Ensure that OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.
Enabling OS Login feature ensures that the SSH keys used to connect to VM instances are mapped with Google Cloud IAM users. Revoking access to corresponding IAM users will revoke all the SSH keys associated with these users, therefore it facilitates centralized SSH key pair management, which is extremely useful in handling compromised or stolen SSH key pairs and/or revocation of external/third-party/vendor users.
Important Note: Enabling OS Login for a GCP project disables metadata-based SSH key configurations on all the Google Compute Engine instances available within that project.
To determine if OS Login is enabled at the Google Cloud Platform (GCP) project level, perform the following actions:
Remediation / Resolution
To enable the OS Login feature at the Google Cloud Platform (GCP) project level, perform the following actions:
- CIS Security Documentation
- Securing Google Cloud Computing Platform
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Enable OS Login for GCP Projects
Risk level: Low