使用安全 Shell 客户端通过 SSH 进入 Google Cloud Compute Engine 实例
我需要使用 Google 云计算引擎设置和测试我的 Web 应用。如何在基于 Ubuntu Linux 或 Apple OS X 的系统上使用 ssh 连接到实例?
默认情况下,您始终可以使用 ssh 连接到实例。这很有用,因此您可以管理和配置实例,而不仅仅是通过 gcutil 或 REST API 启用的基本配置。通过 ssh 连接到实例的最简单方法是从本地 Linux/OS X 系统使用 gcutil 命令。需要执行以下步骤
打开 Web 浏览器,然后转到指定的 URL。单击授予访问权限链接。页面将显示授权码。复制此代码。将授权码粘贴到等待的 gcutil auth 终端中,然后按 Enter。输入以下命令来缓存项目 ID:
| 教程详细信息 | |
|---|---|
| 难度等级 | 中间的 |
| Root 权限 | 不 |
| 要求 | Linux 或 Unix 终端 |
| 类别 | 终端/ssh |
| 先决条件 | 谷歌云SDK |
| 操作系统兼容性 | BSD • Linux • macOS • Unix |
| 预计阅读时间 | 8 分钟 |
- 安装 gcutil/google sdk
- 授权实例
- 验证实例状态
- 创建 ssh 密钥
- 使用 gcutil 或 ssh 客户端进行连接
步骤 1 - 安装 gcutil
gcutil 可在基于 UNIX 的操作系统(如 Linux 和 Mac OS X)上运行。要使用 gcutil,您必须在计算机上安装 Python 2.6.x 或 2.7.x。gcutil 不支持 Python 3.x。大多数 Linux 发行版和 Mac OS X 上都默认安装了 Python。打开终端并输入以下命令或访问此 URL 获取 gcutil 工具。
Debian / Ubuntu / RHEL / CentOS Linux/OS X UNIX用户输入以下命令:
打开终端并输入:
示例输出:
## Download IT ##
$ wget https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz
$ tar -zxvf google-cloud-sdk.tar.gz
## INSTALL IT ##
$ bash google-cloud-sdk/install.sh
Welcome to the Google Cloud SDK! The Google Cloud SDK is currently in developer preview. To help improve the quality of this product, we collect anonymized data on how the SDK is used. You may choose to opt out of this collection now (by choosing 'N' at the below prompt), or at any time in the future by running the following command: gcloud config set --scope=user disable_usage_reporting true Do you want to help improve the Google Cloud SDK (Y/n)? n This will install all the core command line tools necessary for working with the Google Cloud Platform. The following components will be installed: ------------------------------------------------------------------------------------------- | BigQuery Command Line Tool | 2.0.18 | < 1 MB | | BigQuery Command Line Tool (Platform Specific) | 2.0.18 | < 1 MB | | Cloud DNS Admin Command Line Interface | 2015.04.29 | < 1 MB | | Cloud SDK Core Command Line Tools | 1 | | | Cloud SDK Core Libraries (Platform Specific) | 2014.10.20 | < 1 MB | | Cloud SQL Admin Command Line Interface | 2015.04.09 | < 1 MB | | Cloud Storage Command Line Tool | 4.12 | 2.5 MB | | Cloud Storage Command Line Tool (Platform Specific) | 4.6 | < 1 MB | | Compute Engine Command Line Interface | 2015.04.29 | < 1 MB | | Compute Engine Command Line Tool (deprecated) | 1.16.5 | < 1 MB | | Compute Engine Command Line Tool (deprecated) (Platform Specific) | 1.16.5 | < 1 MB | | Default set of gcloud commands | 2015.04.29 | < 1 MB | | Native extensions for gcloud commands (Mac OS X, x86_64) | 0.15.0 | 4.0 MB | ------------------------------------------------------------------------------------------- |- Creating update staging area -| |============================================================| |- Installing: BigQuery Command Line Tool -| |============================================================| |- Installing: BigQuery Command Line Tool (Platform Spec... -| |============================================================| |- Installing: Cloud DNS Admin Command Line Interface -| |============================================================| |- Installing: Cloud SDK Core Command Line Tools -| |============================================================| |- Installing: Cloud SDK Core Libraries (Platform Specific) -| |============================================================| |- Installing: Cloud SQL Admin Command Line Interface -| |============================================================| |- Installing: Cloud Storage Command Line Tool -| |============================================================| |- Installing: Cloud Storage Command Line Tool (Platform... -| |============================================================| |- Installing: Compute Engine Command Line Interface -| |============================================================| |- Installing: Compute Engine Command Line Tool (depreca... -| |============================================================| |- Installing: Compute Engine Command Line Tool (depreca... -| |============================================================| |- Installing: Default set of gcloud commands -| |============================================================| |- Installing: Native extensions for gcloud commands (Ma... -| |============================================================| Creating backup and activating new installation... Update done! Modify profile to update your $PATH and enable bash completion? (Y/n)? y The Google Cloud SDK installer will now prompt you to update an rc file to bring the Google Cloud CLIs into your environment. Enter path to an rc file to update, or leave blank to use [/Users/veryv/.bash_profile]: Backing up [/Users/veryv/.bash_profile] to [/Users/veryv/.bash_profile.backup]. [/Users/veryv/.bash_profile] has been updated. Start a new shell for the changes to take effect.
