GCP: Difference between revisions

Revision as of 16:40, 2 July 2021

Basics

Auth

gcloud auth login

Set project and zone

gcloud config set compute/zone us-east4-a
# see es command for more

Install gcloud CLI

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt update
sudo apt install google-cloud-sdk

Details Then you should copy the ssh key from another location:

scp -r case:.ssh/google_compute* ~/.ssh/

Tasks

Cloning a VM

Create an image of an existing VM, with the same name. It will be added under...

Compute Engine > VMs > Machine images

Create a new VM from the machine image

Remove external IP

You can edit the network and remove the External IP there, but it never seems enough. Additional steps to get it done:

gcloud compute instances describe box-1
              networkInteface
               - accessConfigs:
                 - ...
                   name: External NAT
gcloud compute instances delete-access-config box-1 --access-config-name "External NAT"
# REBOOT THE VM

Harden SSH to internal connections only

create a FUCKING NORMAL SSH CONNECTION from source to target machine
make the user that is connectable FULL SUDO or you will be fucked out of access!
Remove the GCP ssh bullshit
- set metadata key enable-oslogin to FALSE
- [x] block project-wide ssh
- restart
Now normal ssh should start working

@@ Line 30: / Line 30: @@
 ==== Harden SSH to internal connections only ====
 * create a FUCKING NORMAL SSH CONNECTION from source to target machine
+* make the user that is connectable FULL SUDO or you will be fucked out of access!
 * Remove the GCP ssh bullshit
 ** set metadata key enable-oslogin to FALSE