Mastering Google Cloud SSH Keys: A Comprehensive Guide

Servers employ SSH keys to leverage public-key cryptography to authenticate a user or equipment.

In this article, I'll demonstrate every single aspect of Google Cloud SSH Keys, including their creation, authentication, processing, and feature combining with other operating systems.So grab a cup of coffee and let's get started:

What is SSH and how does it work?

Secure Shell (SSH), is a network security protocol that uses encryption and authentication techniques to offer services like secure access and file transmission.

SSH offers a safe connection and other network security services in an unsecure network environment by encrypting and authenticating network data.

The SSH system has been extensively used worldwide as a safe substitute for Telnet and other vulnerable outgoing link protocols.

How does it work?

SSH uses a client and a server. The server-client communication procedure entails the following stages to create a secure SSH channel:

  • Establishing a connection:

    An SSH client sends a connection request on a certain port, and the SSH server responds to that request. A TCP connection is established between both the client and server.

  • Negotiating a version:

    In order to choose the SSH protocol to be used, the SSH client and the server must negotiate.

  • Program negotiation:

    SSH is compatible with several encryption techniques. They develop a public key algorithm for producing session keys depending on the algorithms that each party supports.

  • Switch of keys:

    To establish a shared session key and transaction ID that are used to create an encrypted channel, the server and client employ a key exchange algorithm.

  • User identification:

    After the client sends the server an authentication request, the host verifies the client.

  • Call for a session:

    The SSH client then submits a transaction inquiry to the server, asking it to perform a specific type of service, following the completion of the authentication process.

  • Engagement in the session:

    Data is exchanged between the SSH client and the server once a session is established.

Different types of SSH keys and their purposes

  1. 1

    Rivest-Shamir-Adleman (RSA):

    RSA is the largest surviving cryptosystem. It is typically employed to securely transmit data.

    Since no appropriate methods are employed to fix the large keys, the algorithm is slow. Even so, it is frequently used for mass decryption and encryption.

  2. 2


    DSA is employed to confirm the message's sender, origin, and genuineness. It is employed to authenticate messages, confirm their originality, and identify spam.

    Using discrete logarithm problems and modular exponentiation, DSA creates and validates digital certificates. 

  3. 3


    ECDSA (Elliptic Curve Digital Signature Algorithm) is a revolutionary digital signature algorithm that makes use of elliptic curves to impose an encryption procedure.

    It offers a high degree of protection with a reduced key length. In present-day system applications, the majority of SSH clients employ the ECDSA method.

How to generate SSH keys on different operating systems (Windows, Mac, Linux)

  1. 1

    Knowing SSH Keys

    The identification of a client asking for access to a distant server can be verified using SSH keys, which are two lengthy strings of characters. Using an SSH programme, the user generates these keys locally on their computer..

  2. 2

    Launching a computer terminal

    Instead of using a graphical user interface, a terminal enables text-based command interaction with your computer. Depending on the OS you are using, there are many methods for using the interface on your computer.

  3. 3

    Creating Keys Using OpenSSH

    The standard OpenSSH toolkit should already be installed on your macOS or Linux operating system. Afterwards, create a set of SSH keys using the tool ssh-keygen, which is actually a  part of this toolkit.

Creating and Managing Google Cloud SSH Keys:

How to create a new SSH key in Google Cloud Console

  • Navigate to the VM instances page in the Google Cloud console.

  • To add an SSH key, select the hostname of the virtual machine.

    Select Edit.

  • Choose Add item under SSH Keys.

  • Fill out the text box with your public key.

  • Choose Save.

How to add an SSH key to an existing project

  • Press SSH Keys.

  • In the Key area, paste the SSH key.

  • Provide a description of the user or the machine it is utilized from in the title by adding some descriptive language.

  • Press Add Key.

How to revoke SSH keys

  • The public keys must be kept in the revocation list file, therefore this is a straightforward solution.

  • Embed the fingerprint of the public key.

  • The annulment list file should have the public key appended.

  • All future attempts to utilize this password will be recorded in auth, and it will now be revoked.

Best practices for managing SSH keys

  • Find all Encryption keys and activate management of them.

  • Modify the default SSH port.

  • Turn off SSH Root Login.

  • Activate two-factor authentication, ensure SSH key attribution, and implement it.

