Skip to main content
Version: Deploy 23.3

Overthere - Verify SSH connection using Oslogin API

This topic describes how to verify an SSH connection using the Oslogin API with Overthere.

Pre-requites before verifying the SSH connection using Oslogin API

  • User should have account in GCP (Google Cloud Platform)
  • User should have created a project in GCP
  • Clone overthere repository

Verify the SSH connection using Oslogin API

To verify the SSH connection using Oslogin API, do the following steps:

  1. Export the variables in console.
export PROJECT_ID='apollo-playground'
export ZONE_ID='europe-west1-b'
export SERVICE_ACCOUNT='ssh-account'
export NETWORK_NAME='ssh-example'
export TARGET_INSTANCE_NAME='target'
  1. Create service account by running following command.
gcloud iam service-accounts create $SERVICE_ACCOUNT --project $PROJECT_ID \
--display-name "$SERVICE_ACCOUNT"
  1. Create network and add firewall rule by running following command.
gcloud compute networks create $NETWORK_NAME --project $PROJECT_ID

gcloud compute firewall-rules create ssh-all --project $PROJECT_ID \
--network $NETWORK_NAME --allow tcp:22
  1. Create target compute instance.
gcloud compute instances create $TARGET_INSTANCE_NAME --project $PROJECT_ID \
--zone $ZONE_ID --network $NETWORK_NAME \
--no-service-account --no-scopes \
--machine-type e2-micro --metadata=enable-oslogin=TRUE \
--no-restart-on-failure --maintenance-policy=TERMINATE –preemptible
  1. Add osAdminLogin or osLogin permission on instance level.
gcloud compute instances add-iam-policy-binding $TARGET_INSTANCE_NAME \
--project $PROJECT_ID --zone $ZONE_ID \
--member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/compute.osAdminLogin

Or

Add osAdminLogi or osLogin permission on project level.

gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/compute.osAdminLogin
  1. Get an external IP instance created by running the following command.
gcloud compute instances describe $TARGET_INSTANCE_NAME \
--project $PROJECT_ID --zone $ZONE_ID
  1. Create service account credentials JSON by running the following command.
gcloud iam service-accounts keys create path_to_credentials_json \
--iam-account $SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com
  1. Set SSH to GCP instance via oslogin api
    1. Open overthere repository in any IDE
note

These are tested in Intellij IDE

  1. Import examples modules (New > modules form existing sources > Overthere > example (maven type))
  2. Edit run/debug configuration by adding new application and working directory
  3. Open/Import the file from local machine
  4. Run the imported file and see the commands for printing after the SSH to the GCP instance.
note

SSH connection to GCP instance should be successful and application should print 'Length','Exists','Can read','Can write','Can execute' of /etc/motd