Method: projects.locations.signSshPublicKey

Signs an SSH public key for a user to authenticate to a virtual machine on Google Compute Engine.

HTTP request

POST https://oslogin.googleapis.com/v1beta/{parent=projects/*/locations/*}:signSshPublicKey

The URL usesgRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`parent`	`string` Required. The parent for the signing request. Format: projects/{project}/locations/{location}

parent

string

Required. The parent for the signing request. Format: projects/{project}/locations/{location}

Request body

The request body contains data with the following structure:

JSON representation

JSON representation
{"sshPublicKey":string,"serviceAccount":string,// Union field`resource` can be only one of the following:"computeInstance":string,"appEngineInstance":string// End of list of possible types for union field`resource`.}

{"sshPublicKey":string,"serviceAccount":string,// Union fieldresource can be only one of the following:"computeInstance":string,"appEngineInstance":string// End of list of possible types for union fieldresource.}

Fields
`sshPublicKey`	`string` Required. The SSH public key to sign.
`serviceAccount`	`string` Optional. The service account for the instance. If the instance in question does not have a service account, this field should be left empty. If the wrong service account is provided, this operation will return a signed certificate that will not be accepted by the VM.
Union field`resource`. Required. The resource to sign the SSH public key for. Signed SSH public keys are scoped to a specific resource; attempting to use them to sign into another resource will fail. During rollout of the new regionalized SignSshPublicKey API, this field will be required for all requests, but the VM will not initially carry out the verification of this resource unless it updates to a package that supports this feature.`resource` can be only one of the following:
`computeInstance`	`string` The Compute instance to sign the SSH public key for. Expected format: projects/{project}/zones/{zone}/instances/{numericInstanceId}
`appEngineInstance`	`string` The App Engine instance to sign the SSH public key for. Expected format: apps/{app}/services/{service}/versions/{version}/instances/{instance}

Response body

The response message for signing an SSH public key.

If successful, the response body contains data with the following structure:

JSON representation
{"signedSshPublicKey":string}

Fields

Fields
`signedSshPublicKey`	`string` The signed SSH public key to use in the SSH handshake.

signedSshPublicKey

string

The signed SSH public key to use in the SSH handshake.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see theAuthentication Overview.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-07-28 UTC.

Movatterモバイル変換