RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys below:

Choose an access method | Compute Engine Documentation

Choose an access method

Stay organized with collections Save and categorize content based on your preferences.

If you have Linux virtual machine (VM) instances running on Google Cloud, you might need to share or restrict user or application access to your VMs.

If you need to manage user access to your Linux VM instances, you can use one of the following methods:
If you need to manage application access to your VM instances, see Use SSH with service accounts.

Note: When a user connects to a VM, that user can use all of the IAM permissions granted to the service account attached to the VM. Managing user access OS Login

In most scenarios, we recommend using OS Login. The OS Login feature lets you use Compute Engine IAM roles to manage SSH access to Linux instances. You can add an extra layer of security by setting up OS Login with two-factor authentication, and manage access at the organization level by setting up organization policies.

To learn how to enable OS Login, see Set up OS Login.

Manage SSH keys in metadata

If you are running your own directory service for managing access, or are otherwise unable to set up OS Login, you can manually manage SSH keys in metadata.

Note: If you connect to Linux VMs using the Google Cloud console or the Google Cloud CLI, Compute Engine creates SSH keys on your behalf. For more information on how Compute Engine configures and stores keys, see About SSH connections to Linux VMs. Risks of manual key management

Some of the risks of manual SSH key management include the following:

All users who connect to VMs using SSH keys stored in metadata have sudo access to VMs.
You must keep track of expired keys and delete keys for users who shouldn't have access to your VMs. For example, if a team member leaves your project, you must manually remove their keys from metadata, so they can't continue to access your VMs.
Specifying your gcloud CLI or API calls incorrectly can potentially wipe out all of the public SSH keys in your project or on your VMs, which disrupts connections for your project members.
Users and service accounts that have the ability to modify project metadata can add SSH keys for all VMs in the project except for VMs that block project-level SSH keys.

If you aren't sure that you want to manage your own keys, use Compute Engine tools to connect to your instances instead.

What's next?

Learn how to set up OS Login.
Learn how to create SSH keys.
Learn how to add SSH keys to VMs.
Learn how to restrict SSH keys from VMs.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-07 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Google Cloud offers several methods to manage user access to Linux VM instances, including OS Login and managing SSH keys in metadata."],["OS Login is the recommended method for managing user access to Linux VMs, enabling the use of Compute Engine IAM roles and offering enhanced security features like two-factor authentication."],["Manually managing SSH keys in metadata carries risks, such as granting all users with those keys `sudo` access and requiring manual tracking of expired or unauthorized keys."],["Application access to VM instances can be managed through the use of SSH with service accounts, complementing user access controls."],["Compute Engine tools can be utilized to manage connections to instances, providing an alternative to manual key management."]]],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4