Setting up OS Login access on an existing VM
If you need to set up a connection to a deployed VM via OS Login, you can install the OS Login agent on the VM yourself.
Enabling access via OS Login
Tip
To create VMs with OS Login access and connect to such VMs, enable OS Login at the Yandex Cloud organization level first.
To set up OS Login access to an existing VM:
-
Enable access via OS Login at the organization level.
-
Connect to the VM over SSH.
-
Install the OS Login agent on the VM. Depending on the VM's OS, run one of the following commands:
Note
The Ubuntu 24.04 public image has a pre-installe OS Login agent, so you do not need to install it yourself.
Ubuntu 22.04Ubuntu 20.04Ubuntu 18.04CentOS 7Debian 11AlmaLinux 9curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-22.04/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-20.04/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-18.04/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/centos-7/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/debian-11/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/almalinux-9/config_oslogin.sh | bash
-
Enable access via OS Login on the VM.
You can now connect to the VM via OS Login using either the YC CLI or a standard SSH client. To connect, you can use an SSH certificate or SSH key, which you first need to add to organization user or service account profile in Yandex Cloud Organization.
Enabling access via OS Login
To enable access without OS Login, the VM must contain the public part of the SSH key. If the VM was created without an SSH key or the key was lost, add the key and user manually before disabling OS Login access.
To be able to connect to the VM over SSH without using OS Login:
-
Disable access via OS Login.
Management consoleCLI- In the management console
, select the folder the VM belongs to. - Select Compute Cloud.
- In the left-hand panel, select
Virtual machines and click the name of the VM. - In the top-right corner, click
Edit VM. - Under Access, select SSH key.
- Click Save changes.
Run this command:
yc compute instance update --name <VM_name> \ --folder-id <folder_ID> \ --metadata enable-oslogin=false
Make sure that access via OS Login is disabled:
yc compute ssh --name <VM_name> --folder-id <folder_ID>
Result:
... username@12.345.***.***: Permission denied (publickey). ...
- In the management console
-
Connect to the VM over SSH.
-
Run the following command to delete OS Login packets:
Linuxcurl https://storage.yandexcloud.net/oslogin-configs/common/remove_oslogin.sh | bash
When deleting, you will be prompted to confirm the deletion of the
cron
andunscd
packets. To confirm, typey
and press Enter.