有关更多信息,请参阅如何安装 gcutil 工具来管理 Linux / Unix 上的 Google Compute Engine 。
第 2 步 - 向 Google Compute Engine 进行身份验证
语法是:
gcloud auth login gcloud auth login --project=YOUR-PROJECT-ID-HERE
如果你的项目 id 是“apache-cluster”,请输入:
gcloud auth --project=apache-cluster示例输出:
图 01:使用 gcutil 命令向 Google Compute Engine 进行身份验证
gcloud config set project YOUR-PROJECT-ID-HERE步骤 3 – 验证实例状态
键入以下命令:
$ gcloud compute instances list
示例输出:
NAME ZONE MACHINE_TYPE INTERNAL_IP EXTERNAL_IP STATUS instance-1 asia-east1-c f1-micro 10.240.xx.yyy 104.155.xxx.zzz RUNNING
注意:instance-1实例在asia-east1-c区域运行。
步骤 4 - 创建 ssh 密钥
语法是:
gcloud compute ssh instance_name_here gcloud compute ssh USER@instance_name_here gcloud compute ssh USER@instance_name_here -- arg1 arg2 gcloud compute --project PROJECT_ID_HERE ssh instance_name_here
在此示例中,使用 ssh 连接到 db1 实例:
$ gcloud compute ssh db1
WARNING: Consider passing '--zone=us-central1-a' to avoid the unnecessary zone lookup which requires extra API calls. INFO: Zone for db1 detected as us-central1-a. WARNING: You don't have an ssh key for Google Compute Engine. Creating one now... Enter passphrase (empty for no passphrase): TYPE-YOUR-PASSPHRASE-HERE Enter same passphrase again: TYPE-YOUR-PASSPHRASE-HERE INFO: Updated project with new ssh key. It can take several minutes for the instance to pick up the key. INFO: Waiting 300 seconds before attempting to connect.
gcutil 创建本地文件来存储您的公钥和私钥,并将您的公钥复制到项目。默认情况下,gcutil 将 ssh 密钥存储在本地系统上的以下文件中:
- $HOME/.ssh/google_compute_engine– 您的私钥
- $HOME/.ssh/google_compute_engine.pub– 你的公钥
步骤 5 - 使用 gcutil 或 ssh 客户端连接
语法是:
gcloud compute ssh instance_name_here gcloud compute ssh USER@instance_name_here --zone NOZE_NAME_HERE
或者
ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i $HOME/.ssh/google_compute_engine -A -p 22 $USER@TYPE-GOOGLE-COMPUTE-ENGINE-PUBLIC-IP-HERE
在此示例中,使用 gcloud 工具连接到“instance-1”实例:
gcloud compute ssh instance-1
示例输出:
For the following instances: - [instance-1] choose a zone: [1] asia-east1-c [2] asia-east1-a [3] asia-east1-b [4] europe-west1-d [5] europe-west1-c [6] europe-west1-b [7] us-central1-c [8] us-central1-b [9] us-central1-a [10] us-central1-f Please enter your numeric choice: 1 Warning: Permanently added '104.155.xxx.zzz' (RSA) to the list of known hosts. [vivek@instance-1 ~]$
在此示例中,使用 ssh 命令连接到 db1(公网 IP 1.2.3.4)实例:
ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i $HOME/.ssh/google_compute_engine -A -p 22 vivek@1.2.3.4
示例会话:
图 02:使用 ssh 连接实例
要通过 SSH 进入 asia-east1-c 区域的“db3”,请运行:
gcloud compute ssh db3 --zone asia-east1-c
您还可以在虚拟机上运行命令。例如,要获取客户机进程树的快照,请运行:
gcloud compute ssh db3 --zone asia-east1-c --command "ps -ejH"
如果您正在使用 Google 容器虚拟机映像,则可以通过以下方式通过 SSH 进入其中一个容器:
gcloud compute ssh db3 --zone asia-east1-c --container CONTAINER
如何以 root 用户身份登录?
