Any 'gcloud compute ...' command results in Error:...

gbergeraph · 12-06-2022 03:12 PM

Have had a GCE instance for a long time. Created another and am trying to ssh into either from the other. Both instances belong to the same project, one is on us-central1-c, the other is on us-central1-a.

From either instance:

The 'gcloud compute ssh ...' command fails with "Request had insufficient authentication scopes" in either direction.
'gcloud compute images list' also fails with the error.
gcloud compute project-info describe --project (project name) fails with the same error.

Any ideas what's happening? Where would I find/set authentication scopes to allow ssh from one instance to the other? Or even list information?

Any thoughts appreciated.

glen_yu

This is because you're trying to ssh using a `gcloud compute` command -- which goes through the Google APIs (compute.googleapis.com). By default, the compute engines have a limited scope defined, so they can't access various Google APIs from the VM unless you allow it. (See attached screenshot of VM details -- notice how a lot of the API access scopes are disabled by default? So for example the VM can't make any BigQuery calls as well unless it's enabled and since Compute Engine is also disabled, you can't do any `gcloud compute` commands from it).

You can use `gcloud compute ssh` from your laptop/desktop because it's not bound by the same rules.

If you want to ssh from one VM to another, you'll have to use good 'ole plain `ssh`

SebastianG

Hi @gbergeraph,

Is there a particular reason for using `gcloud` to SSH from one VM to another instead of ssh-ing directly?

ssh -i [key-file] [user]@[10.0.0.1]

Any 'gcloud compute ...' command results in Error: "Request had insufficient authentication scopes"