Remotely connecting to Linux VM instances using SSH (Secure Shell) with clients like OpenSSH or PuTTY is a common task for developers and administrators to perform their daily routine tasks. Nevertheless, there are many situations where it can be a little inconvenient, like for example when you are not using your own computer or when you are behind a strict firewall.
Google Cloud Platform brilliantly solved this issue with a new feature they added in the Google Developer Console. It’s a matter of a single click from the Console browser window: you just select the VM Instance you want to connect to and click on the SSH button to launch a connection. A new browser window will open and a connection will be started over encrypted SSL. Google Cloud announced this new feature on their official blog.
This solution has several pros but some important cons too. Let’ see the most important ones:
Pros
- No need of creating individual users in each server or a separate key to access it. If a user has owner/edit privileges, he can connect to the machine.
- Conversion of keys from .pem to .ppk is not required
- Third party tools like PuTTY, or OpenSSH, etc. are not required anymore to connect to remote Linux VM instances.
- The SSH connection will work with any recent browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc.
Cons
- The user should have either owner or edit privileges on Google Cloud Platform Project to connect to the Linux VM instances. This means he will have complete access to those users on all the Google Cloud Platform resources, which is a major security concern.
- Each user will have sudo privileges by default when they connect to the VM instance, which is a security concern again.
Google should work to improve the service, especially with regard to security. For example, it would be nice to allow users to log in on the VMs in a read-only mode, interesting and helpful for monitoring, accessing logs, etc. But the most important point is about security: it’s definitely necessary to improve the security aspects we have seen before to make the tool more robust and secure.
