This document describes how to connect to Linux virtual machine (VM) instances as the root user, which enables superuser privileges on the VM. By default, Compute Engine VMs built from public images and most common operating systems don't allow root login with a password over SSH.
An alternative to connecting to VMs as the root user is to run commands through
sudo
, which we recommend instead of enabling root login.
Supported operating systems
These connection methods are supported for all public Linux images that are available on Compute Engine. For Fedora CoreOS images, you must set up SSH access before you can use these methods.
Enable root login
By default, Compute Engine VMs, set the PermitRootLogin
parameter to
prohibit-password
or no
in the /etc/ssh/sshd_config
SSH configuration
file. Enable root login by following the instructions for your VM:
OS Login VMs
Enable root login by doing the following:
Create an SSH key. Copy the public SSH key for later.
Connect to the VM as you usually do.
Change
PermitRootLogin no
toPermitRootLogin prohibit-password
in the/etc/ssh/sshd_config
file, by running the following command:sudo sed -i 's/PermitRootLogin no/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
Create the
/root/.ssh
directory using the following command:sudo mkdir /root/.ssh
Set permissions on the
.ssh
directory, by running the following command:sudo chmod 700 /root/.ssh
Create the
authorized_keys
file by running the following command:sudo touch /root/.ssh/authorized_keys
Set permissions on the
authorized_keys
file, by running the following command:sudo chmod 600 /root/.ssh/authorized_keys
Paste the public SSH key into the
/root/.ssh/authorized_keys
file.Restart the
sshd
daemon by restarting the VM, or running the restart command for your VM's operating system. Wait for the VM to reboot, then connect as the root user.
Non-OS Login VMs
Enable root login by doing the following:
Connect to the VM as you usually do.
Change
PermitRootLogin no
toPermitRootLogin prohibit-password
in the/etc/ssh/sshd_config
file, by running the following command:sudo sed -i 's/PermitRootLogin no/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
Restart the
sshd
daemon by restarting the VM, or running the restart command for your VM's operating system. Wait for the VM to reboot, then connect as the root user.
Connect as the root user
After you enable root login, connect to the VM as the root user. If you're connecting to a VM that has OS Login enabled, you must use third-party tools instead of the gcloud CLI.
gcloud
Note: You must use third-party tools to connect as the root user if the VM you're connecting to has OS Login enabled.
Connect to VMs as the root user by using the
gcloud compute ssh
command with
root@
specified before the VM name:
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
Connect to the VM by running the following command:
gcloud compute ssh \ --project=PROJECT_ID \ --zone=ZONE \ root@VM_NAME
Replace the following:
PROJECT_ID
: the ID of the project that contains the VMZONE
: the name of the zone in which the VM is locatedVM_NAME
: the name of the VM
Third-party tools
Connect to VMs as the root user by following the instructions for your VM:
OS Login VMs
Connect using third-party tools and specify the following:
- Private key: the private key that corresponds with the public key
that you added to the
authorized_keys
file - Username: the username must be
root
- Private key: the private key that corresponds with the public key
that you added to the
Non-OS Login VMs
Create an SSH key for the root user. The username for the key must be
root
.Connect using third-party tools and specify the following:
Private key: the private key for the root user
Username: the username must be
root
Troubleshooting
To find methods for diagnosing and resolving failed SSH connections, see Troubleshooting SSH.
What's next
- Learn how to manage access to VMs.
- Learn how to transfer files to VMs.
- Learn how SSH connections to Linux VMs work on Compute Engine.