I understand the gcp provide a functionality where adding a ssh public key in instance meta will allow user to ssh into the machine with publickey authentication.
But, I am interested to know how gcp does that?
Does GCP intercept by ssh request before it reaches the machine and add the relevant authorized_keys into my machine? Or Does SSH provide some functionality which is used by GCP to achieve such capability?
Google Cloud runs software (guest agent) during a VM startup that copies SSH keys from the Metadata service to the VM. This includes creating home directories and setting up authorized_keys.
On Linux: If OS Login is not used, the guest agent will be responsible for provisioning and deprovisioning user accounts. The agent creates local user accounts and maintains the authorized SSH keys file for each. User account creation is based on adding and remove SSH Keys stored in metadata.
This software is called the Guest Environment.
The source code is published on GitHub.