Bird
Raised Fist0
GCPcloud~30 mins

SSH access and metadata in GCP - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
SSH Access and Metadata Configuration on GCP
📖 Scenario: You are setting up a Google Cloud virtual machine (VM) to allow secure SSH access for a user. You will configure the VM's metadata to include the SSH public key for that user. This setup is common when you want to control who can connect to your VM securely.
🎯 Goal: Configure the SSH access by adding the correct SSH public key to the VM instance metadata on Google Cloud Platform.
📋 What You'll Learn
Create a metadata dictionary with the SSH keys entry
Add a specific SSH public key string to the metadata
Assign the metadata to the VM instance configuration
Ensure the SSH key is correctly formatted in the metadata
💡 Why This Matters
🌍 Real World
Setting SSH keys in VM metadata is a common way to control who can securely connect to cloud virtual machines without sharing passwords.
💼 Career
Cloud engineers and system administrators often configure VM metadata to manage access and automate instance setup securely.
Progress0 / 4 steps
1
Create the initial metadata dictionary
Create a dictionary called metadata with a key "ssh-keys" and an empty string as its value.
GCP
Hint

Use curly braces to create a dictionary and set the value of "ssh-keys" to an empty string.

2
Add the SSH public key string to metadata
Add the SSH public key string "user:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7examplekey user@example.com" as the value for the "ssh-keys" key in the metadata dictionary.
GCP
Hint

Replace the empty string with the exact SSH public key string including the username and key.

3
Create the VM instance configuration dictionary
Create a dictionary called vm_instance with a key "metadata" and assign the metadata dictionary as its value.
GCP
Hint

Use the metadata dictionary as the value for the metadata key inside vm_instance.

4
Add the final SSH access enable flag
Add a key "enable-ssh" with the value "true" to the metadata dictionary inside vm_instance to enable SSH access.
GCP
Hint

Add the enable-ssh key with the string value "true" inside the metadata dictionary.

Practice

(1/5)
1. What is the main purpose of SSH access in Google Cloud Platform (GCP)?
easy
A. To securely connect to virtual machine instances
B. To store large files in the cloud
C. To monitor network traffic
D. To create new virtual machines automatically

Solution

  1. Step 1: Understand SSH access

    SSH (Secure Shell) is a protocol used to securely connect to remote machines, such as virtual machines in GCP.

  2. Step 2: Identify SSH use in GCP

    In GCP, SSH access allows users to securely log into VM instances to manage and operate them.

  3. Final Answer:

    To securely connect to virtual machine instances -> Option A

  4. Quick Check:

    SSH access = secure VM connection [OK]
Hint: SSH is for secure remote login to VMs [OK]
Common Mistakes:
  • Confusing SSH with storage or monitoring services
  • Thinking SSH creates VMs instead of connecting to them
2. Which of the following is the correct way to add an SSH key to a VM instance's metadata in GCP?
easy
A. Add the SSH key to the project billing settings
B. Add the SSH key to the instance's firewall rules
C. Add the SSH key to the VM's disk storage
D. Add the SSH key to the instance's metadata under the 'ssh-keys' key

Solution

  1. Step 1: Understand where SSH keys are stored

    SSH keys are stored in metadata, which is a place to keep configuration info for VMs.

  2. Step 2: Identify correct metadata key

    The correct metadata key for SSH keys is 'ssh-keys' at the instance or project level.

  3. Final Answer:

    Add the SSH key to the instance's metadata under the 'ssh-keys' key -> Option D

  4. Quick Check:

    SSH keys stored in 'ssh-keys' metadata [OK]
Hint: SSH keys go in 'ssh-keys' metadata key [OK]
Common Mistakes:
  • Adding SSH keys to firewall rules instead of metadata
  • Trying to store SSH keys in disk storage or billing settings
3. Given the following metadata setup for a VM instance in GCP:
{"ssh-keys": "user:ssh-rsa AAAAB3Nza... user@example.com"}

What will happen when you try to SSH into this VM as 'user'?
medium
A. SSH connection will succeed using the provided public key
B. SSH connection will be denied due to missing keys
C. SSH will prompt for a password instead of using keys
D. The VM will restart automatically

Solution

  1. Step 1: Analyze the metadata content

    The metadata contains a valid SSH public key for user 'user' under 'ssh-keys'.

  2. Step 2: Understand SSH key usage

    When connecting as 'user', the VM checks the 'ssh-keys' metadata and allows access if the matching private key is used.

  3. Final Answer:

    SSH connection will succeed using the provided public key -> Option A

  4. Quick Check:

    Valid SSH key in metadata = successful SSH login [OK]
Hint: Valid SSH key in metadata allows login [OK]
Common Mistakes:
  • Assuming password prompt appears despite key presence
  • Thinking VM restarts due to SSH metadata
4. You added an SSH key to your project-wide metadata but still cannot SSH into a VM instance. What is the most likely cause?
medium
A. The firewall allows SSH traffic
B. The VM instance is turned off
C. The instance has block-project-ssh-keys set to true, blocking project keys
D. The SSH key format is incorrect in the metadata

Solution

  1. Step 1: Understand project-wide SSH keys

    Project-wide SSH keys apply to all instances unless blocked by instance settings.

  2. Step 2: Check instance metadata blocking

    If the instance metadata has 'block-project-ssh-keys' set to true, it ignores project-wide keys.

  3. Final Answer:

    The instance has block-project-ssh-keys set to true, blocking project keys -> Option C

  4. Quick Check:

    block-project-ssh-keys=true blocks project keys [OK]
Hint: Check 'block-project-ssh-keys' flag on instance [OK]
Common Mistakes:
  • Assuming firewall allows SSH means keys work
  • Ignoring instance-level metadata blocking project keys
5. You want to ensure that only specific users can SSH into a VM instance in GCP, even though project-wide SSH keys exist. Which approach is best?
hard
A. Add all users' SSH keys to project metadata and leave instance metadata empty
B. Set 'block-project-ssh-keys' to true on the instance and add allowed users' keys to instance metadata
C. Remove all SSH keys from project metadata and rely on firewall rules
D. Disable SSH access entirely on the VM instance

Solution

  1. Step 1: Understand project-wide vs instance metadata

    Project-wide SSH keys apply to all instances unless blocked by instance settings.

  2. Step 2: Control access per instance

    Setting 'block-project-ssh-keys' to true on the instance disables project keys, allowing only instance metadata keys.

  3. Step 3: Add allowed users' keys to instance metadata

    By adding only allowed users' keys to instance metadata, you restrict SSH access to them.

  4. Final Answer:

    Set 'block-project-ssh-keys' to true on the instance and add allowed users' keys to instance metadata -> Option B

  5. Quick Check:

    Block project keys + instance keys = controlled SSH access [OK]
Hint: Block project keys, use instance keys for control [OK]
Common Mistakes:
  • Relying only on firewall rules for SSH user control
  • Removing project keys without adding instance keys
  • Disabling SSH entirely when access is needed