setting up and using google/yandex oslogin

warning

this disables casual SSHD auth entirely. make a backup first

# for root and any other user that has ssh auth configured
cp -a ~/.ssh/authorized_keys ~/.ssh/authorized_keys.bkp-before-oslogin

cp -a /etc/ssh/ /etc/ssh.bkp-before-oslogin/

install

see https://yandex.cloud/en/docs/compute/operations/vm-connect/enable-os-login

setup

there are two ways of getting into an instance through oslogin

plan A] using oslogin certificate

CLI profile as service account + oslogin certificate export + ssh -i

see oslogin-certificate

plan B] using ssh key

organization-level oslogin user ssh-key

see oslogin-ssh-key

resources

OK https://yandex.cloud/ru/docs/organization/concepts/os-login

NOK https://yandex.cloud/en/docs/organization/concepts/os-login

terraform

https://terraform-provider.yandexcloud.net/Resources/iam_service_account


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun