I have IAP configured and use it to connect to several instances in GCP. All the pre-requisite permissions and firewall rules I should need are in place (IAP-secured Tunnel User, owner, security admin) and this works flawlessly on all other instances.
However I recently added a Ubuntu 22.04 LTS instance into the mix and cannot connect to it via IAP. I can use the ssh option in GCP to connect but not IAP. When attempting to connect via IAP I have received the errors below:
When I attempt to connect via SSH from another GCP instance in the same network I get:
Due to these errors I suspect it must be something to do with the keys, but really not sure what else to check.
Additionally, I created a new test instance running Ubuntu 20.04 and IAP connects fine just as it does on all my other instances, It just doesn’t connect if the instance is running Ubuntu 22.04.
Any thoughts?
Edited to add screenshot of ssh test from another system on the same network. SSH Test was done with a locally created account and my GCP credentials.
2
Answers
I have finally found the resolution to this issue. Ordinarily I believe the troubleshooting steps posted by @GabrielRobledoAhumada and others would likely resolve, but my issue turned out to be with the use of IAP Desktop, an application that I errantly believed to be a Google created/supported application. Once this was realized I reached out the the vendor who worked with me to resolve.
The issue turned out to be that by default, "Ubuntu 22.04 does not allow RSA for SSH public key authentication anymore" a change that was implemented a few releases ago. The IAP Desktop application I was using was still trying to use RSA as the default connection setting, Once I changed the 'key type' in the IAP Desktop app to EDCDA NIST P-256 I was able to use it to connect successfully. Older version of Ubuntu and other OS's still allow the RSA keytype and is thus the reason that I could connect to basically any OS type other than Ubuntu 22.04. Thanks to those that offered assistance, and my apologies that I was under the false impression that I was using a GCP tool which made legitimate troubleshooting difficult.
A number of things can be happening here, but a good troubleshooting point would be to take a look at the local stored SSH host keys. From what I have seen, all your OS are Linux VMs, so you can start by deleting the known_hosts file and trying to connect again.