Passwordless ssh between GCEs

g_munish · October 9, 2025, 10:22pm

I have two GCEs in the same network and in the same project.

Trying to set up passwordless ssh between these VMs to run a standalone spark cluster.

VM1 (spark-master) (10.138.0.49)

VM2 (worker node) (10.138.0.47)

I generated the ssh key pair on the spark-master and copied its id_rsa.pub to the authorized_keys file on the worker node2.

When I try to run ssh @vm2, I get timed out.

The firewall rule allows all internal traffic on all ports within the same VPC CIDR Range. There are no network tags here blocking the traffic.

Pasting the output below.

(PII Removed by Staff)@spark-master:~$ ssh -vvv (PII Removed by Staff)@10.138.0.47
OpenSSH_9.2p1 Debian-2+deb12u7, OpenSSL 3.0.17 1 Jul 2025
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.138.0.47 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/munish/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/munish/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 10.138.0.47 [10.138.0.47] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
^C

Worker node is pinging from the spark-master node

(PII Removed by Staff)@spark-master:~$ ping 10.138.0.47
PING 10.138.0.47 (10.138.0.47) 56(84) bytes of data.
64 bytes from 10.138.0.47: icmp_seq=1 ttl=64 time=1.78 ms
64 bytes from 10.138.0.47: icmp_seq=2 ttl=64 time=0.311 ms
^C
--- 10.138.0.47 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.311/1.045/1.780/0.734 ms

Even nc to the worker node is timing out from the master node

(PII Removed by Staff)@spark-master:~$ nc -vz 10.138.0.47 22
(PII Removed by Staff).us-west1-b.c.(PII Removed by Staff) [10.138.0.47] 22 (ssh) : Connection timed out

On the worker node, sshd is listerning

(PII Removed by Staff)@(PII Removed by Staff):~$ sudo netstat -antp|grep 22|grep -i listen
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      923/sshd: /usr/sbin
tcp6       0      0 :::22                   :::*                    LISTEN      923/sshd: /usr/sbin

g_munish · October 10, 2025, 2:22pm

This is now resolved. There was a Org FW rule blocking all ssh except the ones coming through IAP

Topic		Replies	Views
Weird SSH issue when connecting to compute VM. Compute Infrastructure compute-engine	2	8	July 19, 2022
I can't ssh into my LAMP server Compute Infrastructure compute-engine , server-configuration	2	4	November 27, 2022
SSH Timeout Issues When Frequently Accessing a GCP VM from Another GCP VM via External IP Compute Infrastructure vm-manager , server-configuration	1	82	August 14, 2024

Passwordless ssh between GCEs

AI Suggested topics