Connect to Linux VMs using Cloud VPN or Cloud Interconnect

Linux

This document describes how to connect to a virtual machine (VM) instancethrough its internal IP address, from an on-premises network that usesCloud VPN orCloud Interconnectto connect to the VM's VPC network.

Connecting to a VM using its internal IP address is useful if the VM doesn'thave an external IP address. If the VM does have an external IP address,connect to the VM using its external IP address.If your on-premises network isn't connected to your VM's VPCnetwork and you need to connect to your VM's internal IP address, review theother methods listed inConnection options for internal-only VMs.

Supported operating systems

These connection methods are supported for allpublic Linux images that are available onCompute Engine. For Fedora CoreOS images, you mustset up SSH access before you can use these methods.

Connect to VMs

To connect to a VM, complete the steps in one of the following tabs.

gcloud

Connect to a VM using SSH by running thegcloud compute ssh command with the--internal-ip flag:

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, aCloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. Connect to the VM by running the following command:

    gcloud compute sshVM-NAME \    --internal-ip

    3. ReplaceVM_NAME with the name of the VM that you want to connect to.

Note: When you connect to VMs using the gcloud CLI, Compute Engine creates a persistent SSH key for you. For more information about SSH keys, seeSSH connections to Linux VMs.

IAP Desktop

To connect to a VM using IAP Desktop, do the following:

  1. Install IAP Desktop on your workstation if you haven't already.

  2. Open IAP Desktop. TheAdd projects window opens.

  3. When prompted, sign in using the Google account that has access to the project with the VMs you want to connect to.

  4. In theAdd projects window, enter the project ID or name of the project that contains the VMs you want to connect to.

  5. In theProject Explorer window, right-click the name of the VM that you want to connect to and selectConnection settings.

  6. In theConnection settings window, setConnect via toVpc.

  7. In theProject Explorer window, right-click the name of the VM again and selectConnect to connect to the VM.

OpenSSH clients

Connect through a VM's internal IP address from an OpenSSH client, by doing the following:

  1. Add an SSH key to the VM if you haven't already.

  2. In the Google Cloud console, go to theVM Instances page and find the internal IP address of the VM that you want to connect to.

    Go to VM Instances

  3. Open a terminal on your workstation.

  4. Connect to the VM by running the following command:

    ssh -iPATH_TO_PRIVATE_KEYUSERNAME@INTERNAL_IP

    Replace the following:

    • PATH_TO_PRIVATE_KEY: the path to the private SSH key file that corresponds to the public key you added to the VM.
    • USERNAME: your username. If you manage your SSH keys in metadata, the username is what you specified when youcreated the SSH key. For OS Login accounts, the username isdefined in your Google profile. For example,cloudysanfrancisco_example_com orcloudysanfrancisco.
    • INTERNAL_IP: the internal IP address of the VM.

PuTTY app

Connect through a VM's internal IP address using PuTTY, by doing the following:

  1. Add an SSH key to the VM if you haven't already.
  2. If your workstation doesn't already have the PuTTY app installed,download the PuTTY package files.

  3. In the Google Cloud console, go to theVM Instances page and find the internal IP address of the VM that you want to connect to.

    Go to VM Instances

  4. Open the PuTTY app. A connection configuration window opens.

  5. In theHost Name field, enter the username associated with the SSH key, and the internal IP address of the VM that you want to connect to. Use the following format:

    USERNAME@INTERNAL_IP

    Replace the following:

    • USERNAME: your username. If you manage your SSH keys in metadata, the username is what you specified when youcreated the SSH key. For OS Login accounts, the username isdefined in your Google profile. For example,cloudysanfrancisco_example_com orcloudysanfrancisco.
    • INTERNAL_IP: the internal IP address of the VM.
  6. In theCategory menu, navigate toConnection > SSH > Auth.
  7. In thePrivate key file for authentication field, select the private SSH key file that corresponds to the public key you added to the VM.
  8. ClickOpen to connect to the VM.

Troubleshooting

To find methods for diagnosing and resolving failed SSH connections, seeTroubleshooting SSH.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.