oslogin // reach an instance using a CLI or certificate

certificate | impersonate | install | instance | ssh key

requirements

assuming compute.osAdminLogin and compute.operator roles

make sure you’re on the right profile

yc config profile list
yc config profile activate test
yc config profile activate ansible-oslogin-test-sa

ready to go

check that you can reach the instance using the CLI

    yc compute ssh --name test-host1 --folder-id $YC_FOLDER_ID

note when using an SA notice the username - it has yc-sa- prefix

now create the oslogin certificate (valid one hour)

#yc organization-manager organization list
yc compute ssh certificate export
    #--organization-id
    #--directory

now let’s try to auth into the compute node using oslogin – don’t forget the yc-sa- prefix!

instance=some-host

ssh $instance -l yc-sa-$sa \
    -i $HOME/.ssh/yc-cloud-id-$YC_CLOUD_ID-yc-sa-$sa

    #-i $HOME/.ssh/yc-organization-id-$org_id-yc-sa-$sa

notice the username is also hard-coded within the certificate file-name.

resources

Exporting an OS Login certificate https://yandex.cloud/en/docs/compute/operations/vm-connect/os-login-export-certificate


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun