I am forced to connect to some Google Cloud stuff running IAP, thus I am forced to have the rather large gcloud sdk somewhere I guess. If I can get away without having the google-cloud-sdk I would love to.
However rather than installing the gcloud-sdk on multiple machines I would rather have it on one machine, which then the other systems that I occasionally need to connect to the Google Cloud to just use the machine that already has gcloud configured.
MachineA:
- Has gcloud sdk installed and configured
- I do not want SSH private keys on this machine
- Has an SSH config like this
Host google-cloud
ClearAllForwardings yes
HostbasedAuthentication yes
ProxyJump gcloud-stuff
IdentityFile ~/.ssh/id_ed25519
IdentitiesOnly yes
User a
Host gcloud-stuff
ProxyCommand gcloud beta compute start-iap-tunnel ...
IdentityFile ~/.ssh/id_ed25519
IdentitiesOnly yes
User b
Machine B, C, D, ...:
- I want to be able to SSH into google-cloud from these machines
- SSH private keys are stored here
- If the locally running Agent does not have the keys I need to be asked here
With the constraints outlined above I need to be able to connect to the google cloud VM from all machines (A,B,C,D,...).
Any ideas on how this can be achieved?