Question - Unable to use gcloud command for SSH without compute.instances.getGuestAttributes permission
ranjitk-burwood opened this issue · 1 comments
When I attempt to SSH into a VM instance that has IAP and OS Login enabled I can do so through a browser based SSH session but if I attempt to do so with a gcloud command I come across an error about needing permissions for compute.instances.getGuestAttributes. If I grant myself that permission on a custom role I am able to get in by the same gcloud command. I currently only have roles for Service Account User, Compute OS Login, and IAP-secured Tunnel User.
I am just looking for an explanation/clarification on the mechanism behind the need for this additional permission. What is the difference between SSH in the browser vs. a gcloud command?
I seem to have resolved this, but unsure of the exact cause. At the project level I had some metadata set for enable-oslogin = TRUE and enable-osconfig = TRUE. I removed these and only set enable-oslogin = TRUE at the VM level. I was able to get into the VM with a gcloud compute ssh command.
I did re-add those project level metadata values and can't seem to replicate the previous error but that seems to have fixed SSH access with a gcloud command.