GCP: Difference between revisions

Basics

Auth

gcloud auth login

Set project and zone

gcloud config set compute/zone us-east4-a
# see es command for more

Install gcloud CLI

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt update
sudo apt install google-cloud-sdk

Details Then you should copy the ssh key from another location:

scp -r case:.ssh/google_compute* ~/.ssh/

Tasks

Cloning a VM

• Create an image of an existing VM, with the same name. It will be added under...

Compute Engine > VMs > Machine images

• Create a new VM from the machine image

Remove external IP

You can edit the network and remove the External IP there, but it never seems enough. Additional steps to get it done:

gcloud compute instances describe box-1
              networkInteface
               - accessConfigs:
                 - ...
                   name: External NAT
gcloud compute instances delete-access-config box-1 --access-config-name "External NAT"
# REBOOT THE VM

Harden SSH to internal connections only

• create a FUCKING NORMAL SSH CONNECTION from source to target machine (it won't work, that's ok, but you better do it right)
• make the user that is connectable FULL SUDO or you will be fucked out of access!

sudo visudo # and change sudo group to: (ALL) NOPASSWD: ALL
sudo usermod -a -G sudo esauto

• Remove the GCP ssh bullshit
  • set metadata key enable-oslogin to FALSE
  • [x] block project-wide ssh
  • restart
• Now normal ssh should start working