This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cannot add SSH key to VM for Vertex AI notebook instance

Posted on 03-09-2025 08:47 AM
danherman212245
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Greetings,

I'm trying to connect my local VS Code client to Vertex AI Notebook through SSH tunnel.

I am going through a setup workflow and I get stuck.

I go to the vm instance in compute engine  end hit the edit button

I add the ssh key and hit save, then I get an error message:

 
Required 'Current principal doesn't have permission to mutate this resource!' permission for 'remote-test'
 
I checked the current IAM configuration and owner access to compute engine appears to be correct.
 
Any insight to repair this would be appreciated.  
 
Cheers

 

 

Solved Solved
0 1 144
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
MarvinLlamas
Staff
Reply posted on --/--/---- --:-- AM

Hi @danherman212245,

Welcome to the Google Cloud Community!

The error "Required 'Current principal doesn't have permission to mutate this resource!' permission for 'remote-test'" clearly indicates a permissions issue.

Here are the potential ways that might help with your use case:

  • Verify Your Account: Double-check which Google Cloud account you are actively logged into when trying to edit your Compute Engine instance. It's possible you're logged into a different account in your browser than the one you think you're using, especially if you have multiple Google accounts.
  • Verify IAM Permissions: To modify Compute Engine instances, your service or user account needs at least the roles/compute.instanceAdmin.v1 role, which grants broad permissions. For just adding an SSH key, a narrower role like roles/compute.instanceUpdater might suffice, but for initial troubleshooting, it's best if you start with compute.instanceAdmin.v1.
  • IAM Propagation Delay: IAM changes you make can take a few minutes to propagate fully through the Google Cloud infrastructure. After making changes to your IAM roles, wait 5-10 minutes and then try again.
  • Command-Line Verification: You may want to use the gcloud CLI to add your SSH key with the following command: ‘gcloud compute instances add-metadata INSTANCE_NAME --metadata ssh-keys="USERNAME:SSH_PUBLIC_KEY" --...’. Replace ‘INSTANCE_NAME’, ‘USERNAME’, ‘SSH_PUBLIC_KEY’, and ‘ZONE’ with your specific details. If the command fails, it will provide an error message to help you identify the issue. Ensure you run the command as the user you are adding the key for and check that the `--zone` parameter is correct.
  • Check Browser Extensions: Some of your browser extensions, especially security or ad-blocking ones, can interfere with the Google Cloud Console. Try disabling your browser extensions temporarily to see if that resolves the issue.

You may refer to the documentation below, which covers how to install, understand, and effectively use the gcloud CLI to manage your Google Cloud resources, including adding SSH keys to Compute Engine instances.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

 

 

 

 

 

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
MarvinLlamas
Staff
Reply posted on --/--/---- --:-- AM

Hi @danherman212245,

Welcome to the Google Cloud Community!

The error "Required 'Current principal doesn't have permission to mutate this resource!' permission for 'remote-test'" clearly indicates a permissions issue.

Here are the potential ways that might help with your use case:

  • Verify Your Account: Double-check which Google Cloud account you are actively logged into when trying to edit your Compute Engine instance. It's possible you're logged into a different account in your browser than the one you think you're using, especially if you have multiple Google accounts.
  • Verify IAM Permissions: To modify Compute Engine instances, your service or user account needs at least the roles/compute.instanceAdmin.v1 role, which grants broad permissions. For just adding an SSH key, a narrower role like roles/compute.instanceUpdater might suffice, but for initial troubleshooting, it's best if you start with compute.instanceAdmin.v1.
  • IAM Propagation Delay: IAM changes you make can take a few minutes to propagate fully through the Google Cloud infrastructure. After making changes to your IAM roles, wait 5-10 minutes and then try again.
  • Command-Line Verification: You may want to use the gcloud CLI to add your SSH key with the following command: ‘gcloud compute instances add-metadata INSTANCE_NAME --metadata ssh-keys="USERNAME:SSH_PUBLIC_KEY" --...’. Replace ‘INSTANCE_NAME’, ‘USERNAME’, ‘SSH_PUBLIC_KEY’, and ‘ZONE’ with your specific details. If the command fails, it will provide an error message to help you identify the issue. Ensure you run the command as the user you are adding the key for and check that the `--zone` parameter is correct.
  • Check Browser Extensions: Some of your browser extensions, especially security or ad-blocking ones, can interfere with the Google Cloud Console. Try disabling your browser extensions temporarily to see if that resolves the issue.

You may refer to the documentation below, which covers how to install, understand, and effectively use the gcloud CLI to manage your Google Cloud resources, including adding SSH keys to Compute Engine instances.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

 

 

 

 

 

Jump to Solution
0 Likes