无法通过 SSH 连接到 Google Compute Engine

Question

我在一个新项目上设置了一个新的 Google Compute Engine 实例。 我启动实例并使用命令gcloud init连接到我的项目。 然后我使用命令sudo gcloud compute ssh instance-1 。 它带我完成 SSH 密钥对生成：

WARNING: The private SSH key file for Google Compute Engine does not exist.
WARNING: You do not have an SSH key for Google Compute Engine.
WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/username/.ssh/google_compute_engine.
Your public key has been saved in /Users/username/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:there_is_a_key_here_but_probably_should_not_show_it root@My-MacBook-Air-4.local
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|There is an image|
|here             |
+----[SHA256]-----+
Updating project ssh metadata...\Updated [link to the project].
Updating project ssh metadata...done.                                                         
Warning: Permanently added 'compute.1788786712041991164' (ECDSA) to the list of known hosts.
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) Could not SSH to the instance.  It is possible that your SSH key has not propagated to the instance yet. Try running this command again.  If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.

奇怪的。 我检查了 Google Cloud Console 中的元数据，运行此命令后，它们的键出现在那里。 所以它成功生成并更新了元数据。 我稍等片刻，然后再试一次相同的命令：

My-MacBook-Air-4:~ myname$ sudo gcloud compute ssh instance-1
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. See https://cloud.google.com/compute/docs/troubleshooting#ssherrors for troubleshooting hints.

所以我尝试了一些故障排除提示：

gcloud compute firewall-rules list

NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
default-allow-http      default  0.0.0.0/0     tcp:80                                  http-server
default-allow-https     default  0.0.0.0/0     tcp:443                                 https-server
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22

防火墙好像没问题。 我在任何项目上创建的每个 Google Compute Engine 实例都会发生这种情况。 我不明白发生了什么，已经创建了密钥对，我在几个不同的项目上多次尝试了所有步骤，但错误仍然存​​在。

编辑：密钥出现在项目的 SSH 选项卡中，元数据选项卡仍然是空的。

Answer 1

然后我使用命令sudo gcloud compute ssh instance-1

在这里使用sudo是错误的。 您似乎在/Users/username/.ssh/google_compute_engine创建了一个密钥，但由于它具有注释root@My-MacBook-Air-4.local ，它可能是使用错误的所有权创建的（即由 root 拥有） .

您可以通过以下方式解决此问题：

 sudo chown $USER:$GROUPS ~/.ssh/google_compute_engine{,.pub}

然后在没有sudo情况下连接

 gcloud compute ssh instance-1

或者，如果失败了就重新开始，但不要将sudo用于任何事情。

Answer 2

解决方案：创建一个新的防火墙，为 TCP 和 UDP 打开端口 22，如下图所示。