Skip to content

Instantly share code, notes, and snippets.

@IAmSuyogJadhav

IAmSuyogJadhav/ssh-to-gcp-as-root.md

Last active September 6, 2019 20:09
Show Gist options
  • Save IAmSuyogJadhav/9e6f55255383f2046b4786bb20ceab5f to your computer and use it in GitHub Desktop.
Save IAmSuyogJadhav/9e6f55255383f2046b4786bb20ceab5f to your computer and use it in GitHub Desktop.
Download ZIP
SSH to your GCP Instance as the root user, even when outbound SSH port (22) is blocked on your local system.
Raw
ssh-to-gcp-as-root.md

On Local System

  1. Run the following command to generate a key.
$ ssh-keygen

You'll be asked to enter passphrase. You can leave that empty.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

A pair of keys (public and private) will now be generated and saved at the location you earlier entered.

Your identification has been saved in /Users/username/.ssh/id_rsa.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
The key fingerprint is:
<Your Key Here> [email protected]
  1. Start the ssh-agent:
$ eval `ssh-agent`
Agent pid 59566

add your key to the agent:

$ ssh-add ~/.ssh/id_rsa
  1. Copy the contents of ~/.ssh/id_rsa.pub to your clipboard. The file location can vary if you chose a different path for your key earlier.

Hint: It starts with ssh-rsa and ends with something@something.

On your GCP instance

  1. Connect to your instance by choosing Open in browser window on custom port option.

GCP Screenshot

  1. Open ~/.ssh/authorized_keys file for editing:
$ sudo nano ~/.ssh/authorized_keys

Paste the contents of clipboard and press CTRL + S to save the file. Press CTRL + X to exit the editor.

  1. Allow for root login on SSH connections. Open /etc/ssh/sshd_config for editing:
$ sudo nano /etc/ssh/sshd_config

Uncomment the line starting with PermitRootLogin prohibit-password and add another line right below it as shown:

PermitRootLogin prohibit-password
PermitRootLogin yes

Note: For systems older thatn Ubuntu 16.04, The lines would look like:

PermitRootLogin without-password
PermitRootLogin yes

Save the file and exit editor.

  1. Restart SSH service.
sudo service ssh reload

Connect from you local machine.

Now you should be able to ssh to your instance as root user by doing:

$ ssh <your root username>@<your instance's public ip>

Bonus: If outbound port 22 is blocked on your system

If your ISP blocks the default SSH port (22), you can use SSH over HTTPS port (443), which is generally not blocked. Follow the steps give below.

On your GCP instance

  1. Connect to your instance by choosing Open in browser window on custom port option.

GCP Screenshot

  1. Open /etc/ssh/sshd_config file for editing:
$ sudo nano /etc/ssh/sshd_config
  1. Uncomment the line
#Port 22

and replace it with

Port 443
  1. Save the file and exit the editor.
  2. Restart the SSHD service:
sudo service ssh reload
  1. Click on 3 dots next to your instance name and then select View network details option.

GCP Screenshot

Now click on default-allow-ssh in the list.

GCP Screenshot

Click on Edit option.

GCP Screenshot

Look for Protocols and ports heading and change it from

tcp: 22

to

tcp:22,443

Save the rule.

Connect from you local machine.

Now you should be able to ssh to your instance as root user by doing:

$ ssh -p 443 <your root username>@<your instance's public ip>

That's it. If you face any problems following the tutorial, comment down below and I might be able to help out. Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment