GoogleComputeEngineSSHKeys
|
⇤ ← Revision 1 as of 2014-12-17 17:18:30
Size: 1964
Comment: Create page
|
Size: 2309
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = OUTDATED! = /!\ The information on this page is out of date. ''Don't'' use it! Have a look at [[https://cloud.google.com/compute/docs/instances/connecting-to-instance|Connecting to Linux Instances]] and [[https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys|Managing Instance Access with SSH Keys]] instead. ----- |
OUTDATED!
![Warning /!\](/moin_static198/light/img/icon_eek.png "Warning /!\"){kind=icon}
The information on this page is out of date. Don't use it! Have a look at Connecting to Linux Instances and Managing Instance Access with SSH Keys instead.
When an Ubuntu instance is booted within a Google Compute Engine project, SSH keys are sourced from two places: the project-level metadata, and the instance-level metadata. There are two methods that are then used to put these keys in place on an Ubuntu instance: cloud-init and the GCE daemon.
Project-level SSH keys can be found either through the web interface in ‘Compute > Compute Engine > Metadata’ on the project page, or by looking at the value of sshKeys in the output of gcloud compute project-info describe. Each of these SSH keys specifies a user and a corresponding public key.
Instance-level SSH keys are specified in metadata on starting an instance; see https://cloud.google.com/compute/docs/instances#setting_up_ssh_keys_at_the_instance_level for more details on how this is done.
When an Ubuntu instance is started in Google Compute Engine project with project-level SSH keys, cloud-init will always create an ubuntu user and add all of the project-level SSH keys (regardless of the user name they are assigned to) to .ssh/authorized_keys in the ubuntu user’s home directory.
If instance-level SSH keys are provided, the GCE daemon will only apply those to an instance; project-level SSH keys are disregarded. If (and only if) instance-level SSH keys are not specified, the GCE daemon will apply project-level SSH keys.
Once the metadata to use has been determined, the GCE daemon will create a user for each SSH key, and add the corresponding public key to .ssh/authorized_keys in their home directory.
In pseudo-code, the GCE daemon does the following:
sshKeys = []
if ‘sshKeys’ in instanceMetadata:
sshKeys = instanceMetadata[‘sshKeys’]
elif ‘sshKeys’ in projectMetadata:
sshKeys = projectMetadata[‘sshKeys’]
for username, publicKey in sshKeys:
create_user(username)
add_authorized_key_for_user(username, publicKey)GoogleComputeEngineSSHKeys (last edited 2018-05-17 21:03:31 by davecore)