Stay organized with collections
Save and categorize content based on your preferences.
The Google Distributed Cloud (GDC) air-gapped guest environment is a necessary component to
configure SSH keys on your virtual machines (VM) to both connect and
transfer files remotely. You must have the guest environment before you
connect to a VM
and
transfer files,
where you configure the SSH keys and use the secure copy (SCP) command-line
tool. The guest environment is installed and enabled by default on all GDC VMs.
Request permissions and access
To perform the tasks listed in this page, you must have the Project
VirtualMachine Admin role. Follow the steps to either
verify
your access or have your Project IAM Admin
assign
you the Project VirtualMachine Admin (project-vm-admin) role in the namespace
of the project where the VM resides.
Disable access management
Follow these steps to disable the access management feature while keeping the
guest environment enabled:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThe Google Distributed Cloud (GDC) air-gapped guest environment is essential for configuring SSH keys on VMs, enabling remote connection and file transfer.\u003c/p\u003e\n"],["\u003cp\u003eThe guest environment is automatically installed and enabled on all GDC VMs.\u003c/p\u003e\n"],["\u003cp\u003eTo manage VMs, you must have the Project VirtualMachine Admin role, which can be verified or assigned by the Project IAM Admin.\u003c/p\u003e\n"],["\u003cp\u003eYou can disable the access management feature within the guest environment while keeping the environment itself active, by editing the VM's \u003ccode\u003espec\u003c/code\u003e field and setting \u003ccode\u003eenable\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e, then restarting your VM.\u003c/p\u003e\n"]]],[],null,["# Guest environment\n\nThe Google Distributed Cloud (GDC) air-gapped guest environment is a necessary component to configure SSH keys on your virtual machines (VM) to both connect and transfer files remotely. You must have the guest environment before you [connect to a VM](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/vms/connect-to-vm/connect-to-a-vm) and [transfer files](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/vms/connect-to-vm/transfer-files), where you configure the SSH keys and use the secure copy (SCP) command-line tool. The guest environment is installed and enabled by default on all GDC VMs.\n\n### Request permissions and access\n\nTo perform the tasks listed in this page, you must have the Project\nVirtualMachine Admin role. Follow the steps to either\n[verify](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/vms/preparation#verify-user-access)\nyour access or have your Project IAM Admin\n[assign](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/vms/preparation)\nyou the Project VirtualMachine Admin (`project-vm-admin`) role in the namespace\nof the project where the VM resides.\n\nDisable access management\n-------------------------\n\nFollow these steps to disable the access management feature while keeping the\nguest environment enabled:\n\n1. Stop your VM.\n2. Edit the VM `spec` field:\n\n kubectl edit virtualmachines.virtualmachine.gdc.goog \u003cvar translate=\"no\"\u003eVM_NAME\u003c/var\u003e -n \u003cvar translate=\"no\"\u003eVM_NAMESPACE\u003c/var\u003e\n\n Replace \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eVM_NAME\u003c/code\u003e\u003c/var\u003e with your VM name, and\n \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eVM_NAMESPACE\u003c/code\u003e\u003c/var\u003e with your VM namespace.\n3. Add the following fields to the `spec` field:\n\n apiVersion: virtualmachine.gdc.goog/v1\n kind: VirtualMachine\n metadata:\n name: vm-example\n namespace: project-example\n spec:\n guestEnvironment:\n accessManagement:\n enable: false\n\n The `name` field contains your VM name, and the `namespace` field contains\n your VM namespace.\n4. [Restart your VM](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/vms/manage-vms/operations-and-lifecycle/start-and-stop-vm#restart-a-vm)."]]
