Question

我在Google Compute Engine上创建了两个实例：

Instance A
hostname: robot-a
ip addr: 10.111.0.11

Instance B
hostname: robot-b
ip addr: 10.222.0.22

我可以从本地计算机登录这两个实例。但是如何从其中一个实例登录到另一个实例呢？

我尝试了以下操作，但失败了：

robot-a$ ssh robot-b
The authenticity of host 'robot-b (10.111.0.11)' can't be established.
ECDSA key fingerprint is 3a:1a:f1:23:6a:83:ab:db:d8:a1:e8:7d:f5:65:c8:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'robot-b' (ECDSA) to the list of known hosts.
Permission denied (publickey).

Answer 1

GCE实例默认设置了gcloud。那么，最简单的方法就是。

gcloud compute ssh [INSTANCE_NAME] [--ZONE [INSTANCE_ZONE]]

可能需要区域标志，因为在该实例之前尚未运行gcloud init。

Answer 2

见managing instance access with SSH key pairs。基本上，如果你需要从机器人-a到机器人-b的ssh，你需要在机器人a上生成一个密钥对，将机器人的公钥添加到机器人-b（通过登录到机器人-b，并编辑.ssh / authorized_keys文件），然后robot-b识别机器人-a。

然后按名称访问：

robot-a$ ssh robot-b

或通过内部IP：

robot-a$ ssh 10.222.0.22

更一般的帮助：how to set up ssh so that you are not asked for a password

Answer 3

如果您在Google云端平台中有2个实例，这很安静，并且自动安装了来宾环境（gcloud命令留置权），您就可以通过它在项目中进行所有ssh的操作了：

只需在实例A内部运行以下命令行即可到达实例B

[user @ Instance-A] $ gcloud计算ssh实例-B

如果不起作用，请通知我，并确认您的防火墙规则是否允许内部流量。

Answer 4

我使用模板组启动了5个新实例，我需要通过SSH共享一些命令，并且手动无法在实例之间连接：

gcloud compute ssh rapids-instances-dj6p --zone us-central1-b

WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/username/.ssh/google_compute_engine.
Your public key has been saved in /home/username/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:SLaTY/4PMgpzWcM/oJDnhNJq02Uqnd06ZT6ChOAnCUU username@rapids-instances-pr0c
The key's randomart image is:
+---[RSA 2048]----+
| .E              |
|  .              |
| .    o          |
|o. o + +         |
|= B oo% S        |
| BoB**.O         |
|.+*=*.B.+        |
|. o= +.* o       |
|    ..o o..      |
+----[SHA256]-----+
Updating project ssh metadata...⠹Updated [https://www.googleapis.com/compute/v1/projects/my-project].                                                                      
Updating project ssh metadata...done.                                                                                                                                         
Waiting for SSH key to propagate.

ssh: connect to host 104.155.167.207 port 22: Connection timed out
ERROR: (gcloud.compute.ssh) Could not SSH into the instance.  It is possible that your SSH key has not propagated to the instance yet. Try running this command again.  If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.

所有这些实例都有公共地址，gcloud ssh试图通过外部网络连接，我创建了以下功能：

function gssh() {
  gcloud compute ssh $@ --internal-ip
}

然后像这样使用它：

gssh <hostname>

Answer 5

您需要将计算机的公共密钥（尝试从中进行ssh加密）添加到远程计算机的〜/ .ssh / authorized_keys（您要尝试连接的密钥）。

另一种方法是-在GCP控制台中-选择并编辑目标计算机，然后添加客户端计算机的SSH密钥。

如何在Google Compute Engine上创建的两个实例之间进行ssh？

5 个答案: