我想使用命令行解决以下问题:
我正在尝试从项目 a 中的 GCE VM 运行以下 PoC 脚本。
gcloud config set project project-b
gcloud compute instances create gce-vm-b --zone=us-west1-a
gcloud compute ssh --zone=us-west1-a gce-vm-b -- hostname
已成功创建 VM:
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
gce-vm-b us-west1-a n1-standard-16 10.12.34.56 12.34.56.78 RUNNING
但是在尝试SSH时出现以下错误:
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/google_compute_engine.
Your public key has been saved in /root/.ssh/google_compute_engine.pub.
The key fingerprint is:
...
Updating project ssh metadata...
.....................Updated [https://www.googleapis.com/compute/v1/projects/project-b].
>.done.
>Waiting for SSH key to propagate.
>ssh: connect to host 12.34.56.78 port 22: Connection timed out
>ERROR: (gcloud.compute.ssh) Could not SSH into the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
运行gcloud compute config-ssh未更改错误消息中的任何内容。还是ssh: connect to host 12.34.56.78 port 22: Connection timed out
我尝试向项目添加防火墙规则:
gcloud compute firewall-rules create default-allow-ssh --allow tcp:22
.
Creating firewall...
...........Created [https://www.googleapis.com/compute/v1/projects/project-b/global/firewalls/default-allow-ssh].
done.
NAME NETWORK DIRECTION PRIORITY ALLOW DENY
default-allow-ssh default INGRESS 1000 tcp:22
错误现在Permission denied (publickey)。
gcloud compute ssh --zone=us-west1-a gce-vm-b -- hostname
.
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'compute.4123124124324242' (ECDSA) to the list of known hosts.
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
附言项目-a"VM"是由Prow集群(由GKE运行(运行的容器。
"权限被拒绝(公钥("表示它无法验证用户名的公钥。
您尚未在命令中指定用户,因此将选择环境中的用户,并且可能不允许该用户进入实例 gce-vm-b。根据公有 SSH 密钥元数据为命令中的实例指定有效用户。