OS Login
NB
These notes are not necessarily complete as they have been brought together after configuring OS Login. Please use as 'guidelines' only and make sure you check before commiting changes.
OS Login gives quicker SSH access to your Google Compute Engine instance, as well as other benefits.
Changing to OS Login will change the username and home directory from user_name to user_name_domain_com. So if you change to oslogin after setting up GAM, you will not have access to GAM.
Domain Suffix
Before Installing GAM
Before you install GAM you will need to decide if you want to have the domain suffix as part of the user name. To change this go to your Google Admin Console (GSuite) Apps > Additional Google services > Google Cloud Platform. Under OS Login API settings select POSIX Account Settings and change the Include the domain suffix in usernames generated by the OS Login API setting accordingly.
I do not think it matters if this is left checked, although the username and home folder will be longer.
After Installing GAM
If you enable OS Login after you have set up GAM and already logged in, you will need to uncheck the Include the domain suffix in usernames generated by the OS Login API option and then follow the method to change the existing users POSIX info. If you do not do this you will not be able to access the GAM running under your original username.
OS Login
Enable
Follow the instructions from the link on the SSH login screen https://cloud.google.com/compute/docs/instances/managing-instance-access.
These instructions will ensure that your user account given permission for the Compute Engine instance (https://console.cloud.google.com/cloud-resource-manager) or for all Domain instances and the Metadata (https://console.cloud.google.com/compute/metadata) is updated to include the enable-oslogin (TRUE) key.
POSIX Info
To change the POSIX info go to this page https://developers.google.com/admin-sdk/directory/v1/reference/users/update
Obtain current POSIX info
Enter the user email address into the userKey field and click Execute. You will then be able to copy the existing POSIX info.
"posixAccounts": [
{
"username": "user_name_domain_com",
"uid": "1xxxxxxxx2",
"gid": "1xxxxxxxx2",
"homeDirectory": "/home/user_name_domain_com",
"systemId": "",
"primary": true,
"operatingSystemType": "linux"
}
],
Update the POSIX info
Remove the _domain_com from the username and homeDirectory lines so the username matches the existing user.
"posixAccounts": [
{
"username": "user_name",
"uid": "1xxxxxxxx2",
"gid": "1xxxxxxxx2",
"homeDirectory": "/home/user_name",
"systemId": "",
"primary": true,
"operatingSystemType": "linux"
}
],
Copy and paste this back into the Request body section and click Execute again. Ensure that the userKey still has the users email address.
Restart the VM, if it is already running. When you connect via SSH you should be take to the original username.