Connect to Windows VMs using SSH (original) (raw)

Windows

This document describes how to connect to Windows virtual machine (VM) instances using SSH. For other ways to connect to Windows VMs, seeConnect to Windows VMs using RDPandConnect to Windows VMs using PowerShell. To learn about how SSH works in Compute Engine, seeAbout SSH connections.

Before you begin

• If you haven't already, then set up authentication.Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:
  Select the tab for how you plan to use the samples on this page:

Supported images

SSH for Windows is supported onWindows Server images running the guest agent (GCEGuestAgent) version 20220527.00 or later and OpenSSH version 8.6 or later.

Enable SSH for Windows VMs

To enable SSH connections to Windows VMs, install thegoogle-compute-engine-ssh package and set the enable-windows-ssh key toTRUE in project or instance metadata. Enabling SSH for Windows in project metadata enables SSH for all Windows VMs in your project. Enabling SSH for Windows in instance metadata enables SSH for a single VM and overrides the value set in project metadata.

Enable SSH for Windows while creating a VM

Enable SSH for Windows while creating a VM using the Google Cloud console or the Google Cloud CLI.

Console

Create a VM from a public imagethat installs the google-compute-engine-ssh package and enables SSH on startup:

1. Specify the following Boot disk properties:
   • Operating system: Windows Server
   • Version: Any version
2. In the Advanced options section, expand theManagement section.
3. In the Metadata section, click Add item. Add a startup script that installs the google-compute-engine-ssh package by entering the following metadata key-value pair:
   • Key: sysprep-specialize-script-cmd
   • Value: googet -noconfirm=true install google-compute-engine-ssh
4. In the Metadata section, click Add item. Set enable-windows-sshto TRUE by entering the following metadata key-value pair:
   • Key: enable-windows-ssh
   • Value: TRUE
5. Click Create to create and start the VM.

gcloud

Run the followinggcloud compute instances create commandto create a Windows Server VM that installs the google-compute-engine-sshpackage and enables SSH on startup:

gcloud compute instances create VM_NAME
--image-family=IMAGE_FAMILY
--image-project=windows-cloud
--metadata sysprep-specialize-script-cmd="googet -noconfirm=true install google-compute-engine-ssh",enable-windows-ssh=TRUE

Replace the following:

• VM_NAME: the name of the new VM.
• IMAGE_FAMILY: aWindows Server image family. This creates the VM from the most recent non-deprecated Windows Server image.

Enable SSH for Windows on a running VM

To enable SSH on a running Windows VM, do one of the following, depending on whether you can use RDP to access your VM or if your workload can tolerate a reboot:

• RDP access required: Connect to the VM using RDP and install the SSH package
• Reboot required: Use a startup script to install the SSH package

RDP

If you can access your VM using RDP, enable SSH by doing the following:

1. Connect to the VM using RDP.
2. Open an administrator Command Prompt session by doing the following:
   1. Open the Start menu.
   2. Navigate to Command Prompt.
   3. Right-click Command Prompt and select Run as administrator.
      If you are prompted to allow Command Prompt to make changes to your device, select Yes.
3. Download and install the google-compute-engine-ssh package by running the following command:
   googet -noconfirm=true install google-compute-engine-windows && googet -noconfirm=true install google-compute-engine-ssh
4. Close the RDP session.
5. Enable Windows SSH in metadata by setting the enable-windows-ssh key toTRUE. For more information about setting metadata, seeSet custom metadata.

Startup script

If you can't access your VM using RDP, enable SSH by doing the following:

1. Stop the VM.
2. Set the following metadata key-value pairs on the VM to enable SSH. For more information about setting metadata, seeSet custom metadata.
   • SSH package installation metadata:
     * Key: windows-startup-script-cmd
     * Value: googet -noconfirm=true update && googet -noconfirm=true install google-compute-engine-ssh
   • SSH enablement metadata:
     * Key: enable-windows-ssh
     * Value: TRUE
3. Start the VM. The VM might take a few minutes to reboot.

Connect to VMs using thegcloud compute ssh command:

gcloud compute ssh VM_NAME

Replace VM_NAME with the name of the Windows VM that you want to connect to.

Connect to VMs that use AD

If the VM you're connecting to uses Active Directory (AD), connect using the following command:

gcloud compute ssh DOMAIN\USERNAME@VM_NAME

Replace the following:

• DOMAIN: your AD domain. For example the domain of thead.example.com AD, is example.
• USERNAME: your AD username. For example,cloudysanfrancisco.
• VM_NAME: the name of the Windows VM that you want to connect to.

What's next?

• Learn how totroubleshoot SSH connections.
• Learn how to Add SSH keys to VMs
• Learn how to Restrict SSH keys from VMs.