 11
  1. Press the Windows key or open up the Start Menu. Type “cmd”.
  2. Under “Best Match”, click “Command Prompt”.
  3. In the command prompt, use the ssh-keygen command: ...
  4. The system will now generate the key pair and display the key fingerprint and a randomart image. ...
  5. Open your file explorer.

See Details
How to enable SSH in VM? ›

Configuring a VM for SSH access
  1. Verify that port 22 is open on the VM operating system firewall.
  2. Install and run an SSH server. Example: OpenSSH on an Ubuntu VM. Install open SSH: sudo apt-get install openssh-server. Confirm that SSH daemon ( sshd ) is running: ps -aef | grep sshd. Try to connect: ssh localhost.

Find Out More
How do I SSH into Google Cloud VM from Vscode? ›

To connect to a VM instance, in the Compute Engine explorer, hold the pointer over the VM instance and click terminal Open SSH or right-click the VM instance and select Open SSH. A terminal appears, displaying information about the remote instance.

Tell Me More
How to enable SSH remotely? ›

How to Enable an SSH Connection
  1. Go to System Settings.
  2. Click General in the left menu.
  3. Locate and open Sharing.
  4. Enable Remote Login to allow SSH access to the device.
Nov 23, 2023

Show Me More
How to connect SSH to Windows VM? ›

If you can't access your VM using RDP, enable SSH by doing the following:
  1. Stop the VM.
  2. Set the following metadata key-value pairs on the VM to enable SSH. For more information about setting metadata, see Set custom metadata. SSH package installation metadata: ...
  3. Start the VM. The VM might take a few minutes to reboot.

Explore More
How to connect to VM using IP address? ›

Connecting into the UiPath VM using IP
  1. Press Win + R to open the Run dialog.
  2. Type mstsc and press Enter to open the Remote Desktop Connection window.
  3. Enter the IP address of your VM in the “Computer” field.
  4. Click “Connect.”
  5. You may be prompted to enter your username and password.
Nov 13, 2023

Continue Reading
How to connect two virtual machines using SSH? ›

You create an SSH key pair, add the public key to a VM, and connect to the VM by running the virtctl ssh command with the private key.

Show Me More

How to access remote machine using SSH? ›

To initiate an SSH connection to a remote system, you need the Internet Protocol (IP) address or hostname of the remote server and a valid username. You can connect using a password or a private and public key pair. Because passwords and usernames can be brute-forced, it's recommended to use SSH keys.

Read The Full Story
How to add 2 SSH keys? ›

Setting up multiple SSH keys on one computer
  1. Step 1: Navigate to the right location. All of your SSH keys need to be stored in ~/.ssh , so navigate there using: ...
  2. Step 2: Create the SSH keys. ...
  3. Step 3: Create a config file. ...
  4. Step 4: Add keys to your accounts. ...
  5. Step 5: “Too Open” Error. ...
  6. Step 6: Clone your repo with the correct host.
Mar 6, 2022

See Details
How to add SSH keys to terminal? ›

Creating SSH Keys (Terminal)
  1. Create an .ssh folder in the home directory. Create a .ssh folder in your user account's home directory if it doesn't already exist: $ mkdir /home/<user name>/.ssh. ...
  2. Use ssh-keygen to generate SSH key. ...
  3. Retrieve the public key file. ...
  4. Use the key in an async session.

Get More Info Here
Where are SSH-add keys stored? ›

By default, the agent uses SSH keys stored in the . ssh directory under the user's home directory. The ssh-add command is used for adding identities to the agent. In the simplest form, just run if without argument to add the default files ~/.

Continue Reading
How do I create a new key in Gcloud? ›

To create a private key in Google Cloud:
  1. Open your project in Google Cloud Platform.
  2. In the Navigation pane, go to IAM & admin > Service Accounts. ...
  3. Click Create Service Account. ...
  4. Type the Service account name, Service account ID, and Service account description, then click Create.

View More
How to connect to a GCP instance using PuTTy? ›

In the GCP console, copy the External IP address of the instance. In putty, paste the External IP address in the “Host Name (or IP address)” field. Enter a name for this stored session. Example: Avere vFXT Click ​Save​.

