GCP
Basics
Auth
gcloud auth login
Set project and zone
gcloud config set compute/zone us-east4-a # see es command for more
Install gcloud CLI
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list sudo apt update sudo apt install google-cloud-sdk
Details Then you should copy the ssh key from another location:
scp -r case:.ssh/google_compute* ~/.ssh/
Tasks
Cloning a VM
- Create an image of an existing VM, with the same name. It will be added under...
Compute Engine > VMs > Machine images
- Create a new VM from the machine image
Remove external IP
You can edit the network and remove the External IP there, but it never seems enough. Additional steps to get it done:
gcloud compute instances describe box-1 networkInteface - accessConfigs: - ... name: External NAT gcloud compute instances delete-access-config box-1 --access-config-name "External NAT" # REBOOT THE VM
Harden SSH to internal connections only
- create a FUCKING NORMAL SSH CONNECTION from source to target machine
- make the user that is connectable FULL SUDO or you will be fucked out of access!
- Remove the GCP ssh bullshit
- set metadata key enable-oslogin to FALSE
- [x] block project-wide ssh
- restart
- Now normal ssh should start working