this disables casual SSHD auth entirely. make a backup first
# for root and any other user that has ssh auth configured cp -a ~/.ssh/authorized_keys ~/.ssh/authorized_keys.bkp-before-oslogin cp -a /etc/ssh/ /etc/ssh.bkp-before-oslogin/
see https://yandex.cloud/en/docs/compute/operations/vm-connect/enable-os-login
there are two ways of getting into an instance through oslogin
CLI profile as service account + oslogin certificate export + ssh -i
organization-level oslogin user ssh-key
see oslogin-ssh-key
OK https://yandex.cloud/ru/docs/organization/concepts/os-login
NOK https://yandex.cloud/en/docs/organization/concepts/os-login
https://terraform-provider.yandexcloud.net/Resources/iam_service_account