Enabling osLogin ensures that SSH keys used to connect to instances are mapped with IAM users. Revoking access to IAM user will revoke all the SSH keys associated with that particular user. It facilitates centralized and automated SSH key pair management which is useful in handling cases like response to compromised SSH key pairs and/or revocation of external/third-party/Vendor users.
Recommended Mitigation
Add enable-oslogin:TRUE to Compute metadata. Ensure that no instance has custom metadata with key enable-oslogin and value FALSE.
Authentication
