SSH in a browser 4003: failed to connect to backend


When trying to SSH to a Google Compute Engine instance using SSH in a Browser, the user receives the following error:

Connection via Cloud Identity-Aware Proxy Failed

Code: 4003

Reason: failed to connect to backend


  • SSH command
  • Any browser
  • VM without a public IP address


  1. Ensure you have a firewall rule to allow Cloud Identity-Aware Proxy (IAP) to connect to port 22 on the instance. Full instructions can be found at


When an instance does not have a public IP address, SSH in a Browser needs to forward the SSH connection through IAP. The error "failed to connect to backend" indicates that the IAP proxy service was unable to open a TCP connection to the instance.

This is most often due to the VPC firewall not having a rule which allows the proxy to connect to the instance. It could also be due to the OS firewall or other VM network connectivity issue.