Connecting securely to Google Compute Engine server with SFTP
With WinSCP you can easily upload and manage files on your Google Compute Engine (GCE) instance/server over SFTP protocol.
Before starting you should:
First you need to generate your private key, if you do not have one yet:
- Use PuTTYgen tool to generate new key.
- PuTTYgen installs by default with WinSCP. One way, to run it, is using Tools > Run PuTTYgen command on WinSCP Login dialog.
Advertisement
Collect information about your GCE instance:
- IP address: Check External IP column on Compute > Compute Engine > VM Instances page of your project on Google Cloud Platform.
- Host key fingerprint: On the first connect you will be prompted to verify a server host key.
- To securely acquire a fingerprint of the host key, use web-based SSH client in Google Cloud Platform (use SSH link on the VM Instances page). In the console, use
ssh-keygencommand to display a fingerprint of any number of host keys algorithms. The following example shows SHA-256 and MD5 fingerprints of Ed25519 hostkey:
sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key sudo ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key -E md5
- To securely acquire a fingerprint of the host key, use web-based SSH client in Google Cloud Platform (use SSH link on the VM Instances page). In the console, use
Set up SSH keys for your Google Compute account:
- Load your private key to PuTTYgen;
- Enter the username (an existing one or any other account name you want to be created) to the Key comment box.
- Copy a contents of Public key for pasting into OpenSSH authorized_keys file to the clipboard (note that the contents includes your username);
- Go to Metadata page of your project on Google Cloud Platform;
- Go to SSH Keys tab and click Edit;
- Click Add item button and paste contents of the clipboard to Enter public SSH key box (note how the username is automatically recognized).
- On the bottom of the page, click Save and wait for the key to be saved.
If you want to set up the keys for a specific VM instance only, go to Edit > SSH Keys > Show and edit > Add item on the instance page instead of using project’s Metadata page.
Advertisement
Finally, start WinSCP. Login dialog will appear. On the dialog:
- Make sure New site node is selected.
- On the New site node, make sure SFTP protocol is selected.
- Enter your GCE instance public IP address (see above) into the Host name box.
- Enter the account name (that the console extracted out of your GCE username) into the User name box;
- Press Advanced button to open Advanced site settings dialog and go to SSH > Authentication page.
- In the Private key file box select your private key file.
- Submit the Advanced site settings dialog with OK button.
- Save your site settings using the Save button.
- Login using the Login button.
- Verify the host key by comparing fingerprints with those collected before (see above).
Further reading
- Upload files to FTP server or SFTP server;
- Automate file transfers (or synchronization) to FTP server or SFTP server;
- How do I change user after login (e.g. su root)?;
- Accessing Google Cloud Storage bucket with WinSCP;
- Connecting securely to Amazon EC2 server with SFTP;
- Connecting securely to Microsoft Azure service with SFTP or FTPS.