使用安全Shell客户端SSH进入Google Cloud Compute Engine实例
时间:2020-01-09 10:38:46 来源:igfitidea点击:
我需要使用Google云计算引擎来设置和测试我的网络应用。
如何在基于Ubuntu Linux或Apple OS X的系统上使用ssh连接到实例?
默认情况下,您始终可以使用ssh连接到实例。
这很有用,因此您可以通过gcutil或REST API启用的基本配置来管理和配置实例。
ssh到实例的最简单方法是在基于本地Linux/OS X的系统中使用gcutil命令。
需要执行以下步骤
- 安装gcutil/google sdk
- 授权实例
- 验证实例状态
- 创建SSH密钥
- 使用gcutil或ssh客户端连接
步骤1安装gcutil
gcutil可在基于UNIX的操作系统(例如Linux和Mac OS X)上运行。
要使用gcutil,必须在计算机上安装Python 2.6.x或2.7.x。
gcutil不支持Python3.x。
默认情况下,大多数Linux发行版和Mac OS X上都安装了Python。
打开终端并输入以下命令,或获取访问该URL的gcutil工具。
Debian/Ubuntu/RHEL/CentOS Linux/OS X UNIX用户执行以下命令:
打开一个终端并执行:
## Download IT ## $ wget https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz $ tar -zxvf google-cloud-sdk.tar.gz ## INSTALL IT ## $ bash google-cloud-sdk/install.sh
输出示例:
Welcome to the Google Cloud SDK!
The Google Cloud SDK is currently in developer preview. To help improve the
quality of this product, we collect anonymized data on how the SDK is used.
You may choose to opt out of this collection now (by choosing 'N' at the below
prompt), or at any time in the future by running the following command:
gcloud config set --scope=user disable_usage_reporting true
Do you want to help improve the Google Cloud SDK (Y/n)? n
This will install all the core command line tools necessary for working with
the Google Cloud Platform.
The following components will be installed:
------------------------------------------------------------------------------------------
| BigQuery Command Line Tool | 2.0.18 | < 1 MB |
| BigQuery Command Line Tool (Platform Specific) | 2.0.18 | < 1 MB |
| Cloud DNS Admin Command Line Interface | 2014.04.29 | < 1 MB |
| Cloud SDK Core Command Line Tools | 1 | |
| Cloud SDK Core Libraries (Platform Specific) | 2014.10.20 | < 1 MB |
| Cloud SQL Admin Command Line Interface | 2014.04.09 | < 1 MB |
| Cloud Storage Command Line Tool | 4.12 | 2.5 MB |
| Cloud Storage Command Line Tool (Platform Specific) | 4.6 | < 1 MB |
| Compute Engine Command Line Interface | 2014.04.29 | < 1 MB |
| Compute Engine Command Line Tool (deprecated) | 1.16.5 | < 1 MB |
| Compute Engine Command Line Tool (deprecated) (Platform Specific) | 1.16.5 | < 1 MB |
| Default set of gcloud commands | 2014.04.29 | < 1 MB |
| Native extensions for gcloud commands (Mac OS X, x86_64) | 0.15.0 | 4.0 MB |
------------------------------------------------------------------------------------------
|- Creating update staging area -|
|============================================================|
|- Installing: BigQuery Command Line Tool -|
|============================================================|
|- Installing: BigQuery Command Line Tool (Platform Spec... -|
|============================================================|
|- Installing: Cloud DNS Admin Command Line Interface -|
|============================================================|
|- Installing: Cloud SDK Core Command Line Tools -|
|============================================================|
|- Installing: Cloud SDK Core Libraries (Platform Specific) -|
|============================================================|
|- Installing: Cloud SQL Admin Command Line Interface -|
|============================================================|
|- Installing: Cloud Storage Command Line Tool -|
|============================================================|
|- Installing: Cloud Storage Command Line Tool (Platform... -|
|============================================================|
|- Installing: Compute Engine Command Line Interface -|
|============================================================|
|- Installing: Compute Engine Command Line Tool (depreca... -|
|============================================================|
|- Installing: Compute Engine Command Line Tool (depreca... -|
|============================================================|
|- Installing: Default set of gcloud commands -|
|============================================================|
|- Installing: Native extensions for gcloud commands (Ma... -|
|============================================================|
Creating backup and activating new installation...
Update done!
Modify profile to update your $PATH and enable bash completion? (Y/n)? y
The Google Cloud SDK installer will now prompt you to update an rc
file to bring the Google Cloud CLIs into your environment.
Enter path to an rc file to update, or leave blank to use
[/Users/veryv/.bash_profile]:
Backing up [/Users/veryv/.bash_profile] to [/Users/veryv/.bash_profile.backup].
