OS Login

NB

These notes are not necessarily complete as they have been brought together after configuring OS Login. Please use as 'guidelines' only and make sure you check before commiting changes.

OS Login gives quicker SSH access to your Google Compute Engine instance, as well as other benefits.

Changing to OS Login will change the username and home directory from user_name to user_name_domain_com. So if you change to oslogin after setting up GAM, you will not have access to GAM.

Domain Suffix

Before Installing GAM

Before you install GAM you will need to decide if you want to have the domain suffix as part of the user name. To change this go to your Google Admin Console (GSuite) Apps > Additional Google services > Google Cloud Platform. Under OS Login API settings select POSIX Account Settings and change the Include the domain suffix in usernames generated by the OS Login API setting accordingly.

I do not think it matters if this is left checked, although the username and home folder will be longer.

After Installing GAM

If you enable OS Login after you have set up GAM and already logged in, you will need to uncheck the Include the domain suffix in usernames generated by the OS Login API option and then follow the method to change the existing users POSIX info. If you do not do this you will not be able to access the GAM running under your original username.

OS Login

Enable

Follow the instructions from the link on the SSH login screen https://cloud.google.com/compute/docs/instances/managing-instance-access.

These instructions will ensure that your user account given permission for the Compute Engine instance (https://console.cloud.google.com/cloud-resource-manager) or for all Domain instances and the Metadata (https://console.cloud.google.com/compute/metadata) is updated to include the enable-oslogin (TRUE) key.

POSIX Info

To change the POSIX info go to this page https://developers.google.com/admin-sdk/directory/v1/reference/users/update

Obtain current POSIX info

Enter the user email address into the userKey field and click Execute. You will then be able to copy the existing POSIX info.

"posixAccounts": [

{

"username": "user_name_domain_com",

"uid": "1xxxxxxxx2",

"gid": "1xxxxxxxx2",

"homeDirectory": "/home/user_name_domain_com",

"systemId": "",

"primary": true,

"operatingSystemType": "linux"

}

],

Update the POSIX info

Remove the _domain_com from the username and homeDirectory lines so the username matches the existing user.

"posixAccounts": [

{

"username": "user_name",

"uid": "1xxxxxxxx2",

"gid": "1xxxxxxxx2",

"homeDirectory": "/home/user_name",

"systemId": "",

"primary": true,

"operatingSystemType": "linux"

}

],

Copy and paste this back into the Request body section and click Execute again. Ensure that the userKey still has the users email address.

Restart the VM, if it is already running. When you connect via SSH you should be take to the original username.