I like to re-use existing ssh keys on AWS and Google Cloud. However the Google
Cloud cli tool generates a new ssh keypair when attempting to ssh into an
instance for the first time using
You can force gcloud to re-use an existing key pair in two different ways.
Configuring gcloud to add your own keys and using vanilla ssh
If you prefer to use vanilla
ssh over the
gloud ssh wrapper you can
configure gcloud to add your public key to the instances.
$ gcloud compute config-ssh --ssh-key-file ~/.ssh/id_rsa You should now be able to use ssh/scp with your instances. For example, try running: $ ssh streisand.asia-southeast1-a.streisand-vpn-197221
It will populate your
~/.ssh/config file so that entries exist for all Google
Cloud instances. The drawback is that you have to re-run the
command whenever you add or delete new instances so that your config file is
kept up to date.
# Google Compute Engine Section # # The following has been auto-generated by "gcloud compute config-ssh" # to make accessing your Google Compute Engine virtual machines easier. # # To remove this blob, run: # # gcloud compute config-ssh --remove # # You can also manually remove this blob by deleting everything from # here until the comment that contains the string "End of Google Compute # Engine Section". # # You should not hand-edit this section, unless you are deleting it. # Host streisand.asia-southeast1-a.streisand-vpn-xxxxxx HostName x.x.x IdentityFile /home/dani/.ssh/id_rsa UserKnownHostsFile=/home/dani/.ssh/google_compute_known_hosts HostKeyAlias=compute.x IdentitiesOnly=yes CheckHostIP=no # End of Google Compute Engine Section
We can now use vanilla
ssh instead of
gcloud compute ssh to enter an instance:
ssh streisand.asia-southeast1-a.streisand-vpn-xxxxxx Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.13.0-1015-gcp x86_64)
Symlinking your existing keys and using the gcloud ssh wrapper
The alternative to the first option is to use the
gcloud compute ssh wrapper
which keeps track of existing instances and doesn’t require re-populating the
ssh config file when instances are added or deleted.
gcloud ssh by default looks for:
$HOME/.ssh/google_compute_engine– the private key
$HOME/.ssh/google_compute_engine.pub– the public key
If it doesn’t find these keys it attempts to create new keys. We can circumvent this by linking our personal keys to those locations.
ln -s $HOME/.ssh/id_rsa $HOME/.ssh/google_compute_engine ln -s $HOME/.ssh/id_rsa $HOME/.ssh/google_compute_engine.pub
Now we can use the usual
gcloud compute ssh command. The wrapper command takes
the instance name instead of the address as an argument.
$ gcloud compute ssh streisand Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.13.0-1015-gcp x86_64)