Connect to Linux VMs using Cloud VPN or Cloud Interconnect

This document describes how to connect to a virtual machine (VM) instance through its internal IP address, from an on-premises network that uses Cloud VPN or Cloud Interconnect to connect to the VM's VPC network.

Connecting to a VM using its internal IP address is useful if the VM doesn't have an external IP address. If the VM does have an external IP address, connect to the VM using its external IP address. If your on-premises network isn't connected to your VM's VPC network and you need to connect to your VM's internal IP address, review the other methods listed in Connection options for internal-only VMs.

Supported operating systems

These connection methods are supported for all public Linux images that are available on Compute Engine. For Fedora CoreOS images, you must set up SSH access before you can use these methods.

Connect to VMs

To connect to a VM, complete the steps in one of the following tabs.

gcloud

Connect to a VM using SSH by running the gcloud compute ssh command with the --internal-ip flag:

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. Connect to the VM by running the following command:

    gcloud compute ssh VM-NAME \
    --internal-ip

    3. Replace VM_NAME with the name of the VM that you want to connect to.

IAP Desktop

To connect to a VM using IAP Desktop, do the following:

  1. Install IAP Desktop on your workstation if you haven't already.

  2. Open IAP Desktop. The Add projects window opens.

  3. When prompted, sign in using the Google account that has access to the project with the VMs you want to connect to.

  4. In the Add projects window, enter the project ID or name of the project that contains the VMs you want to connect to.

  5. In the Project Explorer window, right-click the name of the VM that you want to connect to and select Connection settings.

  6. In the Connection settings window, set Connect via to Vpc.

  7. In the Project Explorer window, right-click the name of the VM again and select Connect to connect to the VM.

OpenSSH clients

Connect through a VM's internal IP address from an OpenSSH client, by doing the following:

  1. Add an SSH key to the VM if you haven't already.

  2. In the Google Cloud console, go to the VM Instances page and find the internal IP address of the VM that you want to connect to.

    Go to VM Instances

  3. Open a terminal on your workstation.

  4. Connect to the VM by running the following command:

    ssh -i PATH_TO_PRIVATE_KEY USERNAME@INTERNAL_IP

    Replace the following:

    • PATH_TO_PRIVATE_KEY: the path to the private SSH key file that corresponds to the public key you added to the VM.
    • USERNAME: your username. If you manage your SSH keys in metadata, the username is what you specified when you created the SSH key. For OS Login accounts, the username is defined in your Google profile. For example, cloudysanfrancisco_example_com or cloudysanfrancisco.
    • INTERNAL_IP: the internal IP address of the VM.

PuTTY app

Connect through a VM's internal IP address using PuTTY, by doing the following:

  1. Add an SSH key to the VM if you haven't already.
  2. If your workstation doesn't already have the PuTTY app installed, download the PuTTY package files.

  3. In the Google Cloud console, go to the VM Instances page and find the internal IP address of the VM that you want to connect to.

    Go to VM Instances

  4. Open the PuTTY app. A connection configuration window opens.

  5. In the Host Name field, enter the username associated with the SSH key, and the internal IP address of the VM that you want to connect to. Use the following format:

    USERNAME@INTERNAL_IP

    Replace the following:

    • USERNAME: your username. If you manage your SSH keys in metadata, the username is what you specified when you created the SSH key. For OS Login accounts, the username is defined in your Google profile. For example, cloudysanfrancisco_example_com or cloudysanfrancisco.
    • INTERNAL_IP: the internal IP address of the VM.
  6. In the Category menu, navigate to Connection > SSH > Auth.
  7. In the Private key file for authentication field, select the private SSH key file that corresponds to the public key you added to the VM.
  8. Click Open to connect to the VM.

Troubleshooting

To find methods for diagnosing and resolving failed SSH connections, see Troubleshooting SSH.

What's next