sshgoogle-cloud-platformpublic-key

Google Cloud Platform: SSH to Google cloud instance will have "Permission denied (publickey)"


I have come across the issue as below when I use ssh login google cloud instance

$ ssh -i DD2 root@35.237.32.84
Permission denied (publickey).

After some testing, I found that the cause of the error is that public key signature is not consistent with the account for google cloud:

For example :

scuio33@chef-server:~$ 

here you account is scuio33 then your pub file will be :

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBpNeFZyXXXehjPuGCkEjb/t
laNQt0fztORSCFFQIoKHkQzi7SNhp48kagyOHDNj6mY1LmVZB/sIj2oCa1AFupoFuBYc/XILP
rTX60fIlnBYkHl+6Kq/TX2hzKv scuio33

scuio33 will be exactly same as your google account, or there will have the issue "Permission denied (publickey)". Only google cloud has this restriction.

This is not a "question". But a hint for ssh to google cloud failure.


Solution

  • I experienced this issue when trying to set up Kubernetes for the first time on Google Cloud Platform.

    I was running into the error below each time I tried to SSH into my instance from my terminal:

    promisepreston@52.174.274.72: Permission denied (publickey)
    

    Here's how I solved it:

    Open a terminal on your workstation and use the ssh-keygen command to generate a new key. Specify the -C flag to add a comment with your username.

    ssh-keygen -t rsa -f ~/.ssh/[KEY_FILENAME] -C [USERNAME]
    

    In my case it was:

    ssh-keygen -t rsa -f ~/.ssh/kubernetes-trial -C promisepreston
    

    Navigate into the .ssh directory:

    cd ~/.ssh
    

    Restrict access to your private key so that only you can read it and nobody can write to it.

    chmod 400 [KEY_FILENAME]
    

    In my case it was:

    chmod 400 kubernetes-trial
    

    Double click on kubernetes-trial.pub to open it OR print it on the console using the cat command:

    sudo cat kubernetes-trial.pub
    

    The public SSH key should be of this format:

    ssh-rsa [KEY_VALUE] [USERNAME]
    

    OR

    ssh-rsa [KEY_VALUE] google-ssh {"userName":"[USERNAME]","expireOn":"[EXPIRE_TIME]"}
    

    In my case it was:

    ssh-rsa AAAAB3MzaC1yc2EAAAADAQABAAABAQDdLjLb2b97m9NSK5Z8+j6U8awAwIx1Sbn9o4cEpYT2USYlFhJPRckgnmCQ+Eaim/sgL40V2v3Jwt6HVAY0L9bl84jmvox9QP4FOY7+LM02ZqfRB6LaEukM1tGdObVr+HBvhOwrxGCI06GFjnD3vVzW4jEsK75Y7MPzXd5YSpebGvU+7ZOuEcuSKp/R9dJcJn4kdXeaqor4gh8uTKQ43PGPTEvyoNlCWLkwSgy8khbo2BpoChLA7B53pVEhviMvVVIbmwpc6V2AIhRYY7ppR8oBzklLgh8CtTBPXtQRYiahLOIhds6ORf7wGNFI+A4sbBqwEL3J6av5fE1+zkUBhAHX promisepreston
    

    Copy its contents and paste in the SSH Section of your instance under the Metadata section Adding or removing instance-level public SSH keys

    ssh keys

    In a local terminal, navigate to the directory where you have the private SSH key file, use the ssh command along with your private SSH key file, the username, and the external IP address of the instance to connect. For example:

    ssh -i private-key username@external-ip-of-the-virtual-instance
    

    In my case it was:

    ssh -i kubernetes-trial promisepreston@52.174.274.72
    

    After you connect, run commands on your instance using this terminal. When you finish, disconnect from the instance by running the exit command.

    Note: