OS Login
OS Login is a convenient way to manage connections to virtual machines and Yandex Managed Service for Kubernetes cluster nodes over SSH with an SSH certificate via the YC CLI or a standard SSH client, as well as via the YC CLI with an SSH key previously added to the organization user profile in Yandex Cloud Organization.
The OS Login agent is based on the Guest Agent for Google Compute Engine
Note
To connect to a virtual machine or Kubernetes node with OS Login access enabled, the user must have the compute.osLogin
or compute.osAdminLogin
role.
OS Login links the virtual machine or Kubernetes node user account with an organization user account. To manage access to virtual machines and nodes, at the organization level, enable the option allowing OS Login access, then enable it on each virtual machine or Kubernetes node individually.
This way you can easily manage access to virtual machines and Kubernetes nodes by assigning appropriate roles to users. If you revoke the roles, the user will lose access to all virtual machines and Kubernetes nodes where OS Login access is enabled.
Users or third-party tools, such as Terraform
To connect through a standard SSH client using an SSH certificate to a VM or Kubernetes node with OS Login access enabled, you must export the OS Login certificate and use it when connecting. The certificate is valid for one hour. After this time has elapsed, you will need to export a new certificate to connect to the VM or Kubernetes node.
To connect to a VM or Kubernetes node with OS Login access enabled through the YC CLI with an SSH key, you need to create an SSH key and add it to the organization user profile in Cloud Organization.
OS Login has the following benefits:
- Instant update of access rights when revoking or granting roles.
- Access using short-lived SSH certificates.
- Access using SSH keys.
- Restoring access to VMs and Kubernetes cluster nodes if you lose your SSH keys (in case you use regular SSH keys instead of OS Login).
- Uploading your own SSH keys to your profile.