oslogin // using a long-standing ssh key

certificate | impersonate | install | instance | ssh key

descr

oslogin certificates expire (about an hour?), so this is far more convenient

works for any oslogin account, your own or an SA.

requirements

make sure you’re on the right profile

    yc config profile list
    yc config profile activate test

setup

create an SSH key pair to begin with, as usual

file=oslogin_ssh_ACCOUNT-NAME

account=ACCOUNT-NAME
account=ansible-oslogin-test-sa # for each folder

ssh-keygen -t ed25519 -f $file

add key-pair to service account

yc organization-manager organizations list

org_id=...

yc organization-manager oslogin user-ssh-key create --help
yc organization-manager oslogin user-ssh-key create \
    --organization-id $org_id \
    --name $file \
    --subject-id $account \
    --data "`cat $file.pub`"

resources

Using a service account with an OS Login profile for VM management via Ansible https://yandex.cloud/en/docs/tutorials/security/sa-oslogin-ansible


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun