SSH and RDP are the two protocols you use to remotely access Compute Engine VMs. Which one you use depends entirely on the operating system the VM is running. This article covers what each protocol is, when to use which, and the specific way the Associate Cloud Engineer exam tests them.
It does not cover deep packet-level details of either protocol, every possible SSH client, or how to harden Windows servers. The goal here is to give you what you need to recognize SSH and RDP scenarios on the ACE exam and know which answer to pick.
If a VM runs Linux, you use SSH. If a VM runs Windows, you use RDP. That covers almost every case, and it is the single most important fact for the exam.
The reason this matters is that exam questions sometimes describe a scenario without saying the word "Linux" or "Windows" directly. A question might mention a Windows Server 2022 VM, or a VM that runs a graphical application, or a VM where someone is "accessing the desktop." Those phrases all point to RDP. A question that mentions a typical web server, a Debian or Ubuntu image, or running shell commands points to SSH.
SSH stands for Secure Shell. It is a protocol that lets you log into a remote computer and run commands on it. The traffic is encrypted, so credentials and command output cannot be read by someone watching the network. SSH also supports secure file transfers and port forwarding, but those are bonus features. The core thing is "command line access to a remote machine."
Google Cloud handles SSH key management for you in most cases. When you click the SSH button in the Cloud Console or run gcloud compute ssh, Google generates and applies SSH keys automatically. You do not have to manage keys manually unless you specifically want to.
There are also a few SSH-related security options that matter for the ACE exam. You can enable OS Login, which switches SSH key management to be IAM-based. You can require two-step verification on SSH access. You can block project-wide SSH keys for a specific VM if you want to lock it down. These are configurable on the VM itself in the Security section.
RDP stands for Remote Desktop Protocol. It was developed by Microsoft, and it is the standard way to access a Windows machine remotely. Unlike SSH, RDP gives you a full graphical desktop. You see the actual Windows desktop, you click around with your mouse, you launch applications by double-clicking icons. It is essentially a remote-control session for the entire OS.
To use RDP with a Compute Engine Windows VM, you need credentials. There are two ways to get them. The first is a gcloud command:
gcloud compute reset-windows-password INSTANCE_NAME \
--zone=us-central1-a \
--user=USERNAMEThis generates a secure password for the specified Windows user account on the VM. The second way is to set the username and password manually through the "Remote access" section in the Compute Engine Console, which is essentially the same operation through a different interface.
Once you have credentials, you connect with any RDP client. Microsoft's built-in Remote Desktop client on Windows works. There are also RDP clients for Mac and Linux.
Two patterns show up on the Associate Cloud Engineer exam.
The first is the basic protocol-matching question. The scenario describes a VM running a specific OS and asks how to access it remotely. If the VM is Linux, the answer is SSH. If the VM is Windows, the answer is RDP. If you see "reset-windows-password" or "Remote Desktop" in the answer choices, that is a Windows VM.
The second pattern involves credentials specifically for Windows VMs. The scenario describes someone who needs to RDP into a Windows VM but does not have the password. The answer is to use gcloud compute reset-windows-password to generate one, or to set credentials through the Console. If you see a question about Windows VM passwords, this command is what they are looking for.
If you see "SSH" in the question, think Linux access. If you see "Remote Desktop" or "Windows VM access," think RDP and reset-windows-password.
SSH for Linux, RDP for Windows. SSH gives you a command line. RDP gives you a graphical desktop. Both are encrypted and both are managed through Google Cloud's tooling so that you rarely have to think about the underlying protocol details.
For SSH, the important thing to remember is that key management is automatic by default but can be replaced by OS Login for IAM-based access. For RDP, the important thing to remember is that you need to reset or set the Windows password before you can connect, and the gcloud command for that is reset-windows-password.
My Associate Cloud Engineer course covers SSH and RDP access in the Compute Engine section, alongside OS Login configuration and the IAM roles that control who can connect to which VMs.