出于安全原因,标准 Google 不提供直接以 root 身份 ssh 的功能。实例创建者和使用 –authorized_ssh_keys 标志或元数据 sshKeys 值添加的任何用户都会自动成为该帐户的管理员,并且无需密码即可运行 sudo。输入以下命令切换到 root 用户:
sudo -s
示例会话:
图 03:在 Google 计算实例上使用“sudo -s”命令的 Root 访问权限和实例管理员
可选:更新您的 gcloud 工具
键入以下命令:
gcloud components update
示例输出:
The following components will be updated:
-----------------------------------------------------------------------
| BigQuery Command Line Tool | 2.0.18 | < 1 MB |
| Cloud DNS Admin Command Line Interface | 2015.04.29 | < 1 MB |
| Cloud SDK Core Libraries | 2015.04.29 | 1.8 MB |
| Cloud SDK Core Libraries (Platform Specific) | 2014.10.20 | < 1 MB |
| Cloud SQL Admin Command Line Interface | 2015.04.09 | < 1 MB |
| Cloud Storage Command Line Tool | 4.12 | 2.5 MB |
| Compute Engine Command Line Interface | 2015.04.29 | < 1 MB |
| Compute Engine Command Line Tool (deprecated) | 1.16.5 | < 1 MB |
-----------------------------------------------------------------------
The following components will be installed:
----------------------------------------------------------------------------------
| Default set of gcloud commands | 2015.04.29 | < 1 MB |
| Native extensions for gcloud commands (Mac OS X, x86_64) | 0.15.0 | 4.0 MB |
----------------------------------------------------------------------------------
Do you want to continue (Y/n)? y
Creating update staging area...
Uninstalling: BigQuery Command Line Tool ... Done
Uninstalling: Cloud DNS Admin Command Line Interface ... Done
Uninstalling: Cloud SDK Core Libraries ... Done
Uninstalling: Cloud SDK Core Libraries (Platform Specific) ... Done
Uninstalling: Cloud SQL Admin Command Line Interface ... Done
Uninstalling: Cloud Storage Command Line Tool ... Done
Uninstalling: Compute Engine Command Line Interface ... Done
Uninstalling: Compute Engine Command Line Tool (deprecated) ... Done
Installing: BigQuery Command Line Tool ... Done
Installing: Cloud DNS Admin Command Line Interface ... Done
Installing: Cloud SDK Core Libraries ... Done
Installing: Cloud SDK Core Libraries (Platform Specific) ... Done
Installing: Cloud SQL Admin Command Line Interface ... Done
Installing: Cloud Storage Command Line Tool ... Done
Installing: Compute Engine Command Line Interface ... Done
Installing: Compute Engine Command Line Tool (deprecated) ... Done
Installing: Default set of gcloud commands ... Done
Installing: Native extensions for gcloud commands (Mac OS X, x86_64) ... Done
Creating backup and activating new installation...
Done!结论
您学习了如何通过 SSH 连接到 Google 云计算机 VM/服务器。有关更多信息,请参阅以下文档:
- $HOME/.bash_profile 文件示例。
- Google Compute Engine文档。
- 手册页: