Unable to SSH from Ansible AWX to GCP VM Instance

,

Unable to SSH from Ansible AWX to GCP VM Instance.

Dear community,

I am attempting to SSH from my Ansible AWX instance to a VM running on GCP. I have a Service Account created for connecting to the GCP project, but I am encountering the following error:

Apr 17 13:27:37 XXXX  sshd[111041]: Connection closed by invalid user XXXX_root 10.XXX.XX.X port 34462 [preauth]

After researching the Google forums, I learned that a Service Account should be used to connect AWX to GCP, and I have followed this approach. However, I also created a regular user account, but I am still unable to connect using it. What could I be missing? Should I be using the Service Account credentials or the Regular User credentials?

Please find the below screenshot FYR,

Any assistance would be greatly appreciated!

@kurokobo , Please help if you can here !

I haven’t had a chance to connect AWX to a VM on GCP, so I can’t really share anything until I give it a try myself one day :frowning:

Sure @kurokobo Thanks a lot for your response and I want to share some updates on this.

I have two GCP users :

  1. With Regular type (User ID and password) for SSH
  2. With Private Key (JSON file) which I have used for Dynamic Inventory sync (And Sync works)

So I can get the hosts from a project and sync them in my inventory but I cannot SSH to the VMs in GCP.

Already made the below changes in my Ubuntu VM for /etc/ssh/sshd_config.

PasswordAuthentication yes
ChallengeResponseAuthentication no
UseDNS no
PermitRootLogin yes

But still it gives me this error.

Failed to connect to the host via ssh: Warning: Permanently added 'XX.XXX.XX.XX' (ED25519) to the list of known hosts.\r\awx_root@gcp.XXX.com@ 'XX.XXX.XX.XX' : Permission denied (publickey).

And Thanks for checking this in advance.

Hello , Good day. Were you able to find the way to connect to the VMs in GCP ? Please let me know.

Thanks and Regards
Saravana Selvaraj

You’ll need to input the GCP project where the service account exists that has the permissions to to the compute instance. That service account should have the necessary IAM permissions in GCP (Compute Instance Admin V1, Service Account user etc). You’ll also need to update the Service Account keys so that it can be leveraged to access that project