2

Base on VPN i would like to remove the external ip address of my servers and only ssh using their internal/private ip address.

I have a VPN GW in my Google Compute private network and all my servers doesn't have any external ip address.

I can open a VPN connection to the GW from my laptop and PING servers in my accounts using only their private ip address. Now I would like to SSH these servers using Google's gcutil but it looks like it can only use external IP address.

Does gcutil have any option to ssh base on internal/private IPs? or does gcutil only use external IP address when establishing an SSH session?

Amir
  • 54
  • 8

1 Answers1

5

At this point, you should be able to ssh to your machines directly based on their internal IP address, as long as you specify the key. Assuming you have a machine with an IP address of 10.11.12.13, you should run ssh -i ~/.ssh/google_compute_engine 10.11.12.13.

If you'd like to ssh by name, the simplest thing would be to configure your DNS resolver to use the one on the VPN gateway. At that point, you'd be able to run ssh -i ~/.ssh/google_compute_engine <machine_name>.

To take it a step further, you'd probably like to avoid having to include the -i flag every time you ssh. The simplest approach is to run an ssh agent (most modern desktop environments already have one, so this is a no-op for most folks), and add your key to it with ssh-add ~/.ssh/google_compute_engine. Once your key is in an agent, it will automatically be used.

Once you've done all these things, you should be able to ssh to a machine called "foobar" with a simple ssh foobar command.

Benson
  • 22,457
  • 2
  • 40
  • 49