SSH to Google VM not allowed

Hi everybody, this is my first post in this forum :slight_smile:
I am trying to use boringproxy.
Installed the server in a google minimal vm, using the docker compose file in a Portainer stack, I exposed ports 80,443,9000,9001
and verified with “ss -lt” from the vm ssh.
In the google firewall, I declared all those ports.

Then I connected the Home Assistant integration

I see it (the HA client) in the server, clients webpage.

I wish create a tunnel to allow the connection from remote to my home (behind nat or double nat) “Home Assistant webpage” on port 8123 (connected to internet with the 4G), only the server have a public IP, not my home.

I receive dial tcp failed for 127.0.0.1:9001 the port in the google vm i am using to receive tunnel connection from my home .

Am doing it wrong?

What I found it is an error in the client ssh connection log (pubkey)

1° error done, I didn’t pair the pubkey created with ssh-keygen in my Home Assistant linux shell, updating it in the google computing instance settings.

2° I faced a similar issue:

in my case the user for the ssh key-pair created cannot be root or different by the users defined in the google vm.
I verified it connecting to google from shell with the ‘dietpi’ user keypair and it fail, also for the ‘root’ user.

Then I used the key created with:
ssh-keygen -C ‘my_user_gmail_com’
and it works!.

Now I am locked, I don’t know how to force the client to use a defined rsa key-pair for the ssh connection.

Thanks for your help. Great project.

I have to try to use the last client release on dietpi, instead use the home assistant addon container. Inspecting that I not found where to mount the rsa files.

Hi @Gina. It’s interesting that apparently google vm ssh keys require the username to be in the public key comment. If that is indeed the case, I don’t think boringproxy is going to work with google vms without modifications. There’s currently no way to modify the public keys as used by the boringproxy client.