GCP Compute.instances.setMetadata
Sets or updates instance-level metadata on a Compute Engine VM, which can include SSH keys or startup scripts.
T1098.004: SSH Authorized Keys
T1098.004: SSH Authorized Keys
Adversaries may modify the SSH <code>authorized_keys</code> file to maintain persistence on a victim host. Linux distributions, macOS, and ESXi hypervisors commonly use key-based authentication to secure the authentication process of SSH sessions for remote management.
View on MITRE ATT&CK →GCP compute.projects.setCommonInstanceMetadata
Sets project-wide Compute Engine metadata, applied to all instances and commonly used to manage SSH keys.
AWS CreateKeyPair
Creates an EC2 key pair and returns the private key material, used for SSH authentication to EC2 instances.
AWS ImportKeyPair
Imports an existing RSA or ED25519 public key into EC2 for use as a key pair when launching instances.
Azure Microsoft.Compute/sshPublicKeys/write
Creates or updates an SSH public key resource in Azure, used to authenticate to Linux virtual machines.
AWS SendSerialConsoleSSHPublicKey
Pushes an SSH public key to an EC2 instance's serial console interface, enabling SSH access over the serial port.
AWS SendSSHPublicKey
Pushes a temporary SSH public key to an EC2 instance via EC2 Instance Connect, valid for 60 seconds.
GCP users.importSshPublicKey
Imports an SSH public key into a user's GCP OS Login profile, enabling SSH access to Compute Engine instances.
GCP users.sshPublicKeys.patch
Updates an existing SSH public key in a user's GCP OS Login profile.