0
0
GCPcloud~10 mins

SSH access and metadata in GCP - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - SSH access and metadata
Start: VM Instance Created
Set Metadata: SSH Keys
User Tries SSH Access
Check Metadata for SSH Keys
Access Denied
Authenticate User
Grant SSH Access
User Connected to VM
This flow shows how SSH access to a VM is controlled by metadata containing SSH keys. The system checks metadata for keys before allowing access.
Execution Sample
GCP
gcloud compute instances add-metadata my-vm --metadata ssh-keys="user:ssh-rsa AAA..."
This command adds SSH keys to the VM metadata to allow user SSH access.
Process Table
StepActionMetadata SSH Keys Present?ResultUser Access
1VM instance createdNoNo SSH keys setAccess denied
2Add SSH keys to metadataYesSSH keys stored in metadataAccess pending
3User attempts SSH loginYesMetadata checked for keysAuthentication started
4User key matches metadataYesUser authenticatedAccess granted
5User connected via SSHYesConnection establishedUser logged in
6User attempts SSH login without keysNoNo keys foundAccess denied
💡 Execution stops when user is either granted access or denied due to missing keys.
Status Tracker
VariableStartAfter Step 2After Step 3After Step 4Final
Metadata SSH KeysNoneSet with user keyCheckedMatchedPresent
User AccessDeniedPendingAuthenticatingGrantedLogged In
Key Moments - 3 Insights
Why does the user get denied access at step 1?
Because no SSH keys are set in the metadata yet, so the system cannot authenticate the user (see execution_table row 1).
What happens if the user tries to SSH without matching keys in metadata?
The system denies access since it cannot find a matching key in metadata (see execution_table row 6).
How does metadata control SSH access?
Metadata stores SSH keys that the system checks during login to authenticate users (see execution_table steps 2-4).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the user access status at step 3?
AAccess granted
BAuthentication started
CAccess denied
DNo SSH keys set
💡 Hint
Check the 'User Access' column at step 3 in the execution_table.
At which step does the metadata first contain SSH keys?
AStep 2
BStep 4
CStep 1
DStep 6
💡 Hint
Look at the 'Metadata SSH Keys Present?' column in the execution_table.
If the metadata SSH keys were removed after step 4, what would happen at the next SSH attempt?
AUser would authenticate automatically
BUser would still be granted access
CUser would be denied access
DUser would bypass authentication
💡 Hint
Refer to execution_table row 6 where no keys cause access denial.
Concept Snapshot
SSH access to a VM in GCP is controlled by metadata containing SSH keys.
Users must have their public SSH key added to the VM's metadata.
When a user tries to SSH, the system checks metadata for matching keys.
If a match is found, access is granted; otherwise, access is denied.
Managing SSH keys via metadata is a secure way to control VM access.
Full Transcript
This visual execution shows how SSH access to a Google Cloud VM depends on metadata containing SSH keys. Initially, the VM has no SSH keys set, so users cannot connect. When SSH keys are added to the VM's metadata, users with matching keys can authenticate and gain access. The system checks metadata during each SSH attempt. If keys are missing or do not match, access is denied. This process ensures secure and controlled SSH access to cloud VMs.