Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Setting up OS Login access on an existing VM

Written by
Updated at November 8, 2024

If you need to set up a connection to a deployed VM via OS Login, you can install the OS Login agent on the VM yourself.

Enabling access via OS Login

To set up OS Login access to an existing VM:

  1. Enable access via OS Login at the organization level.

  2. Connect to the VM over SSH.

  3. Install the OS Login agent on the VM. Depending on the VM's OS, run one of the following commands:

    curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-22.04/config_oslogin.sh | bash

    curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-20.04/config_oslogin.sh | bash

    curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-18.04/config_oslogin.sh | bash

    curl https://storage.yandexcloud.net/oslogin-configs/centos-7/config_oslogin.sh | bash

    curl https://storage.yandexcloud.net/oslogin-configs/debian-11/config_oslogin.sh | bash

    curl https://storage.yandexcloud.net/oslogin-configs/almalinux-9/config_oslogin.sh | bash

  4. Enable access via OS Login on the VM.

You can now connect to the VM via OS Login using either the YC CLI or a standard SSH client providing an SSH certificate or key previously added to the OS Login profile for the user or service account in Yandex Cloud Organization.

Disabling access via OS Login

To enable access without OS Login, the VM must contain the public part of the SSH key. If the VM was created without an SSH key or the key was lost, add the key and user manually before disabling OS Login access.

To be able to connect to the VM over SSH without using OS Login:

  1. Disable access via OS Login.

    1. In the management console, select the folder the VM belongs to.
    2. Select Compute Cloud.
    3. In the left-hand panel, select Virtual machines and click the name of the VM you need.
    4. In the top-right corner, click Edit VM.
    5. When creating the VM, under Access, disable Access via OS Login.
    6. Click Save changes.

    Run this command:

    yc compute instance update --name <VM_name> \
--folder-id <folder_ID> \
--metadata enable-oslogin=false

    Make sure OS Login access is disabled:

    yc compute ssh --name <VM_name> --folder-id <folder_ID>

    Result:

    ...
username@12.345.***.***: Permission denied (publickey).
...

  2. Connect to the VM over SSH.

  3. Run the following command to delete OS Login packets:

    curl https://storage.yandexcloud.net/oslogin-configs/common/remove_oslogin.sh | bash

    When deleting, you will be prompted to confirm the deletion of the cron and unscd packets. To confirm, type y and press Enter.

Previous
Creating a VM with OS Login
Next
Exporting an SSH certificate