Secure SSH Access to Google Cloud Instances

Prev Question Next Question

Question

All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys.

None of the instances are set with any SSH key, and no project-wide SSH keys have been configured.

Firewall rules are set up to allow SSH sessions from any IP address range.

You want to SSH into one instance.

What should you do?

Answers

A. Open the Cloud Shell SSH into the instance using gcloud compute ssh.

B. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.

C. Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.

D. Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://cloud.google.com/compute/docs/storing-retrieving-metadata

Based on the information provided, we know that instances in the project are not configured to allow SSH access via project-wide SSH keys and also not set up with any SSH key. We also know that the custom metadata enable-oslogin value is set to FALSE.

Option A: The first option suggests opening the Cloud Shell and SSH into the instance using the gcloud compute ssh command. This option may not work because the instances are not configured to allow SSH access via project-wide SSH keys or set up with any SSH key. It is possible that this option may not work due to the custom metadata enable-oslogin value set to FALSE.

Option B: The second option suggests changing the custom metadata enable-oslogin value to TRUE and SSH into the instance using a third-party tool like Putty or SSH. This option may not work because changing the custom metadata value requires the instance to be restarted, which may not be feasible or desirable. Moreover, enabling OS Login will require users to authenticate using their Google Cloud identity or a third-party identity provider. If these authentication mechanisms are not set up, this option may not work.

Option C: The third option suggests generating a new SSH key pair, verifying the format of the private key, and adding it to the instance. After that, SSH into the instance using a third-party tool like Putty or SSH. This option may work because adding a public SSH key to an instance allows users to access the instance via SSH. The private key needs to be kept secure and must be used with the appropriate permissions to access the instance. However, this option may be time-consuming and require additional configuration steps.

Option D: The fourth option suggests generating a new SSH key pair, verifying the format of the public key, and adding it to the project. After that, SSH into the instance using a third-party tool like Putty or SSH. This option may work because adding a public SSH key to the project will allow users to access any instance within the project. However, this option may not be desirable if users should not have access to all instances within the project.

In conclusion, option C may be the best option to SSH into the instance, but option D may also work depending on the requirements and configuration of the project.

Prev Question Next Question