I have a couple of GCP projects which has IAP enabled on them and have compute engine instances which only have private IPs. So the only way to ssh into them is to use gcloud compute ssh with tunnel-through-iap flag.
I love emacs Tramp and I though it would be great if I could tramp into these instances.
I've followed this guide to define a gssh binary which looks like this.
cat ~/.local/bin/gssh
#!/bin/bash
HOST="$1"
if [[ $HOST = *"@"* ]] ; then
USER=$(echo $HOST | cut -d'@' -f1)
HOST=$(echo $HOST | cut -d'@' -f2)
fi
gcloud config list | grep 'Your active'
ZONE=$(gcloud compute instances list |grep -E "^$HOST[[:space:]]" | awk '{print $2}')
echo zone: $ZONE
gcloud compute ssh --zone=$ZONE "$@" --tunnel-through-iap
Then I've added this to .zshrc and sourced this file.
Verified this works by actually gsshing into some instances.
I update the .spacemacs function dotspacemacs/user-config to include the below config.
;; TRAMP gcloud ssh
(add-to-list 'tramp-methods
'("gssh"
(tramp-login-program "gssh")
(tramp-login-args (("%h")))
(tramp-async-args (("-q")))
(tramp-remote-shell "/bin/sh")
(tramp-remote-shell-args ("-c"))
(tramp-gw-args (("-o" "GlobalKnownHostsFile=/dev/null")
("-o" "UserKnownHostsFile=/dev/null")
("-o" "StrictHostKeyChecking=no")))
(tramp-default-port 22)))
When I try to tramp into some of these instances using /gssh:<user>@<instane_name>: syntax, emacs starts listing local directories on my laptop.
I tried looking at the debug tramp/gssh and this is what I found.
Any help will be greatly appreciated. Thanks!
tramp-gw-argsare not used anymore. Where do you get them from?tramp-verbose.--dry-runflag to setup ssh without using the gcloud cli (see medium.com/@albert.brand/… )