Setting up OS Login access on an existing VM
If you need to set up a connection to a deployed VM via OS Login, you can install the OS Login agent on the VM yourself.
Enabling access via OS Login
To set up OS Login access to an existing VM:
-
Enable access via OS Login at the organization level.
-
Connect to the VM over SSH.
-
Install the OS Login agent on the VM. Depending on the VM's OS, run one of the following commands:
Ubuntu 22.04Ubuntu 20.04Ubuntu 18.04CentOS 7Debian 11AlmaLinux 9curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-22.04/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-20.04/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/ubuntu-18.04/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/centos-7/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/debian-11/config_oslogin.sh | bash
curl https://storage.yandexcloud.net/oslogin-configs/almalinux-9/config_oslogin.sh | bash
-
Enable access via OS Login on the VM.
You can now connect to the VM via OS Login using either the YC CLI or a standard SSH client providing an SSH certificate or key previously added to the OS Login profile for the user or service account in Yandex Cloud Organization.
Disabling access via OS Login
To enable access without OS Login, the VM must contain the public part of the SSH key. If the VM was created without an SSH key or the key was lost, add the key and user manually before disabling OS Login access.
To be able to connect to the VM over SSH without using OS Login:
-
Disable access via OS Login.
Management consoleCLI- In the management console
, select the folder the VM belongs to. - Select Compute Cloud.
- In the left-hand panel, select
Virtual machines and click the name of the VM you need. - In the top-right corner, click
Edit VM. - When creating the VM, under Access, disable Access via OS Login.
- Click Save changes.
Run this command:
yc compute instance update --name <VM_name> \ --folder-id <folder_ID> \ --metadata enable-oslogin=false
Make sure OS Login access is disabled:
yc compute ssh --name <VM_name> --folder-id <folder_ID>
Result:
... username@12.345.***.***: Permission denied (publickey). ...
- In the management console
-
Connect to the VM over SSH.
-
Run the following command to delete OS Login packets:
Linuxcurl https://storage.yandexcloud.net/oslogin-configs/common/remove_oslogin.sh | bash
When deleting, you will be prompted to confirm the deletion of the
cron
andunscd
packets. To confirm, typey
and press Enter.