I usually SSH into a Google Cloud Compute Engine Instance using my local terminal like:
ssh -i ~/.ssh/[KEY_FILENAME [USERNAME]#ip_address
where the [KEY_FILENAME] is generated using
ssh-keygen -t rsa -f ~/.ssh/[KEY_FILENAME] -C [USERNAME]
There is also another way to connect to the instance which is through the browser, however I would connect to the instance with a different user account. Is there a way that I can make it consistent regardless of the method I use to connect?
There are several ways to connect a Linux instance via the SSH. The way you are connecting to an instance is via the terminal. You can connect via the Cloud Console Web UI which is in general the most convenient way to connect to an instance. Also, you can use Google Cloud SDK and run below command to connect to an instance via SSH:
gcloud compute ssh [INSTANCE_NAME]
You can also use Cloud Shell to connect your instance from the Cloud Console web UI by using the same command as above. You can connect via the serial console using the Google Cloud Platform Console, the gcloud command-line tool, or a third-party SSH client. The serial console authenticates users with SSH keys. Specifically, you must add your public SSH key to the project or instance metadata, and store your private key on the local machine from which you want to connect. There are other advanced methods to connect to an instance which you can find at this link.
By default, the gcloud compute command-line tool uses the $USER variable to add users to the /etc/passwd file for connecting to virtual machine instances using SSH. You can specify a different user using the --ssh-key-file PRIVATE_KEY_FILE flag when running the gcloud compute ssh command. Depending on your use case and convenience, you can use any method consistently.
Related
MacBook-Air-2:~ Owner$ gcloud sql instances describe ahaha-mysql
ERROR: (gcloud.sql.instances.describe) There was no instance found at projects/ahaha-20180621/instances/ahaha-mysql or you are not authorized to access it.
You will need to enable permission for the compute instance to access the cloud sql
Stop the instance
Edit the instance and change the Cloud API access scopes
Enable Cloud SQL
Restart the instance
run gcloud auth login and authenticate as yourself by following the link (you might need to fix it in a text editor) and entering the verification code.
run gcloud sql instances describe ahaha-mysql this should now work
I am stuck at one thing regarding CloudSQL.
I have my WordPress app running on GCE and I create Instance Group so I will utilise the AutoScaler.
for Db, I am using CloudSQL.
Now point where is stuck is the "Authorise network" in CloudSQL as it accepts only IPV4 Public IP.
How do I know when autoscaling happen what IP will attach to Instance so my instance will know where the DB is?
I can hard code the CloudSQL IP as a CNAME but from CloudSQL Side I am not able to figure it out how to provide access. I can make my DB access all open
If you can let me know what will be the point which I am missing.
I used cloudsql proxy also but that doesn't come with Service in Linux ... I hope you can understand my situation. Let me know if any idea you like to share on this.
Thank you
The recommended way is to use the second generation instances and Cloud SQL Proxy, you’ll need to configure the Proxy on Linux and start it by using service account credentials as outlined at the provided link.
Another way is to use startup script in your GCE instance template, so you can get your new instance’s external IP address and add it to a Cloud SQL instance’s authorized networks by using gcloud sql instance patch command. The IP can be removed from the authorized networks in the same way by using shutdown script. The external IP address of GCE VM instance can be retrieved from metadata by running:
$ curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google".
I can't connect Google Cloud SQL from GCE even I added public IP (external IP) of my GCE instance as a authorized network. It works when I add "0.0.0.0" into authorized network. Obviously I don't want to do that. The authorized network setting may be the cause. But I can't find out it. Does anyone know about this.
I'm using Google Cloud SQL version 2 beta. I am trying to connect from GCP cloud console. Although it may be not necessary, I changed external IP setting from ephemeral to static but it didn't work.
mysql -u root -p -h xxxx <--- I can login normally if I add "0.0.0.0" into authorized network.
I've double checked this same question..
Linking Google Compute Engine and Google Cloud SQL
1. Ensure your Cloud SQL instance has an IPv4 address.
2. Find out the public IP address of your GCE instance and add it as an authorized network on your Cloud SQL instance.
3. Add a MySQL username and password for your instance with remote access.
4. When connecting from GCE use you standard MySQL connection system (e.g. mysqli_connect) with the username and password you just set up, connecting to the IPv4 address of your Cloud SQL instance.
Edit 1
I noticed this description.
Note: Connecting to Cloud SQL from Compute Engine using the Cloud SQL Proxy is currently available only for Cloud SQL Second Generation instances.
https://cloud.google.com/sql/docs/compute-engine-access
Does it mean that I have to use the Proxy..?
Edit 2
$ mysql -u root -p -h (Cloud SQL Instance's IP)
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on '(Cloud SQL Instance's IP)' (110)
Edit 3
Does it mean that I have to use the Proxy..?
