Google Cloud Platform Blog
Product updates, customer stories, and tips and tricks on Google Cloud Platform
Managing SSH access with Compute User Accounts
October 19, 2015
Managing administrators' SSH access to VMs is a complex identity task that could be hard to make secure. Traditionally, customers were required to hard code their keys and identity during account setup, and then create individual accounts for each user on individual VMs. It was important for administrators to remember to remove keys of employees who no longer worked with the company.
Today, we’re making this process a lot simpler and more secure on Google Cloud Platform with the launch of
Compute User Accounts
. You can use the
setup steps
to enable the Cloud User Accounts API and create VMs to take advantage of this capability.
Compute User Accounts are in Beta and with it you can:
Create VM accounts and groups just once to be used on all the VMs
Grant users SSH access and the ability to rotate keys without providing full project editor/owner rights
View at a glance the VM accounts and keys in your project
Be sure that all accounts on VMs will be disabled when the Google ID owning them is deleted or disabled. This means when an employee leaves the company, they'll no longer be able to SSH into your VMs.
The new VM accounts tab under the Permissions page in the Developer Console shows you all the accounts provisioned for your VMs. To add an Account, you can click the “Create VM Account” button.
Once an account has been created, the owner of the account will be able to view the details of their account and rotate their keys. They can also set a description and expiration for each key.
View and manage user groups under the “User groups” tab
SSH with VM accounts using the gcloud command below
$ gcloud beta compute ssh [USERNAME@]INSTANCE
When a user is removed from the Project permissions or when their Google ID is deleted, the VM accounts owned by the user will automatically be disabled.
All user account management operations can also be done through
APIs
and
CLIs
.
To learn more about Compute User Accounts, you can read the documentation
here
, and we always love
feedback
.
- Posted by Rae Wang, Product Manager, Google Cloud Platform
No comments :
Post a Comment
Free Trial
Labels
Android
Announcement
api
app engine
Atmosphere Live
bigquery
BigTable
CDN
Cloud Console
Cloud Dataflow
Cloud Datastore
cloud endpoints
Cloud Pub/Sub
Cloud SDK
cloud sql
cloud storage
Cloudera
Compute
Compute Engine
container cluster
customer
Dev Tools
developer tools
developer-insights
Developers
Developers Console
devfests
Disaster Recovery
Encryption Keys
ESG
Event
events
GA
Go Client
Google App Engine
Google Apps
Google BigQuery
Google Cloud Deployment Manager
Google Cloud Networking
Google Cloud Platform
Google Cloud Storage
Google Compute Engine
Google Container Engine
gRPC
hadoop
Hardware
Helium
how to
IO2013
iOS
Kubernetes
Levyx
Local SSD
mapreduce
Media
Nearline
networking
open source
PaaS Solution
Partner
Pricing
Research
round-up
Server
Siggraph
solutions
Startup
Tableau
TCO
Technical
Windows
Wowza
Zync
Archive
2015
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Feed
Technical questions? Check us out on
Stack Overflow
.
Subscribe to
our monthly newsletter
.
Follow @googlecloud
No comments :
Post a Comment