View Details
How to generate SSH key pair? ›

Create an SSH key pair on Microsoft Windows
  1. Download PuTTy Key Generator PuTTygen.exe file and run it.
  2. In the Key menu, select SSH-2 RSA Key.
  3. In Parameters, select the RSA option.
  4. In Number of bits in generated key field, enter at least 2048, ideally 4096.
  5. In Actions, select Generate.
  6. A progress bar appears.
May 24, 2024

See More
Is ed25519 better than RSA? ›

ED25519 is generally considered more secure and efficient than RSA, while RSA provides a higher level of security due to its larger key size. The choice between these two algorithms depends on the specific application and the level of security and efficiency required.

Learn More
Top Articles
Bitcoin Rich List - View the Top 100 Richest Bitcoin Addresses!
How High Do Military Drones Fly? (14 Examples)
Devotion Showtimes Near Xscape Theatres Blankenbaker 16
Express Pay Cspire
Ups Dropoff Location Near Me
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Tv Guide Bay Area No Cable
Steamy Afternoon With Handsome Fernando
Is Csl Plasma Open On 4Th Of July
Directions To Lubbock
Elden Ring Dex/Int Build
Are They Not Beautiful Wowhead
Busby, FM - Demu 1-3 - The Demu Trilogy - PDF Free Download
Simplify: r^4+r^3-7r^2-r+6=0 Tiger Algebra Solver
Water Days For Modesto Ca
Marvon McCray Update: Did He Pass Away Or Is He Still Alive?
Hanger Clinic/Billpay
Virginia New Year's Millionaire Raffle 2022
Jbf Wichita Falls
Lawson Uhs
Nevermore: What Doesn't Kill
Food Universe Near Me Circular
Buying Cars from Craigslist: Tips for a Safe and Smart Purchase
Shoe Station Store Locator
Anonib Oviedo
Marquette Gas Prices
Gma' Deals & Steals Today
Free T33N Leaks
Generator Supercenter Heartland
Pdx Weather Noaa
Renfield Showtimes Near Marquee Cinemas - Wakefield 12
Delta Rastrear Vuelo
Southern Democrat vs. MAGA Republican: Why NC governor race is a defining contest for 2024
Makemkv Key April 2023
Litter-Robot 3 Pinch Contact & DFI Kit
Suspect may have staked out Trump's golf course for 12 hours before the apparent assassination attempt
KITCHENAID Tilt-Head Stand Mixer Set 4.8L (Blue) + Balmuda The Pot (White) 5KSM175PSEIC | 31.33% Off | Central Online
Property Skipper Bermuda
“Los nuevos desafíos socioculturales” Identidad, Educación, Mujeres Científicas, Política y Sustentabilidad
2007 Peterbilt 387 Fuse Box Diagram
20 bank M&A deals with the largest target asset volume in 2023
Shoecarnival Com Careers
Sour OG is a chill recreational strain -- just have healthy snacks nearby (cannabis review)
Satucket Lectionary
Centimeters to Feet conversion: cm to ft calculator
Makes A Successful Catch Maybe Crossword Clue
Kenwood M-918DAB-H Heim-Audio-Mikrosystem DAB, DAB+, FM 10 W Bluetooth von expert Technomarkt
Gear Bicycle Sales Butler Pa
How to Get a Check Stub From Money Network
Bomgas Cams
Philasd Zimbra
E. 81 St. Deli Menu
Latest Posts
How to Spot a Drone at Night (Things to Look For)
How much does it cost to create NFTs? - THIS IS DMG
Article information

Author: Dan Stracke

Last Updated:

Views: 5763

Rating: 4.2 / 5 (43 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Dan Stracke

Birthday: 1992-08-25

Address: 2253 Brown Springs, East Alla, OH 38634-0309

Phone: +398735162064

Job: Investor Government Associate

Hobby: Shopping, LARPing, Scrapbooking, Surfing, Slacklining, Dance, Glassblowing

Introduction: My name is Dan Stracke, I am a homely, gleaming, glamorous, inquisitive, homely, gorgeous, light person who loves writing and wants to share my knowledge and understanding with you.