计算引擎SSH：您没有足够的权限来SSH进入此实例 [英] Compute Engine SSH: You do not have sufficient permissions to SSH into this instance

问题描述

我无法通过浏览器或gcloud使用ssh访问我的Google云计算引擎实例。我的用户帐户具有所需的 compute.instances.osLogin 权限（实际上它具有所有者角色）已将 enable-oslogin 设置为 TRUE 。

浏览器中的错误：

您没有足够的SSH权限这个例子。您需要compute.instances.setMetadata，compute.projects.setCommonInstanceMetadata或compute.instances.osLogin（启用OsLogin）和iam.serviceAccounts.actAs之一。

gcloud中的错误：

错误：（gcloud.compute.ssh）用户[my-email@gmail.com]没有权限访问用户[my-email@gmail.com：importSshPublicKey]（或者它可能不存在）：调用者没有权限

我甚至有新创建的实例的问题。

解决方案

显然设置 oslogin 到 TRUE 它可以防止使用ssh密钥进行SSH登录，我们只能使用服务帐户来访问实例。

我删除了 enable-oslogin meta项目范围和特定实例，并且在浏览器和终端中均已修复并登录。

编辑：GCP支持回答：

我很高兴你的ab您可以在禁用操作系统登录后将SSH连接到您的实例。但是，您想知道可能导致此错误的原因。

从技术上讲，OS登录功能允许您管理使用IAM角色的实例访问。但是，启用实例上的OS登录会禁用这些实例上基于元数据的SSH密钥配置。禁用OS登录可以恢复您在项目或实例元数据中配置的SSH密钥。有关启用操作系统登录的更多详细信息，请参阅以下链接。
https://cloud.google.com/ compute / docs / instances / managing-instance-access＃enable_oslogin

I can't access my google cloud compute engine instance using ssh through browser or gcloud. My user account has the required compute.instances.osLogin permission (in fact it has the Owner role) and I've set enable-oslogin to TRUE.

The error in browser:

You do not have sufficient permissions to SSH into this instance. You need one of compute.instances.setMetadata, compute.projects.setCommonInstanceMetadata or compute.instances.osLogin (with OsLogin enabled) and iam.serviceAccounts.actAs.

The error in gcloud:

ERROR: (gcloud.compute.ssh) User [my-email@gmail.com] does not have permission to access user [my-email@gmail.com:importSshPublicKey] (or it may not exist): The caller does not have permission

I even have the problem with new created instances too.

解决方案

Apparently setting enable-oslogin to TRUE it prevents SSH login using ssh keys and we can only use service accounts to access the instance.

I deleted the enable-oslogin meta project-wide and instance-specific both and logging in was fixed in both browser and terminal.

EDIT: GCP support answer:

I am happy that your able to SSH to your instance after disabling the OS log in. However, you want to know what may have caused this error.

Technically, OS Login feature allows you to manage instance access using IAM roles. However, enabling OS Login on instances disables metadata-based SSH key configurations on those instances. Disabling OS Login restores SSH keys that you have configured in project or instance metadata. For more details about enabling OS log in you may link below. https://cloud.google.com/compute/docs/instances/managing-instance-access#enable_oslogin

这篇关于计算引擎SSH：您没有足够的权限来SSH进入此实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！