How to set up OS login in GCP compute engine?

How to set up OS login in GCP compute engine?

Bawantha Wickramarachchi's photo
Bawantha Wickramarachchi
·

3 min read

First, let's talk about what OS login is and why it's important. When you want to access a virtual machine (VM) on GCP Compute Engine, you need to authenticate yourself to prove that you are authorized to access the machine. Typically, this is done using a username and password, but there are other ways to authenticate as well, such as SSH keys.

OS login is a feature that allows you to use your Google Cloud identity and access management (IAM) roles and permissions to authenticate to your VMs instead of using individual usernames and passwords. This is important for a few reasons:

  1. Security: When you use OS login, you're using the same authentication mechanism that you use for other GCP services. This means that you can leverage IAM roles and permissions to control who can access your VMs, and you don't have to worry about managing individual usernames and passwords.

  2. Simplicity: Using OS login makes it easier to manage access to your VMs. You don't have to worry about creating and managing usernames and passwords for each user, and you don't have to distribute SSH keys to each user.

Now, let's talk about how to set up OS login on GCP Compute Engine. Here are the steps you'll need to follow:

  1. Enable OS login for your project: Go to the IAM & admin page in the GCP console and click on "Settings". Then, enable the "OS Login" feature for your project.

  2. Set up a Linux user: To use OS login, you'll need to have a Linux user account set up on your VM. You can create a new user by running the following command:

     sudo adduser <username>

    Replace <username> with the name of the user you want to create. Follow the prompts to set a password and any other options you want.

  3. Add the user to the OS Login group: Next, you'll need to add the user to the google-oslogin group. You can do this by running the following command:

     sudo usermod -a -G google-oslogin <username>

    Replace <username> with the name of the user you created in step 2.

  4. Configure SSH to use OS login: Finally, you'll need to configure SSH to use OS login. To do this, add the following line to your /etc/ssh/sshd_config file:

    AuthorizedKeysCommand /usr/bin/google_authorized_keys

    This tells SSH to use the google_authorized_keys command to retrieve the authorized SSH keys for the user.

That's it! Now you should be able to authenticate to your VM using your Google Cloud identity and IAM roles and permissions. To do this, open a terminal window and run the following command:

gcloud compute ssh <vm-name> --project <project-id>

Replace <vm-name> with the name of your VM and <project-id> with the ID of your GCP project.

I hope this helps you get started with setting up OS login on GCP Compute Engine!

google cloudcompute engineDevopsserver