2023-05-16
Google Compute Platform SSHOn GCP, you should really be using OS Login. But if you aren't, when you SSH in, there's this process where Google creates ephemeral keys that it needs to write to your ~/.ssh/authorized_keys (google_accounts_daemon apparently does this?).
(BTW, another thing that can go wrong is if you try adding any keys to that by hand, and then use the Google Cloud console. The file will get wiped when you log out.)
Well, it won't work if your ~/ is over-permissioned. Google wants to see it at 0700 or 0755 ONLY. If it's 0775, tough beans, no SSH for you. (I haven't tested this out, but I assume 0704 or 0750 or 0770 or 0754 fails.)
Also, /home/ needs to be 0755, ~/.ssh/ needs to be 0700, ~/.ssh/authorized_keys needs to be 0600.
00:23
