無法通過 SSH 連接到 Google Compute Engine

Question

我在一個新項目上設置了一個新的 Google Compute Engine 實例。 我啟動實例並使用命令gcloud init連接到我的項目。 然后我使用命令sudo gcloud compute ssh instance-1 。 它帶我完成 SSH 密鑰對生成：

WARNING: The private SSH key file for Google Compute Engine does not exist.
WARNING: You do not have an SSH key for Google Compute Engine.
WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/username/.ssh/google_compute_engine.
Your public key has been saved in /Users/username/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:there_is_a_key_here_but_probably_should_not_show_it root@My-MacBook-Air-4.local
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|There is an image|
|here             |
+----[SHA256]-----+
Updating project ssh metadata...\Updated [link to the project].
Updating project ssh metadata...done.                                                         
Warning: Permanently added 'compute.1788786712041991164' (ECDSA) to the list of known hosts.
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) Could not SSH to the instance.  It is possible that your SSH key has not propagated to the instance yet. Try running this command again.  If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.

奇怪的。 我檢查了 Google Cloud Console 中的元數據，運行此命令后，它們的鍵出現在那里。 所以它成功生成並更新了元數據。 我稍等片刻，然后再試一次相同的命令：

My-MacBook-Air-4:~ myname$ sudo gcloud compute ssh instance-1
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. See https://cloud.google.com/compute/docs/troubleshooting#ssherrors for troubleshooting hints.

所以我嘗試了一些故障排除提示：

gcloud compute firewall-rules list

NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
default-allow-http      default  0.0.0.0/0     tcp:80                                  http-server
default-allow-https     default  0.0.0.0/0     tcp:443                                 https-server
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22

防火牆好像沒問題。 我在任何項目上創建的每個 Google Compute Engine 實例都會發生這種情況。 我不明白發生了什么，已經創建了密鑰對，我在幾個不同的項目上多次嘗試了所有步驟，但錯誤仍然存​​在。

編輯：密鑰出現在項目的 SSH 選項卡中，元數據選項卡仍然是空的。

Answer 1

然后我使用命令sudo gcloud compute ssh instance-1

在這里使用sudo是錯誤的。 您似乎在/Users/username/.ssh/google_compute_engine創建了一個密鑰，但由於它具有注釋root@My-MacBook-Air-4.local ，它可能是使用錯誤的所有權創建的（即由 root 擁有） .

您可以通過以下方式解決此問題：

 sudo chown $USER:$GROUPS ~/.ssh/google_compute_engine{,.pub}

然后在沒有sudo情況下連接

 gcloud compute ssh instance-1

或者，如果失敗了就重新開始，但不要將sudo用於任何事情。

Answer 2

解決方案：創建一個新的防火牆，為 TCP 和 UDP 打開端口 22，如下圖所示。