GCPcloud~5 mins

SSH access and metadata in GCP - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes you need to connect securely to a virtual machine in the cloud. SSH access lets you do this by opening a safe door. Metadata helps manage who can use this door and how.

When you want to securely connect to a Google Cloud virtual machine to fix or check something.

When you need to add or remove users who can access your virtual machines via SSH.

When you want to automate SSH key management for multiple virtual machines.

When you want to check or update the SSH keys stored in the virtual machine's metadata.

When you want to control SSH access without logging into each virtual machine separately.

Commands

This command adds an SSH public key to the metadata of the virtual machine named example-vm. It allows the user to connect via SSH using this key.

Terminal

gcloud compute instances add-metadata example-vm --metadata ssh-keys="user:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7examplekey user@example.com" --zone us-central1-a

Expected OutputExpected

Updated [https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/example-vm].

→

--metadata - Specifies the metadata key and value to add or update.

→

--zone - Specifies the zone where the virtual machine is located.

This command connects you to the example-vm virtual machine using SSH. It uses the SSH keys stored in the metadata to authenticate.

Terminal

gcloud compute ssh user@example-vm --zone us-central1-a

Expected OutputExpected

WARNING: The SSH key for user is not found locally. Generating a new SSH key. Welcome to Debian GNU/Linux 11 (bullseye)! user@example-vm:~$

→

--zone - Specifies the zone where the virtual machine is located.

This command shows the metadata of the example-vm virtual machine, including SSH keys and other information.

Terminal

gcloud compute instances describe example-vm --zone us-central1-a --format='get(metadata.items)'

Expected OutputExpected

[{"key": "ssh-keys", "value": "user:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7examplekey user@example.com"}]

→

--format - Formats the output to show only the metadata items.

Key Concept

If you remember nothing else from this pattern, remember: SSH keys stored in instance metadata control who can securely access your virtual machines.

Common Mistakes

Adding SSH keys with incorrect formatting in metadata.

The SSH key must be in the correct format 'username:ssh-rsa KEY user@host' or it will not work.

Always use the format 'username:ssh-rsa KEY user@host' when adding SSH keys to metadata.

Trying to SSH without specifying the correct zone.

The gcloud command needs the zone to find the right virtual machine.

Always include the --zone flag with the correct zone when using gcloud compute ssh.

Not updating metadata after changing SSH keys.

Old keys remain valid until metadata is updated, causing access confusion.

Update the instance metadata every time you add or remove SSH keys.

Summary

Use gcloud compute instances add-metadata to add SSH keys to a VM's metadata.

Use gcloud compute ssh with the correct zone to connect securely to the VM.

Use gcloud compute instances describe to view the current metadata including SSH keys.