journey to the cloud II: how to SSH into GCP using only the instance name
In the world of the internet we have the users , builders and at the base of it all data, lots and lots of data. These data have a million uses based on the user, it may be tranfered, stored, edited e.t.c. However today in our journey through the internet we want to talk about something interesting called OS login but before that we want to build up our knowledge on why on what is OS login and why we should use it? And we begin with Cloud Computing.
What is Cloud computing?
To put it simply, cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale. Back in the day before the cloud Imagine a company called Trex incorporation which provides services to its users and said company needs server to store or host their data its only fair for them to buy and build their server on premise and maintain it by themselves and if the server traffic gets high they have to upscale by building more servers and also when the traffic reduces they downscale leaving some servers idle, while this is a normal thing to do you should note the cost of buying and maintaining a server is quite high and leaving them idle when downscaling is not cost effective so that and other issues paved the way for the creation of "The cloud". to put it in a simplier form using the cloud is basically paying to use another person's server. This comes with some awesome advantages like:
- Cloud computing eliminates the capital expense of buying hardware and software and setting up and running on-site datacenters. In the cloud you literally pay for what you use.
- Global scale: In cloud speak, that means delivering the right amount of IT resources for example, more or less computing power, storage, bandwidth—right when they’re needed, and from the right geographic location.
- Speed: Most cloud computing services are provided self service and on demand, so even vast amounts of computing resources can be provisioned in minutes, typically with just a few mouse clicks, giving businesses a lot of flexibility and taking the pressure off capacity planning.
- Productivity: On-site datacenters typically require a lot of “racking and stacking” hardware setup, software patching, and other time-consuming IT management chores. Cloud computing removes the need for many of these tasks, so IT teams can spend time on achieving more important business goals.
- Performance: The biggest cloud computing services run on a worldwide network of secure datacenters, which are regularly upgraded to the latest generation of fast and efficient computing hardware. This offers several benefits over a single corporate datacenter, including reduced network latency for applications and greater economies of scale.
- Reliability: Cloud computing makes data backup, disaster recovery, and business continuity easier and less expensive because data can be mirrored at multiple redundant sites on the cloud provider’s network.
- Security: Many cloud providers offer a broad set of policies, technologies, and controls that strengthen your security posture overall, helping protect your data, apps, and infrastructure from potential threats. Examples of three Cloud Providers that provide these cloud services are:
- Google's Google Cloud Platform (GCP)
- Amazon's Amazon Web Services (AWS)
- Microsoft's Microsoft Azure.
There are many others like IBM cloud, Rackspace, Godaddy e.t.c
Google Cloud Platform (GCP)
Google Cloud Platform is a provider of computing resources for deploying and operating applications on the web. Its specialty is providing a place for individuals and enterprises to build and run software, and it uses the web to connect to the users of that software. When you run a website, an application, or a service on Google Cloud Platform (GCP), Google keeps track of all of the resources it uses -- specifically, how much processing power, data storage, database queries, and network connectivity it consumes. Rather than lease a server or a DNS address by the month (which is what you would do with an ordinary website provider), you pay for each of these resources on a per-second basis, with discounts that apply when your services are used heavily by your customers on the web. Now that the basics are covered. we move into creating and managing projects in GCP. after signing up for GCP using your Email and credit card details, new users get up to $300 credits and to access the cloud console a new project has to be created and linked to a biiling account. Do not worry your money is safe because GCP wouldnt charge from your card unless you have exhausted your $300 free credits. After the project( for example a project named 'projectTrex') is created you have access to your cloud console for 'projectTrex'. Now we talk about access and permissions. By default, all Google Cloud projects come with a single user: the original project creator. No other users have access to the project, and therefore, access to Compute Engine resources, until a user is added as a project member or is bound to a specific resource, To give users the ability to create and manage your resources for example Compute engine which allows you to spin up virtual machines, servers, database e.t.c, you can add users as team members to your project or to specific resources and grant them permissions using Identity and Access Management (IAM) roles.
If we want to run a linux virtual machine in our 'projectTrex' all what we need to do is head over to the compute engine, click on the virtual machine options then the Vm instances and we will be prompt to create our first instance, there you will see a bunch of options on creating your instance you can refer to this article on creating a Ubuntu instance.
After the instance has been created you can SSH into it using various ways
- SSH using the browser Ubuntu instance willl be available to you in a new window in the browser all you need to do is:
- navigate to the Compute engine.
- click on virtual machines
- you would see a list of your instances in the project under the connect section click on SSH and click on 'open in browser window'.
- SSH using public key
OS login
OS Login simplifies SSH access management by linking your Linux user account to your Google identity. The Benefit is something known as 'Automatic Linux account lifecycle management' this simply means that You can directly tie a Linux user to a user's Google identity so that the same Linux account information is used across all instances in the same project instead of manually adding or removing SSH keys in for every instance you spin up, and it is relatively easy to set up. for indept information on how OS login works you can visit the OS Login github repository.
How to set up OS login: you would need a key pair this can be created using:
ssh-keygen -t ecdsa
in this article i am using the gcloud SDK so lets run through how to set it up.
- in your linux / macOs terminal run
sudo apt-get update
- Add the Cloud SDK distribution URI as a package source:
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
- Make sure you have apt-transport-https installed:
sudo apt-get install apt-transport-https ca-certificates gnupg
- Import the Google Cloud public key
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
- Update and install the Cloud SDK
sudo apt-get update && sudo apt-get install google-cloud-sdk
- run gcloud init to get started
gcloud init
- it will prompt you to log in and choose a project now after all that is done we enable OS login using
gcloud compute instances add-metadata [INSTANCE_NAME] --metadata enable-oslogin=TRUE
enabling OS login will automatically disable metadata keys. The last command you will run is
gcloud compute ssh [INSTANCE_NAME]
it may create another ssh keys for your gcloud but fear not it is all automated and you just need to click enter twice if you don't need a passphrase. congrats you have succesfully SSH into your own instance using only the instance name.
I tried to make it easy to follow but if you have any questons please feel free to ask in the commet session. Thank you :)