To transfer files to Compute Engine VM instances, different options are available depending on your workstation OS and the target VM instance OS.
Transfer from | To Linux VMs |
---|---|
Linux or macOS | Windows |
Transfer files through Cloud Storage
Cloud Storage buckets can be used as a transfer point between you and your VMs. You can use a web browser, the Google Cloud CLI, or a programming language to transfer files between Cloud Storage and Compute Engine VMs.
Different credential types can be used for the upload and download step to best suit your needs:
- Accessing data on a user's behalf is best for single use operations, or resources that you are primarily responsible for.
- Consider service account credentials for scaled deployments and shared resource scenarios.
To use Cloud Storage to transfer files between a computer and a VM, do the following:
- Create a Cloud Storage bucket if you don't have an existing bucket to use for file transfers.
-
Use IAM permissions to modify
the access to the bucket:
- Accounts uploading file(s) to the bucket should have the Storage Object Admin granted.
- Accounts downloading file(s) should have the Storage Object Viewer role granted.
- Log in to the source device and upload the files to the bucket.
- Log in to the destination device and download the files from the bucket completing the file transfer.
- Optional: Delete files that you no longer need to prevent any unwanted storage charges.
If you need to transfer files in the other direction, you can reverse the process. Ensure that the account uploading the file has write access to the bucket.
Transfer files using SSH-in-browser
If you can establish an SSH connection to a VM by using SSH-in-browser, you can use that connection to transfer files to and from the VM.
Upload to the VM
- In the Google Cloud console, go to the VM instances page.
- In the list of virtual machine instances, click SSH in the row of the instance that you want to connect to.
After the connection is established, click the upload icon
.The upload dialog opens.
- Choose the files to upload.
- Upload the files by clicking Upload Files. The file
uploads to your
/home/USER
directory.
Download from the VM
- In the Google Cloud console, go to the VM instances page.
- In the list of virtual machine instances, click SSH in the row of the instance that you want to connect to.
After the connection is established, click the download icon
.The download dialog opens.
- In the Path field, enter the relative path of the file to download.
- Download the file by clicking Download. The file downloads to the default download folder of your workstation.
Transfer files using the Google Cloud CLI
Google Cloud CLI provides a Secure Copy Protocol (SCP) file transfer utility over an established SSH connection.
To transfer files using SCP, do the following:
-
Review your firewall rules
and confirm that SSH connections in on port
22
are permitted; if not create a SSH firewall rule. - Ensure gcloud CLI is installed on the source device containing the files to be transferred.
-
Use the
gcloud compute scp
command to transfer the files to the destination machine.
The following example copies a file from your workstation to the home directory of the VM:
gcloud compute scp LOCAL_FILE_PATH VM_NAME:REMOTE_DIR
Replace the following:
LOCAL_FILE_PATH
: the path to the file on your machineVM_NAME
: the name of your VMREMOTE_DIR
: a directory on the remote machine
You can also copy files and directories in reverse from the remote machine. The following example recursively copies a directory from the source to the destination:
gcloud compute scp --recurse VM_NAME:REMOTE_DIR LOCAL_FILE_PATH
For more information, see the
gcloud compute scp
reference documentation.
Transfer files using SCP on Linux and macOS workstations
The scp
command-line tool works similarly to the
gcloud compute scp
command but requires you to
manually manage your SSH keys.
To transfer files using SCP, you must have a firewall rule on the network
that your VM uses that allows SSH connections on port 22
. You can verify
that this firewall rules exists by looking for a firewall rule that allows
tcp:22
connections in the Google Cloud console.
If you don't have a firewall rule that allows SSH connections on port 22
,
create the firewall rule.
The scp
tool uses the same key files that you use to
connect to your instances using standard SSH.
If you have not yet applied a public key to your Google Cloud console project or VM instance, create an SSH key pair and add the public key to project or instance metadata.
Find the external IP for the VM that you want to send files to. In the Google Cloud console, go to the VM instances page.
Use the
scp
tool to copy a file from your workstation to the home directory of the target VM. For this example, the private key is at~/.ssh/my-ssh-key
.scp -i ~/.ssh/my-ssh-key LOCAL_FILE_PATH USERNAME@IPv4_ADDRESS:~
For an external IPv6 address, use the following syntax:
scp -6 -i ~/.ssh/IDENTITY_FILE LOCAL_FILE_PATH USERNAME@[IPv6_ADDRESS]:~/
Replace the following:
IDENTITY_FILE
: the file containing the identity (private key) for public key authenticationLOCAL_FILE_PATH
: the name of the local file that you want to uploadUSERNAME
: your usernameIPv4_ADDRESS
orIPv6_ADDRESS
: the external IP address for your VM
You can also copy files from a VM to your local workstation by reversing the source and destination variables. For this example, copy a file from your VM to a path on your workstation.
scp -i ~/.sshIDENTITY_FILE USERNAME@IP_ADDRESS:REMOTE_FILE_PATH LOCAL_FILE_PATH
Replace the following:
IDENTITY_FILE
: the file containing the identity (private key) for public key authenticationUSERNAME
: your usernameIP_ADDRESS
: the external IP address for your VMREMOTE_FILE_PATH
: the name of the remote file that you want to downloadLOCAL_FILE_PATH
: the location on your workstation where you want to download the file to
Transfer files using WinSCP on Windows workstations
On Windows workstations, the WinSCP client lets you manage files on your instances through a graphical file browser interface.
WinSCP uses the same key files that you use to connect to VMs using PuTTY.
Do the following if you haven't configured key-based SSH authentication for your instance:
Create an SSH key pair using PuTTYgen. The private ssh key must use the
.ppk
format, which is the default for keys created by PuTTYgen.Add your public SSH key to your project's metadata or to your VM's metadata. For more information, see Add SSH keys to project metadata or Add SSH keys to instance metadata.
Find the external IP for the VM that you want to send files to.
- In the Google Cloud console, go to the VM instances page.
- In the list of VMs, find the external IP address in the External IP column for your VM.
Download and install WinSCP. The default install settings work for most users.
Start the WinSCP program. A login window opens where you can configure your connection settings.
In WinSCP, configure your connection settings.
Select
SCP
as the file transfer protocol in the File protocol field.In the Host Name field, specify the external IP address for the VM that you want to connect to.
In the User name field, specify the Google username that you use to access your project. For this example, the user is
example-user
.
Click the Advanced drop-down list to open the advanced settings, and navigate to SSH > Authentication.
In the Private key file box, specify the path to your private key file of the SSH key pair that you created for the VM.
Click Ok to save the advanced settings.
Click Login to connect to your VM. If the connection is successful, the window opens your local file system on the left and the VM's file system on the right. You can navigate to different directories in these file systems and drag files to transfer them to and from your VM.
You likely don't have permission to manage most files outside of your home directory of the VM. Navigate to the home directory of the VM:
/home/USERNAME
Use the WinSCP interface to move files between your workstation and the VM.
After you copy your files to the VM, connect to your instance so that you can execute or move files with full
sudo
permissions.
What's next
- Connect to your instances to use the files that you uploaded.