- Published on
VSCode Remote SSH <-> GCP Compute Engine VM via Cloud IAP
Cloud IAP makes it easier and secure for connecting VM instances on GCP. This can be used in VSCode too!
Steps
- Setup VM without external IP (connect through Cloud IAP)
- Show SSH command
$ gcloud compute ssh --dry-run --tunnel-through-iap --zone ZONE --project GCP_PROJECT REMOTE_USER@INSTANCE - Modify command: add quotes, modify ssh bin path, and etc.
# Command above would show some ssh command like this; # The command below is formatted for the sake of readability, remove linebreaks when copy & paste onto VSCode ssh -t -i /home/username/.ssh/google_compute_engine -o CheckHostIP=no -o HashKnownHosts=no -o HostKeyAlias=compute.******* -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/home/username/.ssh/google_compute_known_hosts -o ProxyUseFdpass=no # Quote ProxyCommand="COMMAND" -o ProxyCommand "python3 -S /home/username/google-cloud-sdk/lib/gcloud.py compute start-iap-tunnel INSTANCE %p --listen-on-stdin --project=GCP_PROJECT --zone=ZONE --verbosity=warning" REMOTE_USER@compute.******** - Set new remote host in VSCode via 'Remote-SSH: Add New SSH Host'
- Edit
Hostin generated ssh config
Caveats (VSCode on Windows11+WSL2)
When using Remote SSH feature on typical modern WSL2 env, where you use VSCode on Windows with WSL2 remote containers, the issues are:
- VSCode on Windows env. needs SSH client running on Windows, not WSL2's one.
- Google Cloud SDK on Windows uses bundled putty as SSH client implementation, but current (as of v0.78.0) VSCode Remote SSH extension does not support putty.
The steps for Windows would be like:
- (Win) Enable Open-SSH client on Windows 11
# Run as Administrator Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 - (Win) Install Google Cloud SDK installation.
- Prepare command line for Windows env.
# Command above would show some ssh command like this; # The command below is formatted for the sake of readability, remove linebreaks when copy & paste onto VSCode ssh -t -i C:\\Users\\username\\.ssh\\google_compute_engine -o CheckHostIP=no -o HashKnownHosts=no -o HostKeyAlias=compute.******* -o IdentitiesOnly=yes # Somehow I needed to set this tp false -o StrictHostKeyChecking=false -o UserKnownHostsFile=C:\\Users\\username\\.ssh\\google_compute_known_hosts -o ProxyUseFdpass=no # Make sure gcloud on windows to be used -o ProxyCommand '"C:\\Users\\username\\AppData\\Local\\Google\\Cloud SDK\\google-cloud-sdk\\bin\\..\\platform\\bundledpython\\python.exe" -S "C:\\Users\\username\\AppData\\Local\\Google\\Cloud SDK\\google-cloud-sdk\\lib\\gcloud.py" compute start-iap-tunnel INSTANCE %p --listen-on-stdin --project=GCP_PROJECT --zone=ZONE --verbosity=warning' REMOTE_USER@compute.********