This website uses Google Analytics and Advertising cookies, used to generate statistical data on how visitors uses this website (with IP anonymization) and to deliver personalized ads based on user prior visits to this website or other websites. [read more]
These cookies are disabled by default until your Accept/Reject Consent.
The Consent can be changed at any time by accesing the ePrivacy button located at the bottom of every page. Enjoy your visit!

How to ssh into google compute engine using Putty

You have already known about the Google Cloud Computing and his Compute Engine VMs (VM Instances), the easiest way to start your VPSs within minutes.

timeline Build your own web development hosting stack on Google Cloud, within minutes, using the WebH-NL - web hosting stack for self managed servers.

Once started (the VM Instance), what you need to remote access those machines it's a secure shell connection.

We need: the Putty terminal emulator, a secure key-pair and some settings in the Google Cloud Console for our Virtual Machine.

The procedure assumes that our workstation is running a Debian/Ubuntu Linux DE, if not, we have Putty and Bash for Windows.

Install Putty on Linux

apt install putty putty-tools

Generate a SSH key-pair

ssh-keygen -t ecdsa -f ~/.ssh/mysshkey -C catalin@popos
replace catalin@popos with your own/desired identification; don't forget to set a strong passphrase for the private key (when prompted)
Info about the "-C catalin@popos" identification: it will be split by @ (if used) character and only the processed left side will be used for creating a real VPS (Google Compute Engine) SSH user. That way, a identification will create the foo_bar user. You got the idea.

Convert the private SSH key to Putty compatible format

puttygen ~/.ssh/mysshkey -o ~/.ssh/mysshkey.ppk -C "catalin@popos"
provide the passphrase for the private key (when prompted)

Add the SSH public key to Compute Engine instance (VM)

cat ~/.ssh/
select and copy the result into the clipboard

Access the VM from Cloud Console ( and hit edit, then look for "Custom metadata" area, the place where public key must be added.

The variable "sshKeys" (above area) must exists, if not, it must be created (Add item) and have as value the above copied data; with a trick: the username followed by ":" must be appended to the key content (from the clipboard).

The Putty connection

Add necessary Putty ssh connection info (just add the server address and a name to be saved in the Putty list). Don't save yet.
In the left side of Putty (marked as "Category") scroll down from current "Session" and go to Connection->SSH->Auth where you can browse for private key file to use. Browse and select the above created .ppk file (~/.ssh/mysshkey.ppk). Scroll up to "Session" and save the current settings for your server SSH connection. Try to open the connection, the username and password for the corresponding private key should be asked and passed. You are now securely connected to your server.

And that's not all, did you know that using this connection you can even create tunnels to your closed server ports? I'm using this feature to forward port 5432 (PostgreSQL) to an internal 5433 localhost, that way, even if 5432 is closed on the server, we can connect to the database server using the secure forwarded localhost:5433 address.

Multiple SSH key-pairs and security of the private key

There is no limit in the number of SSH key-pair based access, so you can create as many keys you need. In the Cloud Console, new public keys must be added separated by new lines (editing existing sshKeys).

Keep your private keys "private", but in case of loss or disclosure you still have two levels of protection: the key password and, best of, removing the public key from Compute Engine will make the stolen private key unusable.


Share this post on your favorite networks.
© Copyright 2017 | Just another information technology blog - All Rights Reserved