ssh - 在 Google Compute 上设置外部授权 key

Question

我正在从 AWS 迁移，并且正在使用 ansible 部署到 Google Cloud 计算实例。我正在尝试使用授权 key 在盒子上设置一些用户。这曾经适用于 AWS，但似乎用户管理对于 Google Compute 来说有点不同。这就是我正在做的事情。

在本地创建了一个 ssh-key。将此 key (公共(public))放入 ansible 文件并将其复制到在 /home/deploy/.ssh/authorized_keys 中创建(使用 ansible)的新用户

我仍然无法使用本地框中的此 key 登录。

$ ssh -i ~/.ssh/deploy_rsa deploy@<host>

是否有允许登录该框的用户列表？我只能配置用户从云控制台登录到盒子吗？

编辑

$ ssh -i ~/.ssh/deploy_rsa deploy@<host>
... skipped some logs here ....
    Here's SSH logs from client side:
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /Users/ankit/.ssh/gcloud-rsa (0x7ff1d16105e0),
    debug2: key: /Users/ankit/.ssh/deploy_rsa (0x0), explicit
    debug1: Authentications that can continue: publickey
    debug3: start over, passed a different list publickey
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /Users/ankit/.ssh/gcloud-rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey
    debug1: Trying private key: /Users/ankit/.ssh/deploy_rsa
    debug3: sign_and_send_pubkey: RSA SHA256:h+yezPKOVjeA2ZKOAN/1r1GRe2s1nyGKwG6wobm+Vh0
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    Permission denied (publickey).

客户选择的另一个 key 来自 ~/.ssh/config

Answer 1

对Ansible了解不多，希望以下文档能帮助到Connecting to Instance , Adding and Removing SSH Keys , Creating User Accounts for Linux Instances

顺便说一句，由于防火墙设置，这也是可能的。在非默认网络中，默认情况下不允许使用 tcp:22。