SSH Permission denied (publickey) on GCE

This article reproduces the permission denied error when trying to ssh to VM on Google Compute Engine, and provide the solution.

Reproduce Steps

1. Create a VM on GCE
2. Generate SSH key in the client

root@myhost:~# ssh-keygen
The key fingerprint is:
SHA256:l47oQ1Brv68tVDhT8XXYZ26SDdUhtY6oZ4qO9iJ8ocg root@myhost

3. Copy and paste the public key to VM detail as an authorized key.

root@myhost:~# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnekc root@myhost

4. Now try to ssh the VM on your client

root@myhost:~# ssh root@${vm_ip}
root@${vm_ip}: Permission denied (publickey).

How to Fix

The reason is that the ssh key is generated by root in client, that implies the default username of this key is root . Unfortunately, GCE cannot accept a root SSH key.

As a result, just to generate a non-root key and the problem is resolved.

root@myhost:~# ssh-keygen -C frank
The key fingerprint is:
SHA256:ms9wBu/lf4CfjyesjGnqoD5S+f0aGgW1OfLae8qsnaU frank

And finally we can SSH to VM on GCE by this account.

root@myhost:~# ssh frank@${vm_ip}
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1038-gcp x86_64)