Hi Trevor,
Google has handled it for you in a medium-complicated and non-obvious way, but when it works, it's auto-magic. When it doesn't work, it's a bear to troubleshoot because like 8 different systems are involved.
Each Google-provided image runs a daemon that polls the cloud metadata and if you enable "Compute OS Login", then at login time, that daemon provisions local accounts on that instance based on the IAM settings of your cloud project. And also somehow handles auth based on your google account credentials with short-lived keys.
If you don't use "Compute OS Login", then it can do something very similar but different with SSH keys which propagate through that same cloud metadata service and get stored in key-value pairs in cloud metadata.
But I'm only talking about SSHing in from the outside, you're talking about SSHing from one compute node to another? I imagine they already configured that if MPI workloads are supported. You can start up a cluster and examine the sshd/slurm config.
Regards,
Alex