This document describes how to use a service account to connect to Compute Engine virtual machine (VM) instances using SSH. Setting up SSH for a service account enables you to configure apps to use SSH, which can help you to automate your workloads.
Before you begin
- Create a service account.
-
If you haven't already, set up authentication.
Authentication is
the process by which your identity is verified for access to Google Cloud services and APIs.
To run code or samples from a local development environment, you can authenticate to
Compute Engine as follows.
-
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
- Set a default region and zone.
-
Manually connect to VMs as a service account
To connect to VMs as a service account, use one of the following methods:
Directly impersonate service account
Use the gcloud CLI
--impersonate-service-account
flag
to connect directly to a VM using a service account's identity. Run the
following command to connect to a VM as a service account:
gcloud compute ssh VM_NAME \ --impersonate-service-account=SERVICE_ACCOUNT_EMAIL
Replace the following:
VM_NAME
: the name of the VM you want to connect to the service account as.SERVICE_ACCOUNT_EMAIL
: the email address associated with the service account.
Impersonate service account from a VM
Impersonate a service account from another VM by doing the following:
- Connect to the VM that runs as a service account.
From the VM that runs as a service account, connect to other VMs using the same methods.
What's next
- Learn how to configure apps to use SSH.
- Learn more about about how SSH connections work in Compute Engine, including SSH key configuration and storage.