You have already known about the Google Cloud Computing and his Compute Engine VMs (VM Instances), the easiest way to start your VPSs within minutes.
Once started (the VM Instance), what you need to remote access those machines it's a secure shell connection.
We need: the Putty terminal emulator, a secure key-pair and some settings in the Google Cloud Console for our Virtual Machine.
The procedure assumes that our workstation is running a Debian/Ubuntu Linux DE, if not, we have Putty and Bash for Windows.
Install Putty on Linux
apt install putty putty-tools
Generate a SSH key-pair
ssh-keygen -t ecdsa -f ~/.ssh/mysshkey -C catalin@popos
Info about the "-C catalin@popos" identification: it will be split by @ (if used) character and only the processed left side will be used for creating a real VPS (Google Compute Engine) SSH user. That way, a foo.bar@hostname identification will create the foo_bar user. You got the idea.
Convert the private SSH key to Putty compatible format
puttygen ~/.ssh/mysshkey -o ~/.ssh/mysshkey.ppk -C "catalin@popos"
Add the SSH public key to Compute Engine instance (VM)
Access the VM from Cloud Console (https://console.cloud.google.com/compute) and hit edit, then look for "Custom metadata" area, the place where public key must be added.
The variable "sshKeys" (above area) must exists, if not, it must be created (Add item) and have as value the above copied data; with a trick: the username followed by ":" must be appended to the key content (from the clipboard).
The Putty connection
Add necessary Putty ssh connection info (just add the server address and a name to be saved in the Putty list). Don't save yet.
In the left side of Putty (marked as "Category") scroll down from current "Session" and go to
Connection->SSH->Auth where you can browse for private key file to use. Browse and select the above created .ppk file (
~/.ssh/mysshkey.ppk). Scroll up to "Session" and save the current settings for your server SSH connection. Try to open the connection, the username and password for the corresponding private key should be asked and passed. You are now securely connected to your server.
And that's not all, did you know that using this connection you can even create tunnels to your closed server ports? I'm using this feature to forward port 5432 (PostgreSQL) to an internal 5433 localhost, that way, even if 5432 is closed on the server, we can connect to the database server using the secure forwarded localhost:5433 address.
Multiple SSH key-pairs and security of the private key
There is no limit in the number of SSH key-pair based access, so you can create as many keys you need. In the Cloud Console, new public keys must be added separated by new lines (editing existing sshKeys).
Keep your private keys "private", but in case of loss or disclosure you still have two levels of protection: the key password and, best of, removing the public key from Compute Engine will make the stolen private key unusable.