Google Cloud Compute（GCE）使用gcloud不会为SSH创build有效的格式化公钥

我们在SSH方面遇到了问题，无论是自己创build密钥，还是使用gcloud创build密钥时存在的问题。

为了certificate这不是自行创build的问题，我们执行以下操作：

1. 我们通过gcloud创build了一个临时服务器： gcloud compute instances create temp-machine --scopes compute-rw
2. 然后，我们通过SSH进入临时机器实例： gcloud compute ssh temp-machine

3. 由于我们没有定义密钥，因此步骤2中的命令会为我们创build一个密钥对，其结果如下：

    WARNING: The private SSH key file for Google Compute Engine does not exist. WARNING: You do not have an SSH key for Google Compute Engine. WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key. Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/davebeach/.ssh/google_compute_engine. Your public key has been saved in /home/davebeach/.ssh/google_compute_engine.pub. 

4. 一旦gcloud创build密钥对，它将继续使用密钥login到临时机器实例。 它成功login并将条目添加到本地计算机上的google_known_hosts。

   • 无法设置SSH公钥authentication
   • 如何通过sudo（权限被拒绝（公钥））传递SSH_AUTH_SOCK。）
   • ssh密钥在查看后需要密码
   • “known_hosts”条目的不同部分是什么意思？
   • 使用SSH密钥对访问EC2实例的问题

    updating project ssh metadata...\Updated [https://www.googleapis.com/compute/v1/projects/pro-ppm]. Updating project ssh metadata...done. Warning: Permanently added 'compute.3605686430923056095' (ECDSA) to the list of known hosts. 

5. 然后我们closures连接并尝试重新运行SSH连接。 当它尝试使用gcloud在之前的步骤中创build的密钥时，它指出密钥是无效的格式：

    OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 debug1: Reading configuration data /Users/davebeach/.ssh/config debug1: Reading configuration data /usr/local/etc/ssh/ssh_config debug2: resolving "130.211.121.82" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 130.211.121.82 [130.211.121.82] port 22. debug1: Connection established. key_load_public: invalid format 

6. login继续，它会findgoogle_known_hosts文件，并从该文件中取出一个密钥，并使用此文件成功地向服务器进行身份validation：

    debug1: identity file /Users/davebeach/.ssh/google_compute_engine type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/davebeach/.ssh/google_compute_engine-cert type -1 debug1: identity file /Users/davebeach/.ssh/id_ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /Users/davebeach/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3 debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 130.211.121.82:22 as 'davebeach' debug1: using hostkeyalias: compute.3605686430923056095 debug3: hostkeys_foreach: reading file "/Users/davebeach/.ssh/google_compute_known_hosts" debug3: record_hostkey: found key type ECDSA in file /Users/davebeach/.ssh/google_compute_known_hosts:6 debug3: load_hostkeys: loaded 1 keys from compute.3605686430923056095 debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa- ...... debug1: Server host key: ecdsa-sha2-nistp256 SHA256:f9dkkPHglZNpR0XtAK33OWYNlyLc/jjHsbTpQvyhcys debug1: using hostkeyalias: compute.3605686430923056095 debug3: hostkeys_foreach: reading file "/Users/davebeach/.ssh/google_compute_known_hosts" debug3: record_hostkey: found key type ECDSA in file /Users/davebeach/.ssh/google_compute_known_hosts:6 debug3: load_hostkeys: loaded 1 keys from compute.3605686430923056095 debug1: Host 'compute.3605686430923056095' is known and matches the ECDSA host key. debug1: Found key in /Users/davebeach/.ssh/google_compute_known_hosts:6 

7. google_known_hosts的内容仅由gcloud创build（在第一次连接期间）。

为什么我们永远不能让实例接受gcloud创build的密钥，为什么它使用google_known_hosts密钥作为可接受的密钥？ SSHD_CONFIG中是否存在导致此问题的设置？ 对于我们创build的原始密钥的格式有什么问题？

 Your identification has been saved in /home/davebeach/.ssh/google_compute_engine. 

 debug1: identity file /Users/davebeach/.ssh/google_compute_engine type -1