This is an old revision of the document!

Connecting Securely to Google Compute Engine Server with SFTP

With WinSCP you can easily upload and manage files on your Google Compute Engine (GCE) instance/server over SFTP protocol.

Before starting you should:

First you need to generate your private key, if you do not have one yet:

Advertisement

Collect information about your GCE instance:

  • IP address: Check External IP column on Compute > Compute Engine > VM Instances page of your of your project on Google Cloud Platform.
  • Host key fingerprint: On the first connect you will be prompted to verify a server host key.
    • To securely acquire a fingerprint of the host key, use web-based SSH client in Google Cloud Platform (use SSH link on the VM Instances page). You will see the MD5 fingerprint of RSA host key as soon as you connect, though WinSCP will by default opt to use better host key algorithms, like Ed25519. To see a fingerprints for different algorithms or for other host key algorithms, use ssh-keygen command:
      sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key
      sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key -E md5
      

Set up SSH keys for your Google Compute account:

  • Load your private key to PuTTYgen;
  • Enter your GCE username1 to Key comment box.
  • Copy a contents of Public key for pasting to OpenSSH authorized_keys file to the clipboard (note that the contents includes your username);
  • Go to Metadata page of your project on Google Cloud Platform;
  • Go to SSH Keys tab and click Edit;
  • Click Add item button and paste contents of the clipboard to Enter entire key data box (note how the username is automatically recognized).
  • On the bottom of the page, click Save and wait for the key to be saved.

If you want to set up the keys for a specific VM instance only, go to Edit > SSH Keys > Show and edit > Add item on the instance page instead of using project’s Metadata page.

Advertisement

Finally, start WinSCP. Login dialog will appear. On the dialog:

  • Make sure New site node is selected.
  • On the New site node, make sure SFTP protocol is selected.
  • Enter your GCE instance public IP address (see above) into the Host name box.
  • Enter your GCE username into the User name box;
  • Press Advanced button to open Advanced site settings dialog and go to SSH > Authentication page.
  • In the Private key file box select your private key file.
  • Submit the Advanced site settings dialog with OK button.
  • Save your site settings using the Save button.
  • Login using the Login button.
  • Verify the host key by comparing fingerprints with those collected before (see above).

Further reading

  1. If you do not know your username, it’s typically your Google account email address with all symbols replaced with underscore, i.e. username for martin@example.com is martin_example_com.Back

Last modified: by martin