This is an old revision of the document!
Connecting securely to Google Compute Engine server with SFTP
With WinSCP you can easily upload and manage files on your Google Compute Engine (GCE) instance/server over SFTP protocol.
Before starting you should:
First you need to generate your private key, if you do not have one yet:
- Use PuTTYgen tool to generate new key.
- PuTTYgen installs by default with WinSCP. One way, to run it, is using Tools > Run PuTTYgen command on WinSCP Login dialog.
Advertisement
Collect information about your GCE instance:
- IP address: Check External IP column on Compute > Compute Engine > VM Instances page of your project on Google Cloud Platform.
- Host key fingerprint: On the first connect you will be prompted to verify a server host key.
- To securely acquire a fingerprint of the host key, use web-based SSH client in Google Cloud Platform (use SSH link on the VM Instances page). In the console, use
ssh-keygen
command to display a fingerprint of any number of host keys algorithms. The following example shows SHA-256 and MD5 fingerprints of Ed25519 hostkey:
sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key -E md5
- To securely acquire a fingerprint of the host key, use web-based SSH client in Google Cloud Platform (use SSH link on the VM Instances page). In the console, use
Set up SSH keys for your Google Compute account:
- Load your private key to PuTTYgen;
- Enter your GCE username1 (or any other account name you want to be created) to Key comment box. Note what account name does the console extract out of that username (it will typically drop everything after
@
). - Copy a contents of Public key for pasting into OpenSSH authorized_keys file to the clipboard (note that the contents includes your username);
- Go to Metadata page of your project on Google Cloud Platform;
- Go to SSH Keys tab and click Edit;
- Click Add item button and paste contents of the clipboard to Enter public SSH key box (note how the username is automatically recognized).
- On the bottom of the page, click Save and wait for the key to be saved.
If you want to set up the keys for a specific VM instance only, go to Edit > SSH Keys > Show and edit > Add item on the instance page instead of using project’s Metadata page.
Advertisement
Finally, start WinSCP. Login dialog will appear. On the dialog:
- Make sure New site node is selected.
- On the New site node, make sure SFTP protocol is selected.
- Enter your GCE instance public IP address (see above) into the Host name box.
- Enter the account name (that the console extracted out of your GCE username) into the User name box;
- Press Advanced button to open Advanced site settings dialog and go to SSH > Authentication page.
- In the Private key file box select your private key file.
- Submit the Advanced site settings dialog with OK button.
- Save your site settings using the Save button.
- Login using the Login button.
- Verify the host key by comparing fingerprints with those collected before (see above).
Further reading
- Guide to uploading files to SFTP server;
- Guide to automating operations (including upload);
- How do I change user after login (e.g. su root)?
- Guide to connecting to Amazon EC2 server with SFTP;
- Guide to connecting to Microsoft Azure Service with SFTP or FTPS.
- If you do not know your username, it’s typically your Google account email addressBack