gcloud_alpha_compute_ssh (1)
NAME
- gcloud alpha compute ssh - SSH into a virtual machine instance
SYNOPSIS
-
gcloud alpha compute ssh [USER@]INSTANCE [--command=COMMAND] [--container=CONTAINER] [--dry-run] [--force-key-file-overwrite] [--plain] [--ssh-flag=SSH_FLAG] [--ssh-key-file=SSH_KEY_FILE] [--strict-host-key-checking=STRICT_HOST_KEY_CHECKING] [--zone=ZONE] [--internal-ip | --tunnel-through-iap] [GCLOUD_WIDE_FLAG ...] [-- SSH_ARGS ...]
DESCRIPTION
(ALPHA) gcloud alpha compute ssh is a thin wrapper around the ssh(1) command that takes care of authentication and the translation of
Note, this command does not work when connecting to Windows VMs. To connect to a Windows instance using a command-line method, refer to this guide: cloud.google.com/compute/docs/instances/connecting-to-instance#windows_cli
The default network comes preconfigured to allow ssh access to all VMs. If the default network was edited, or if not using the default network, you may need to explicitly enable ssh access by adding a firewall-rule:
-
$ gcloud compute firewall-rules create --network=NETWORK \
default-allow-ssh --allow tcp:22
gcloud alpha compute ssh ensures that the user's public SSH key is present in the project's metadata. If the user does not have a public SSH key, one is generated using ssh-keygen(1) (if the --quiet flag is given, the generated key will have an empty passphrase).
POSITIONAL ARGUMENTS
-
- [USER@]INSTANCE
-
Specifies the instance to SSH into.
USER specifies the username with which to SSH. If omitted, $USER from the environment is selected.
INSTANCE specifies the name of the virtual machine instance to SSH into.
- [-- SSH_ARGS ...]
-
Flags and positionals passed to the underlying ssh implementation.
The '--' argument must be specified between gcloud specific args on the left and SSH_ARGS on the right. Example:
- $ gcloud alpha compute ssh example-instance --zone us-central1-a \ -- -vvv -L 80:%INSTANCE%:80
FLAGS
-
- --command=COMMAND
-
A command to run on the virtual machine.
Runs the command on the target instance and then exits.
- --container=CONTAINER
-
The name or ID of a container inside of the virtual machine instance to connect
to. This only applies to virtual machines that are using a Google
Container-Optimized virtual machine image. For more information, see
cloud.google.com/compute/docs/containers
- --dry-run
-
Print the equivalent scp/ssh command that would be run to stdout, instead of
executing it.
- --force-key-file-overwrite
-
If enabled, the gcloud command-line tool will regenerate and overwrite the
files associated with a broken SSH key without asking for confirmation in both
interactive and non-interactive environments.
If disabled, the files associated with a broken SSH key will not be regenerated and will fail in both interactive and non-interactive environments.
- --plain
-
Suppress the automatic addition of ssh(1)/scp(1) flags. This flag is
useful if you want to take care of authentication yourself or use specific
ssh/scp features.
- --ssh-flag=SSH_FLAG
-
Additional flags to be passed to ssh(1). It is recommended that flags be
passed using an assignment operator and quotes. This flag will replace
occurences of %USER% and %INSTANCE% with their
dereferenced values. Example:
-
$ gcloud alpha compute ssh example-instance --zone us-central1-a \
--ssh-flag="-vvv" --ssh-flag="-L 80:%INSTANCE%:80"
is equivalent to passing the flags --vvv and -L 80:162.222.181.197:80 to ssh(1) if the external IP address of 'example-instance' is 162.222.181.197.
-
$ gcloud alpha compute ssh example-instance --zone us-central1-a \
- --ssh-key-file=SSH_KEY_FILE
-
The path to the SSH key file. By default, this is
~/.ssh/google_compute_engine.
- --strict-host-key-checking=STRICT_HOST_KEY_CHECKING
-
Override the default behavior of StrictHostKeyChecking for the connection. By
default, StrictHostKeyChecking is set to 'no' the first time you connect to an
instance, and will be set to 'yes' for all subsequent connections.
STRICT_HOST_KEY_CHECKING must be one of: yes, no, ask.
- --zone=ZONE
-
Zone of the instance to connect to. If not specified and the
compute/zone property isn't set, you may be prompted to select a
zone.
To avoid prompting when this flag is omitted, you can set the compute/zone property:
- $ gcloud config set compute/zone ZONE
A list of zones can be fetched by running:
- $ gcloud compute zones list
To unset the property, run:
- $ gcloud config unset compute/zone
Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.
-
At most one of these may be specified:
-
- --internal-ip
-
Connect to instances using their internal IP addresses rather than their
external IP addresses. Use this to connect from one instance to another on the
same VPC network, over a VPN connection, or between two peered VPC networks.
For this connection to work, you must configure your networks and firewall to allow SSH connections to the internal IP address of the instance to which you want to connect.
To learn how to use this flag, see cloud.google.com/compute/docs/instances/connecting-advanced#sshbetweeninstances
- --tunnel-through-iap
-
Tunnel the ssh connection through the Cloud Identity-Aware Proxy.
-
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
EXAMPLES
To SSH into 'example-instance' in zone us-central1-a, run:
- $ gcloud alpha compute ssh example-instance --zone us-central1-a
You can also run a command on the virtual machine. For example, to get a snapshot of the guest's process tree, run:
-
$ gcloud alpha compute ssh example-instance --zone us-central1-a \
--command "ps -ejH"
If you are using the Google Container-Optimized virtual machine image, you can SSH into one of your containers with:
-
$ gcloud alpha compute ssh example-instance --zone us-central1-a \
--container CONTAINER
NOTES
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:
- $ gcloud compute ssh $ gcloud beta compute ssh