Cannot use SSH on Google Compute Engine instance

When using Google Cloud Platform Console and the Google Cloud SDK to connect to your Google Compute Engine instance, you receive a permission denied error. However, you have all the required permissions to be able to SSH. This could be for new VMs or VMs that you used to be able to connect to. 

When looking for potential changes in the project wide metadata (Compute Engine > Metadata) or the instance metadata (Compute Engine > click on the VM > Custom Metadata). You notice Enable OS Login is set to true. 

• Google Compute Engine VM with OS Login enabled

To be able to access instances with OS Login enabled, you need one of the following roles:

• roles/compute.osLogin, no administrator permissions implied
• roles/compute.osAdminLogin, no administrator permissions implied
• Or any of the following administrator roles:
  • roles/owner
  • roles/editor
  • roles/compute.instanceAdmin

When OS Login is enabled, authorization is done using IAM roles rather than managing individual SSH keys. Therefore, the user attempting to connect must have one of the required IAM roles to be authorized successfully.