Documentation » Using WinSCP » Guides » Cloud Computing »

Connecting Securely to Google Compute Engine Server with SFTP

With WinSCP you can easily upload and manage files on your Google Compute Engine (GCE) instance/server over SFTP protocol.

Before starting you should:

First you need to generate your private key, if you do not have one yet:


Collect information about your GCE instance:

  • IP address: Check External IP column on Compute > Compute Engine > VM Instances page of your project on Google Cloud Platform.
  • Host key fingerprint: On the first connect you will be prompted to verify a server host key.
    • To securely acquire a fingerprint of the host key, use web-based SSH client in Google Cloud Platform (use SSH link on the VM Instances page). In the console, use ssh-keygen command to display a fingerprint of any number of host keys algorithms. The following example shows SHA-256 and MD5 fingerprints of Ed25519 hostkey:
      sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key
      sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key -E md5

Set up SSH keys for your Google Compute account:

  • Load your private key to PuTTYgen;
  • Enter your GCE username1 (or any other account name you want to be created) to Key comment box. Note what account name does the console extract out of that username (it will typically drop everything after @).
  • Copy a contents of Public key for pasting into OpenSSH authorized_keys file to the clipboard (note that the contents includes your username);
  • Go to Metadata page of your project on Google Cloud Platform;
  • Go to SSH Keys tab and click Edit;
  • Click Add item button and paste contents of the clipboard to Enter public SSH key box (note how the username is automatically recognized).
  • On the bottom of the page, click Save and wait for the key to be saved.

If you want to set up the keys for a specific VM instance only, go to Edit > SSH Keys > Show and edit > Add item on the instance page instead of using project’s Metadata page.


Finally, start WinSCP. Login dialog will appear. On the dialog:

  • Make sure New site node is selected.
  • On the New site node, make sure SFTP protocol is selected.
  • Enter your GCE instance public IP address (see above) into the Host name box.
  • Enter the account name (that the console extracted out of your GCE username) into the User name box;
  • Press Advanced button to open Advanced site settings dialog and go to SSH > Authentication page.
  • In the Private key file box select your private key file.
  • Submit the Advanced site settings dialog with OK button.
  • Save your site settings using the Save button.
  • Login using the Login button.
  • Verify the host key by comparing fingerprints with those collected before (see above).

Further reading

  1. If you do not know your username, it’s typically your Google account email addressBack

Last modified: by martin