OS Login should be enabled at project level
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | |
| Vulnerability Type | omission |
Description#
OS Login is not enabled at the project level in Google Compute, meaning SSH access is managed through static SSH keys rather than being tied to IAM identities. This configuration prevents automatic revocation of SSH keys when IAM user access is removed.
Impact#
If exploited, former IAM users may retain unauthorized SSH access to compute instances even after their permissions are revoked, increasing the risk of unauthorized system access and potential data breaches.
Resolution#
Enable OS Login at project level