Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “SSH Keys Should Be Instance Specific” for GCP using GCP console, you can follow the below steps:
- Login to the GCP console and select the project where the instance is running.
- In the left navigation menu, select “Compute Engine” and then click on “VM instances”.
- Select the instance for which you want to remediate the misconfiguration.
- Click on “Edit” button at the top of the page.
- Scroll down to the “SSH Keys” section and click on “Show and edit”.
- Remove any public SSH keys that are not specific to the instance.
- Add new SSH keys that are specific to the instance by clicking on “Add item” and pasting the public key in the text box.
- Click on “Save” to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of SSH keys not being instance-specific in GCP using GCP CLI, follow these steps:
- Open the Cloud Shell in the GCP console.
- Check the current SSH keys in your project using the following command:
- Identify the SSH keys that are not instance-specific and remove them using the following command:
- Create a new instance-specific SSH key using the following command:
- Add the new SSH key to your project using the following command:
- Create a new instance in GCP and specify the new SSH key as the metadata for the instance.
- Connect to the new instance using the new instance-specific SSH key.
Using Python
Using Python
To remediate the misconfiguration “SSH Keys Should Be Instance Specific” for GCP using Python, you can follow the below steps:
-
First, you need to create a new SSH key pair for the instance. You can use the
paramikolibrary in Python to generate an SSH key pair. -
Once you have generated the SSH key pair, you need to add the public key to the instance’s metadata. You can use the
google-authandgoogle-api-python-clientlibraries in Python to interact with GCP APIs. -
Finally, you can test the new SSH key by connecting to the instance using the private key.