Google cloud engine, ssh between two centos7 instances fails

1. Using CentOS7 images, and a CentOs7 as local host:

   gcloud compute instances create try-master --image centos-7
   gcloud compute instances create try-slave-1 --image centos-7
   

This can be solved by using authentication forwarding during initial SSH keys setup:

2. Set up authentication forwarding for once on local machine (note the "-A" flag). First you need to run:

   eval `ssh-agent -s`

   And then

   ssh-add ~/.ssh/google_compute_engine
   gcloud compute ssh --ssh-flag="-A" try-master
   

3. Perform the steps above (from keygen to ssh-copy-id) myself@try-master ~] ssh-keygen -q -t rsa -N "" -f ~/.ssh/id_rsa myself@try-master ~] cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys myself@try-master ~] chmod 0600 ~/.ssh/authorized_keys myself@try-master ~] ssh-copy-id -i ~/.ssh/id_rsa.pub myself@try-slave-1 myself@try-master ~] exit

4. Login again into try-master without SSH authentication forwarding: gcloud compute ssh try-master myself@try-master ~] ssh myself@try-slave-1 myself@try-slave-1 ~]

Initial approach didn't work because GCE instances only allow public key authentication by default. So, ssh-copy-id is unable to authenticate against try-slave to copy the new public key, because there is no public key configured in try-master available in try-slave yet.

Using authentication forwarding, the private key from your local machine is forwarded from your local machine to try-master, and from there to try-slave. GCE account manager in try-slave will fetch the public key from your project metadata and thus ssh-copy-id will be able to copy work.