Choosing an access method

If you have Linux VM instances running on Google Cloud, you might need to share or restrict user or app access to your instances.

• If you need to manage user access to your Linux VM instances, you can use one of the following methods:

  • OS Login
  • Managing SSH keys in metadata
  • Temporarily grant a user access to an instance

• If you need to manage application access to your VM instances, see Connecting apps to instances using service accounts.

Managing user access

OS Login

In most scenarios, we recommend using OS Login. The OS Login feature lets you use Compute Engine IAM roles to manage SSH access to Linux instances. You can add an extra layer of security by setting up OS Login with two-factor authentication, and manage access at the organization level by setting up organization policies.

Manage SSH keys in metadata

If you are running your own directory service for managing access, or are otherwise unable to set up OS Login, you can manually manage SSH key and local user accounts in metadata.

What's next

• Learn how to set up OS Login.
• Learn how to set up OS Login with two-factor authentication.
• Learn how to manage SSH keys in metadata.
• Review Managing OS Login in an organization.
• Read an overview of the OS Login feature.