According to the official document as Vadim said, Cloud SQL Proxy seems to be optional but it sounds better for security, flexibility and also the price. (static IP will be charged. However, the proxy setting may be complicated for me..)
https://cloud.google.com/sql/docs/compute-engine-access
If you are connecting to a Cloud SQL First Generation instance, then you must use its IP address to connect. However, if you are using a Cloud SQL Second Generation instance, you can also use the Cloud SQL Proxy or the Cloud SQL Proxy Docker image.
Edit 4
I found the reason... I was stupid... I tried connect from Google Cloud Shell but that was not my gce instance. It works when I try to connect from my gce instance.
Did you add the public IP of the GCE VM under authorized networks?
From your post:
2. Find out the public IP address of your GCE instance and add it as an authorized network on your Cloud SQL instance.
The official documentation is here:
https://cloud.google.com/sql/docs/external#appaccessIP
I am a very basic user in Google Cloud Platform.
Is it possible to use a GUI of my VM instance ? I am currently using Centos7 VM.
You can use VNC to connect to VMs on Google Compute Engine. Here's a detailed tutorial for how to set this up.
For added security:
use a long, complex password (though note that VNC limits passwords to 8 characters)
instead of opening up port 5901 to the Internet, consider using an SSH tunnel. This is more complex, and depending on your Internet connection, may slow down your graphics refresh rate, but will be more secure.
To use the alternative approach with an SSH tunnel, here are the differences from the tutorial you need to follow:
don't open port 5901 in the Google Compute Engine firewall
create an SSH tunnel from your desktop/laptop to GCE VM via:
gcloud compute ssh \
${VM_INSTANCE} \
--project $PROJECT \
--zone $ZONE \
--ssh-arg "-L ${LOCAL_PORT}:localhost:5901"
where you need to provide the right parameters for ${VM_INSTANCE}, $PROJECT, and $ZONE that match your configuration. You can choose ${LOCAL_PORT} to be 5901 if you wish, but if you decide to VNC into several different GCE VM instances, you'll have to choose unique ports for your local machine.
You need to keep this connection open to use VNC. If this connection is closed, you will lose VNC access as well.
Instead of connecting to your VM using its external IP, connect via localhost:${LOCAL_PORT} with ${LOCAL_PORT} same as selected earlier in step #2
My need was to connect a Windows TightVNC client to Google Compute Engine Cloud Instance of Debian 10 (Buster). The various tutorials I have worked through omitted one important step: make sure the vnc server is not restricted to localhost.
The essential steps for Google Cloud are summarized as
confirm you have a running VM instance and that you have ssh access.
I explicitly disabled enable-oslogin (how to disable oslogin)
and loaded my own Puttygen-created SSH certificate.
in VPC Networks > Network Interface Details > Firewall and routes > Rules add a rule to allow ingress for ip range 0.0.0.0/0 (or a
known limited range), for tcp:5900-5920 (this allows for up to 20
VNC instances)
set up the VNC server (tutorials here and for debian 9
here and for debian 10 here and more complete and recent
here for debian 10
after doing this, I could not get past "Connection refused."
Missing step: make sure -localhost no is included as argument when starting the vncserver:
vncserver -localhost no
Once all these conditions were satisfied, I had desktop access.
I’m training to get familiar with the Fi-Ware Cloud service.
I can create blueprints templates and instances but I cannot access in SSH or Connect to VM display.
I have the server up and running, I can see the page “It works” of Apache.
The problem I have are:
With SSH I don’t know what credential I have to use, I try with my Fi-Ware credential but the server always shows me “access denied”
Connect to VM display it never appears the login interface.
There is some tutorial where I can see an example of how to do it or a detailed documentation how to configure and access to in a Blueprints Instance?
I know this question was already answered but I tried these solution and only had success with additional detail after Creating, Downloading and chmod-ing the keypair file: using [user#]hostname] ssh parameter as root#Fi-lab-FloatingIPAddress ,
under root shell or
using sudo command to execute ssh -i kp.pem Fi-lab-FloatingIPAddress
Try to access without root username will results in ssh asks to password even including the keypair associated with that virtual machine.
In other words, the keypair to access fi-lab blueprint or instances only works with root username.
Usually, when you create a VM of Bluerpint, you should assign a keypair, that should be created previously. I suppose that you did it. Correct me if I am wrong. During the creation of the keypair, you could download en .pem file that it is used to access to the VM using ssh (ssh -i xxx.pem…).
I am just getting familiar with #Fiware Lab.
prerequisites :
Having in the private key you generated in the fiware cloud interface in the file fiware_rsa (text file beginning with -----BEGIN RSA PRIVATE KEY-----)
Associate your server with an external IP (internet) (note you can access other instances via the one which has inet access)
ssh -i fiware.rsa user#external-ip-address
try with root user, you should see a message advising the proper user name to use depending on the instance :
ubuntu#front:~$ ssh -i .ssh/fiware_rsa root#XXX.XXX.XXX.XXX
Please login as the user "centos" rather than the user "root".
You can find more information here : http://fr.slideshare.net/hmunfru/setting-up-your-virtual-infrastructure-using-fi-lab-cloud
BR