Compute Engine SSH: You do not have sufficient permissions to SSH into this instance

Question

I can't access my google cloud compute engine instance using ssh through browser or gcloud. My user account has the required compute.instances.osLogin permission (in fact it has the Owner role) and I've set enable-oslogin to TRUE.

The error in browser:

You do not have sufficient permissions to SSH into this instance. You need one of compute.instances.setMetadata, compute.projects.setCommonInstanceMetadata or compute.instances.osLogin (with OsLogin enabled) and iam.serviceAccounts.actAs.

The error in gcloud:

ERROR: (gcloud.compute.ssh) User [[email protected]] does not have permission to access user [[email protected]:importSshPublicKey] (or it may not exist): The caller does not have permission

I even have the problem with new created instances too.

Answer 1

Apparently setting enable-oslogin to TRUE it prevents SSH login using ssh keys and we can only use service accounts to access the instance.

I deleted the enable-oslogin meta project-wide and instance-specific both and logging in was fixed in both browser and terminal.

EDIT: GCP support answer:

I am happy that your able to SSH to your instance after disabling the OS log in. However, you want to know what may have caused this error.

Technically, OS Login feature allows you to manage instance access using IAM roles. However, enabling OS Login on instances disables metadata-based SSH key configurations on those instances. Disabling OS Login restores SSH keys that you have configured in project or instance metadata. For more details about enabling OS log in you may link below. https://cloud.google.com/compute/docs/instances/managing-instance-access#enable_oslogin