Issue
I've created a virtual machine on Google Cloud Platform following this manual.
I was able to create an SSH connection from my local machine to the VM and set it up to host a publicly available R Shiny App. Now I'm wondering if there is any way to access my local machine from the VM using this SSH connection. This would be a problem if the server gets hacked, maybe because I wasn't able to correctly configure security settings (I'm not too experienced with this). Or is this a "one-way" connection to the VM and the other way is blocked, e.g. by my personal firewall?
Any suggestion would help. Thanks!
Solution
An SSH connection requires that the target machine have a public SSH key that are used to identify an incoming client that has the corresponding private SSH key. If you can SSH from your local PC to a GCP Compute Engine (CE) then your local PC has a copy of the private key and the compute engine has the public key. This is one-way connection. There is no symmetry in a connection originating from the compute engine. To be able to SSH into your local PC then:
- Your local PC needs to has SSH server installed.
- Your local PC needs to have the public part of an SSH key pair configured.
- The client needs to have the private part of an SSH key pair available.
- The client needs to know your IP address.
- There needs to be a network route to your local PC from the client.
- Your firewall needs to permit the incoming client on the port that the SSH server is listening (default 22)
Unless the above are all satisfied, there should be no mechanism to allow a compromised compute engine to open a shell "back into" your local PC.
Answered By - Kolban