  • Using PoLP, impose Minimum Levels of User Rights.

Authenticating with SSH Keys on Google Cloud:

How to use SSH keys to connect to Google Cloud VM instances

  • Choose the Metadata page from the Google Cloud console.

  • Click on Metadata.

  • Go to the SSH keys section.

  • Select Edit.

  • Add item by clicking. The text box appears.

  • In the text box, enter your public key.

How to use SSH keys for secure file transfers to and from VM instances

  • Setup an SSH server on your local Computer by downloading it.

  • Discover the private key and VM IP address.

  • With the aid of your SSH client, connect to the VM.

  • You can switch to the root account to take full control of your VM after connecting.

Troubleshooting common authentication issues with SSH keys

Common issue arises if:

  • The client is utilizing the incorrect public key or identifier.

  • There is no private key in the client's possession.

  • The public key is not stored on the destination server.

These common issues can be fixed by ensuring certain factors:

  • Ensure that the secret key itself has the appropriate ownership and permissions, as well as the authorized_keys file. 

  • Verify that the server accepts key-based authentication. 

  • Ensure that the SSH client can read the private key. 

  • Ensure your SSH keys are set up correctly for the session if you're using PuTTY.

Using SSH keys with Google Cloud Load Balancers and Kubernetes

When you use SSH-in-browser to connect to a VM, Compute Engine sets an indefinite key pair and a password for your connection.

Whether you utilize SSH keys saved in information or OS logins determines your username and the area where Compute Engine saves your SSH keys.

In this case, SSH into the instance is done via Network  Load Balancer and Kubernetes as follows:

  1. 1

    Reserve Public IP

  2. 2

    Construct a TCP Load Balancer using an instance as the backend.

  3. 3

    Hit the next button.

  4. 4

    Name your load balancer and choose your area.

  5. 5

    Configuration in the backend Choose Current Instances.

  6. 6

    Choose VM instances from the backend drop-down menu.

  7. 7

    Go to Frontend setup by clicking.

  8. 8

    Add the previously defined Reserve IP address and port number to Frontend settings.

  9. 9

    Choose Create.

  10. 10

    Modify the VM's setup to support SSHD.

  11. 11

    Setup the VM's SSH key.

Creating and using SSH keys with multiple users on a project

A unique key is required for each account. You can configure numerous SSH identities on your machine and utilize them via aliases even if you need different SSH pairs of keys for other accounts.

Instead of "git" or "hg," you can just just use your login. Still, you require individual keys.

  • Verify again whether an SSH key already exists.

  • Create a new SSH key if you don't already have one.

  • Your GitHub account should now contain the SSH key.

  • Make sure your git is linking to your host once more by

    If necessary, follow the directions again

Setting up 2-factor authentication with SSH keys

Using two-factor authentication is one technique to increase the security of SSH logins (2FA).

With this method, in addition to using their local admin credentials, administrators are required to identify with an enhanced security check.

  • The creation of a transient administrator account is optional.

  • Get Google Authenticator installed.

  • Install the Authenticator application on a smartphone.

  • To the Authenticator app, add the Linux platform.

  • Set up 2FA for SSH.

  • Check the 2FA configuration.

Tips for securing SSH keys and best practices for access management

  • Establishing SSH Keys:

    It is essential to design a common key creation method when creating SSH keys. IT administrators should make sure that their SSH keys are correctly handled from the start by giving out instructions for staff to follow each time they need an SSH key.

  • Major Principles:

    Having a solid key management policy (KMP) is critical to SSH access control best practices, even though it is crucial to make sure that keys are produced correctly to manage them effectively. 

  • Administration of SSH keys through the cloud:

    One excellent option to maintain consistency in SSH key management is to outsource access control to a third-party internet company.

    Public keys are immediately disseminated by cloud IAM to the IT assets that an individual is privy to, and they are withdrawn if the person leaves the company or their access is revoked.


As a result, this article will continue to emphasize the value of Google Cloud SSH Keys and how they contribute to cloud computing security and viability.

Also, its development, authentication procedure, and compatibility impact with Windows, Mac, and Linux characterized its resistance to diverse operating systems.

About the author


Youssef is a Senior Cloud Consultant & Founder of

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Related posts