As a perfect bastion, Cloud Shell comes with many tools pre-installed and a persistent storage.
Let’s try to connect to an instance with an external IP:
$ gcloud compute ssh instance-1 --zone europe-west1-d
But if the instance doesn’t have a public IP address? You can add one temporarily before trying to connect:
$ gcloud compute instances add-access-config instance-2 \ --zone europe-west1-d $ gcloud compute ssh instance-2 \ --zone europe-west1-d $ gcloud compute instances delete-access-config instance-2 \ --zone europe-west1-d
Want to go further?
More details in the dedicated documentation: Securely Connecting to VM Instances