gcloud compute ssh
only targets nic0
, therefore it is not possible to use it. The same applies to the SSH button in the VM instances list within the GCP Cloud Console.
Here is how I do it using gcloud
and openssh
from my Mac.
Make sure you have setup the Google Cloud SDK which provides you with the gcloud
cli.
> gcloud config get-value project
black-transport-233607
If you don't not either set it via gcloud config set project <gcpProject>
or specify --project <gcpProject>
with every gcloud command.
> gcloud compute instances list --filter 'name:(bigip)'
NAME ZONE MACHINE_TYPE INTERNAL_IP EXTERNAL_IP STATUS
bigip1-f5-a asia-east2-a n1-standard-4 10.100.9.14 198.18.142.15 RUNNING
bigip1-f5-b europe-west6-a n1-standard-2 10.0.0.3 198.18.16.191 RUNNING
bigip1-f5-c us-east1-b n1-standard-2 10.100.41.7 198.18.91.171 RUNNING
bigip1-f5-d us-east2-a n1-standard-2 10.101.40.2 198.18.87.101 RUNNING
bigip1-f5-e europe-west4-b n1-standard-4 172.16.7.2,172.16.29.2,10.99.81.13 198.18.187.243,198.18.91.14 RUNNING
# | nic0 | | nic1 | | nic2 | | nic0 | | nci1 |
# |_________| |__________|
# ^ ^
# internal management IP external management IP
This step only required when you haven't added your public key to the project For more details visit: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
> echo "$USER:$(cat ~/.ssh/id_ed25519.pub | cut -d' ' -f1,2) $USER" > ./myGCPpubKey
> gcloud compute instances add-metadata bigip1-f5-e --metadata-from-file ssh-keys=./myGCPpubKey
No zone specified. Using zone [europe-west4-b] for instance: [bigip1-f5-e].
Updated [https://www.googleapis.com/compute/v1/projects/black-transport-233607/zones/europe-west4-b/instances/bigip1-f5-e].
gcloud compute instances stop bigip1-f5-e --zone europe-west4-b
gcloud compute instances start bigip1-f5-e --zone europe-west4-b
using jq
> gcloud --format json compute instances describe bigip1-f5-e | jq '.networkInterfaces[].accessConfigs[]? | select(.name == "Management NAT") | .natIP'
No zone specified. Using zone [europe-west4-b] for instance: [bigip1-f5-e].
"198.18.91.14"
or awk
> gcloud --format json compute instances describe bigip1-f5-e | awk '/Management NAT/ {m=1} /.natIP/ {if (m==1) print $2}'
No zone specified. Using zone [europe-west4-b] for instance: [bigip1-f5-e].
"198.18.91.14"
> ssh -i ~/.ssh/id_ed25519 -l admin 198.18.91.14
The authenticity of host '198.18.91.14 (198.18.91.14)' can't be established.
ECDSA key fingerprint is SHA256:m+Te9Pah0PnMTeyXUtx2nW142H84+uiGJD/VE+zuhMY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '198.18.91.14' (ECDSA) to the list of known hosts.
admin@(bigip1-f5-e)(cfg-sync Standalone)(ModuleNotLicensed::Active)(/Common)(tmos)#