SSH to another machine from a Docker container that is hosted on Google Cloud Run
I have an issue with connecting from my Docker container (hosted on Google Cloud Run) to my local machine via ssh. I’m getting a “Connection Timeout error”. I'm not a networking expert and I'm a newbie to Google Cloud Run, so, I'm going to try my best to explain the issue.
Let me explain the setup. I have a docker image in Google Cloud's artifact registry (for CI/CD purposes). I then created a Cloud Run service attached to the Docker image (already on the registry). The docker image is a simple FastAPI app that allows for API requests from remote machines. API requests work perfectly fine and I get the proper responses. There is 1 API request that requires establishing an SSH connection to a remote machine (my laptop for now), transfer files to that laptop and execute a couple of commands via the command prompt. It is this API call that is causing issues.
Here's a simplified schematic:
Caption: Google Cloud Run (connected to Docker Image on Google Artifact Registry) > Docker Container houses FastAPI APP > Calls are made to the api via http requests > 1 call requires an ssh connection to a remote machine to execute commands for specialized software > Once commands are finished, scp some files back to the Docker container for processing.
Now, I have tested hosting the same docker image and container on my local machine via Docker Desktop (the one with the specialized software to be executed via ssh commands) and that approach works perfectly fine. I can ssh from the docker container to the local machine, execute the command, and scp some files just fine (the ssh calls are initiated via API calls). That same docker is on Google Cloud run and all API calls work except the one requiring an ssh connection to my local machine.
Here are some configurations that may help:
DOCKER:
- port 22 exposed and mapped to port 22 (in docker-compose.yaml)
- port 80 exposed and mapped to port 80 (in docker-compose.yaml)
- Has the necessary rsa keys and known hosts for the local machine
Google Cloud Run:
- VPC created with a Static IP address (Google Cloud Static IP)
- ingress and egress are allowed on port 22
- VPC is setup for the Cloud Run for the specified docker image
Local Machine:
- Contains the specialized software Has the necessary rsa keys and known hosts for the docker container
- Has the necessary rsa keys and knows hosts for the Google Cloud Run static IP
I can ping the static IP on google cloud from my machine with no problem. I'm not sure if all that information is useful and if my explanation is clear but I can adjust my question according to responses. Again, I'm a newbie here :).
I solved this problem and it was mainly @Ben k’s comment that made me realize something was blocking and it was thanks to @Robert G’s suggestion to reproduce a minimal reproducible example.
Here are the main issues that were fixed (and their root cause) in hopes it may help another newbie like myself.
1- My IP address was not visible beyond my local network. I tried pinging my IP address from outside and had no response. My router was blocking any inbound connections. So, I created a special firewall rule on my router to allow for outside traffic but limited to certain IP addresses I trust.
2- By producing a minimal, reproducible example, I realized that I was setting up ssh with their associate rsa keys but I wasn’t sharing the right keys. My docker container had rsa keys that I had setup a while ago but these were since updated and I did not realize I never updated their values in the docker container.
3- I had setup a firewall rule in the Google Cloud Run VPC network to allow for connections to my home network. I had set up the 192.168.X.X IP address on Ggloud run but I was then told any 192.168.X.X addresses are local address that identify devices connected to your local network. These are not the actual IP addresses that are broadcasted outside the network. I then re-setup Gcloud run firewall rules to include my REAL IP address (the one that is actually visible to the outside world). The reason why the first scenario in the included graphics (original post) worked was because the docker container was hosted on my laptop and was readily accessible by my local network.
With these 3 changes, I now have a successful ssh connection and can scp as expected. I hope this helps anyone out there.
- How to list all the removable devices with DBus and UDisks2?
- gobject/gnome/glib bindings for D using GIR?
- How do nested functions get compiled?
- The "this" pointer and message receiving in D
- 64-bit executables with DMD
- GtkD with D lang on Fedora
- Why Android used Java concept instead of D language or C or C++? But Chromium web browser is in C++, its very complicated match
- How to use MongoItemWriter to write a List<T>
- Why a function with protected modifier can be overridden and accessible every where?
- Convert Unicode const(uint)* to a dlang character type
- Compiling D with Code::Blocks
- DMD vs. GDC vs. LDC
- Rendering a font in raylib using freetype
- Digital Mars D compiler; acquiring ASM output
- D Programming: openssl rsa forward reference compiler error
- D compiler DMD doesn't link object files
- OPTLINK: Warning 23: No Stack
- Is there a limit in the amount of temporary generated symbols during a project build using dmd 2.063?
- Is this the right way to combine Garbage collected with none Garbage collected code in D
- D compiler (Digital Mars D Compiler) throwing error
- Which D Compiler to Use?
- Splitting a string treating multiple whitespace as one separator
- Proper way of passing array parameters to D functions
- Detailed Valgrind internals documentation
- Is it possible, in D, to tell the garbage collector to not scan a particular pointer (or anything below it)?
- Iterate over key/value pairs in associative array in D.
- Dlang associative array of an array of strings keyed by a string has unexpected behavior
- How to repeat a statement N times (simple loop)
- Is worth the effort to learn D?
- ld: undefined reference to object I can see in objdump