Skip to main content
Version: Deploy 22.2

Overthere - Verify SSH connection using Oslogin API

This topic describes how to verify an SSH connection using the Oslogin API with Overthere.

Pre-requites before verifying the SSH connection using Oslogin API

  • User should have account in GCP (Google Cloud Platform)
  • User should have created a project in GCP
  • Clone overthere repository

Verify the SSH connection using Oslogin API

To verify the SSH connection using Oslogin API, do the following steps:

  1. Export the variables in console.
export PROJECT_ID='apollo-playground'
export ZONE_ID='europe-west1-b'
export SERVICE_ACCOUNT='ssh-account'
export NETWORK_NAME='ssh-example'
export TARGET_INSTANCE_NAME='target'
  1. Create service account by running following command.
gcloud iam service-accounts create $SERVICE_ACCOUNT --project $PROJECT_ID \
--display-name "$SERVICE_ACCOUNT"
  1. Create network and add firewall rule by running following command.
gcloud compute networks create $NETWORK_NAME --project $PROJECT_ID

gcloud compute firewall-rules create ssh-all --project $PROJECT_ID \
--network $NETWORK_NAME --allow tcp:22
  1. Create target compute instance.
gcloud compute instances create $TARGET_INSTANCE_NAME --project $PROJECT_ID \
--zone $ZONE_ID --network $NETWORK_NAME \
--no-service-account --no-scopes \
--machine-type e2-micro --metadata=enable-oslogin=TRUE \
--no-restart-on-failure --maintenance-policy=TERMINATE –preemptible
  1. Add osAdminLogin or osLogin permission on instance level.
gcloud compute instances add-iam-policy-binding $TARGET_INSTANCE_NAME \
--project $PROJECT_ID --zone $ZONE_ID \
--member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/compute.osAdminLogin

Or

Add osAdminLogi or osLogin permission on project level.

gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/compute.osAdminLogin
  1. Get an external IP instance created by running the following command.
gcloud compute instances describe $TARGET_INSTANCE_NAME \
--project $PROJECT_ID --zone $ZONE_ID
  1. Create service account credentials JSON by running the following command.
gcloud iam service-accounts keys create path_to_credentials_json \
--iam-account $SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com
  1. Set SSH to GCP instance via oslogin api
    1. Open overthere repository in any IDE Note: These are tested in Intellij IDE
    2. Import examples modules (New > modules form existing sources > Overthere > example (maven type))
    3. Edit run/debug configuration by adding new application and working directory
    4. Open/Import the file from local machine
    5. Run the imported file and see the commands for printing after the SSH to the GCP instance. Note: SSH connection to GCP instance should be successful and application should print 'Length','Exists','Can read','Can write','Can execute' of /etc/motd