oslogin // using a long-standing ssh key

certificate | impersonate | install | instance | ssh key

descrdescr

oslogin certificates expire (about an hour?), so this is far more convenient

works for any oslogin account, your own or an SA.

requirementsrequirements

make sure you’re on the right profile

yc config profile list
yc config profile activate test

setupsetup

create an SSH key pair to begin with, as usual

file=oslogin_ssh_ACCOUNT-NAME

account=ACCOUNT-NAME
account=ansible-oslogin-test-sa # for each folder

ssh-keygen -t ed25519 -f $file

add key-pair to service account

yc organization-manager organizations list

org_id=...

yc organization-manager oslogin user-ssh-key create --help
yc organization-manager oslogin user-ssh-key create \
    --organization-id $org_id \
    --name $file \
    --subject-id $account \
    --data "`cat $file.pub`"

resourcesresources

Using a service account with an OS Login profile for VM management via Ansible https://yandex.cloud/en/docs/tutorials/security/sa-oslogin-ansible


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT