Not able to access any VM in a project

[dinesh1844]

I am not able to access any of the VM in a project. The same is accessible via cloud SDK in command prompt. Getting error as

Installed version: 2.13.549.0
.NET Version: 4.8.4300.0
OS Version: Microsoft Windows NT 10.0.18363.0

[jpassing]

Thanks for reporting this issue. The message is a bit non-descriptive, but the problem seems to be that your project's common instance metadata contains one or more SSH keys that does not quite follow the expected format, so IAP Desktop fails to parse it. It could be as simple as a whitespace issue, but maybe there's something else.

Could you take a look at the ssh-keys common instance metadata entry of your project and check if there's anything special about it? You can query the common instance metadata by running gcloud compute project-info describe --project [project].

It would be most helpful if you could share the content of the ssh-key entry -- but the content is sensitive, so you'd have to scrub the actual public keys and usernames first.

[jpassing]

Version 2.14.565 (released today) should be a bit more forgiving w.r.t. metadata keys containing redundant whitespace and the error message now indicates which key could not be parsed. Could you give this version a try and see if the problem persists?

[dinesh1844]

Thanks for the response. After the version update now am getting the below error.

Please find the ssh-keys content which i have scrubbed. I have validated the other project keys also. This looks the same. For your information we have multiple projects in our Gcloud. I am able to access other projects VM. But only one project VM's are not accessible.

AAAAB3NzaC1yc2EAA...

[jpassing]

Thanks for sharing the screenshot.

The format for SSH keys should be [username]:ssh-rsa [key]... -- interestingly, the username is empty (:ssh-rsa AAA...) in your case. I am not sure how that can happen, and I am pretty sure that such a "no-username" key cannot be used for anthing -- but tools like gcloud seem to be more forgiving than IAP Desktop when encountering them.

The quick solution would be to go to the Cloud Console and remove (and maybe re-add) the key.

I will update IAP Desktop to ignore such keys in the next release.

[dinesh1844]

Thanks! Removed the key and tried accessing the VM. Still same error. I have cross verified the keys with other projects and i don't see any difference in the keys. Am not sure from where the key is getting fetched for this project.

When can i except the next release? IAP Desktop is user friendly than using gcloud SDK and command line.

[jpassing]

Maybe check the VM instance metadata too -- it's possible that it also contains SSH keys (if the block project-level SSH keys option was set at any point in time). FWIW, IAP Desktop does not cache any keys.

I'll share a new build of IAP Desktop with you once I've implemented a fix so that you do not have to wait for the next release.

[dinesh1844]

Thanks! We will check the VM instance specific metadata.

And also we have more than 200+ VM instances, Is it possible to implement a search/find functionality using VM name or any sort functionality in Project Explorer window. Find functionality using VM name or part of VM name with wildcard would be more helpful.

[jpassing]

Could you try if IapDesktop-2.14.566.msi.zip fixes the issue for you? This build should now properly handle SSH metadata key entries that have an empty username.

Also, thanks for the feature suggestion. I agree that for large projects, a search/filtering feature could be helpful.

[dinesh1844]

Thanks a lot for the fix. The issue is resolved now and am able to access the VM's. :)

It would be helpful if the search feature is introduced as soon as possible.

[jpassing]

Thanks for the quick feedback, happy to hear that this fixed the problem. I will close this issue then.

I've added the search feature to our backlog and added an issue. It does require a few other things to be changed first however, so I cannot make any promises about timing yet.