[/Users/veryv/.bash_profile] has been updated.
Start a new shell for the changes to take effect.
有关更多信息,请参见如何在Linux/Unix上安装gcutil工具来管理Google Compute Engine。
步骤2验证Google Compute Engine
语法为:
gcloud auth login gcloud auth login --project=YOUR-PROJECT-ID-HERE
如果您的项目ID是apache-cluster,请执行:
gcloud auth --project=apache-cluster
使用gcutil命令向Google Compute Engine进行身份验证
打开Web浏览器,然后转到指定的URL。
单击授予访问权限链接。
该页面将显示授权码。
复制此代码。
将授权代码粘贴到等待的gcutil auth终端中,然后按Enter。
执行以下命令以缓存project-id:
gcloud config set project YOUR-PROJECT-ID-HERE
步骤3验证实例状态
执行以下命令:
$ gcloud compute instances list
输出示例:
NAME ZONE MACHINE_TYPE INTERNAL_IP EXTERNAL_IP STATUS instance-1 asia-east1-c f1-micro 10.240.xx.yyy 104.155.xxx.zzz RUNNING
注意:instance-1实例在asia-east1-c区域中运行。
步骤4创建ssh密钥
语法为:
gcloud compute ssh instance_name_here gcloud compute ssh USER@instance_name_here gcloud compute ssh USER@instance_name_here -- arg1 arg2 gcloud compute --project PROJECT_ID_HERE ssh instance_name_here
在此示例中,使用ssh连接到db1实例:
$ gcloud compute ssh db1
WARNING: Consider passing '--zone=us-central1-a' to avoid the unnecessary zone lookup which requires extra API calls. INFO: Zone for db1 detected as us-central1-a. WARNING: You don't have an ssh key for Google Compute Engine. Creating one now... Enter passphrase (empty for no passphrase): TYPE-YOUR-PASSPHRASE-HERE Enter same passphrase again: TYPE-YOUR-PASSPHRASE-HERE INFO: Updated project with new ssh key. It can take several minutes for the instance to pick up the key. INFO: Waiting 300 seconds before attempting to connect.
gcutil创建本地文件来存储您的公钥和私钥,并将您的公钥复制到项目中。
默认情况下,gcutil将ssh密钥存储在本地系统上的以下文件中:
$HOME/.ssh/google_compute_engine您的私钥$HOME/.ssh/google_compute_engine.pub您的公共密钥
步骤5使用gcutil或ssh客户端进行连接
语法为:
gcloud compute ssh instance_name_here gcloud compute ssh USER@instance_name_here --zone NOZE_NAME_HERE
或者
ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i $HOME/.ssh/google_compute_engine -A -p 22 $USER@TYPE-GOOGLE-COMPUTE-ENGINE-PUBLIC-IP-HERE
在此示例中,使用gcloud工具连接到instance-1实例:
gcloud compute ssh instance-1
输出示例:
For the following instances: - [instance-1] choose a zone: [1] asia-east1-c [2] asia-east1-a [3] asia-east1-b [4] europe-west1-d [5] europe-west1-c [6] europe-west1-b [7] us-central1-c [8] us-central1-b [9] us-central1-a [10] us-central1-f Please enter your numeric choice: 1 Warning: Permanently added '104.155.xxx.zzz' (RSA) to the list of known hosts. [Hyman@instance-1 ~]$
在此示例中,使用ssh命令连接到db1(公共ip 1.2.3.4)实例:
ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i $HOME/.ssh/google_compute_engine -A -p 22 [email protected]
会话示例:
使用ssh连接到实例
要通过SSH进入asia-east1-c区域中的db3,请运行:
gcloud compute ssh db3 --zone asia-east1-c
您也可以在虚拟机上运行命令。
例如,要获取来宾进程树的快照,请运行:
gcloud compute ssh db3 --zone asia-east1-c --command "ps -ejH"
如果您使用的是Google容器虚拟机镜像,则可以通过以下方式SSH进入您的一个容器:
gcloud compute ssh db3 --zone asia-east1-c --container CONTAINER
如何以root用户身份登录?
出于安全原因,标准Google不能提供以root身份直接ssh的功能。
实例创建者和使用authorized_ssh_keys标志或元数据sshKeys值添加的任何用户都是该帐户的自动管理员,并且无需密码即可运行sudo。
执行以下命令以切换为root用户:
sudo -s
会话示例:
在Google计算实例上使用sudo -s命令进行根访问和实例管理员
可选:更新您的gcloud工具
执行以下命令:
gcloud components update
