[英]Why can't VM with VPC networks, static internal IP, connect to SSH in Google Cloud Platform Web Console?
Google Cloud Platform Compute Engine When I created the VM within the VPC network, I set up a static internal IP. Google Cloud Platform Compute Engine 在 VPC 网络中创建 VM 时,我设置了 static 内部 IP。 The firewall allowed the personal computer IP.防火墙允许个人计算机 IP。 In this situation, the VM's SSH could not be reached.在这种情况下,无法访问 VM 的 SSH。
Once logged in to the Google Cloud platform, metadata I generated using the keigen command to access the VM in a terminal in local environment.登录到 Google Cloud 平台后,我使用 keigen 命令生成的元数据可以在本地环境的终端中访问 VM。 eg) ssh email ID@IP例如)ssh email ID@IP
Why can't I access that VM's SSH from the console on the Google Cloud platform?为什么我无法从 Google Cloud 平台上的控制台访问该 VM 的 SSH?
Thank you for reading it.感谢您阅读。 :) :)
If we read the following GCP documentation...https://cloud.google.com/solutions/connecting-securely#external如果我们阅读以下 GCP 文档...https://cloud.google.com/solutions/connecting-securely#external
we find the following statement:我们发现以下语句:
When instances do not have external IP addresses (including VMs that are backends for HTTPS and SSL proxy load balancers) they can only be reached by other instances on the network, Identity-Aware Proxy's TCP forwarding feature, or by using managed VPN gateway. When instances do not have external IP addresses (including VMs that are backends for HTTPS and SSL proxy load balancers) they can only be reached by other instances on the network, Identity-Aware Proxy's TCP forwarding feature, or by using managed VPN gateway.
The key phrase to me is that they can only be reached... .对我来说,关键短语是他们只能到达...... It would thus appear that you can only reach a VM without a public IP using the recipes described in the article.因此,您似乎只能使用文章中描述的方法访问没有公共 IP 的 VM。 If it were me, I'd consider actually giving the machine a public IP address and then following the recipes described in the article to only allow access to the machine through secured means.如果是我,我会考虑给机器一个公共的 IP 地址,然后按照文章中描述的方法只允许通过安全方式访问机器。 Google is promoting a story it called Beyond Corp which basically summarizes down to trust nothing.谷歌正在宣传一个名为Beyond Corp的故事,该故事基本上总结为不信任任何事物。 Every attempt to access any resource will be validated on a request by request basis and don't assume that lack of network access is enough to secure a resource.每次访问任何资源的尝试都将根据请求逐个请求进行验证,并且不要假设缺乏网络访问足以保护资源。 Instead, consider the notion that the VM can be publicly reachable but only authorized requests should be satisfied.相反,请考虑 VM 可以公开访问但仅应满足授权请求的概念。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.