diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin
index 9830d34951..abf9899b67 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin
@@ -27,3 +27,4 @@ ln -f -s '/usr/share/google-oslogin/pam_sshd' '/etc/pam.d/sshd'
 ln -f -s '/usr/share/google-oslogin/nsswitch.conf' '/etc/nsswitch.conf'
 ln -f -s '/usr/share/google-oslogin/sshd_config' '/etc/ssh/sshd_config'
 ln -f -s '/usr/share/google-oslogin/oslogin-sudoers' '/etc/sudoers.d/oslogin-sudoers'
+ln -f -s '/usr/share/google-oslogin/group.conf' '/etc/security/group.conf'
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest
index cd11d66d4f..f1bedb2e82 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest
@@ -1 +1 @@
-DIST 20180611.tar.gz 143678 SHA256 f71bdc6d01cff014bb4d066096be9a6e067fd3028c730cc4c9557001ec99ab6e SHA512 9e94cdda66f9b45dbb0ade25ce2dabbcc38c96b7c6f94a09bfef80f1611e7fe0233578ccc55f76530dca16f4ee261a22c05ae12b76ce527734be50b856caca3e WHIRLPOOL f37f980686924003570567e77ec1b740a7ce538a03917d01757f2599a595c17f8babd32184ca26b6075df14de1e5da2876f5eb3111141d442c1571e043350b8d
+DIST 20200910.00.tar.gz 42599 BLAKE2B 6c2917f03277834e54050e5bf94943dc311c70e3150247b91cee5835b09fb197686788373ab8cdff4f3f8e4baa85dd515bcb22a99530475bd7c3991d1d272ece SHA512 575813becdd7046b9c5813f33aad440737df6d0fa1d9345f8f4340fda4bc348b27860231ed163196cf06609fd3311fe2bbf45486c260c45a0a38795a95f09834
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch
index fda3244f12..65fae86284 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch
@@ -4,14 +4,14 @@ Date: Fri, 6 Jul 2018 15:54:40 -0700
 Subject: [PATCH] pam_module: use /var/lib/ instead of /var
 
 ---
- google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc | 2 +-
- google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc | 2 +-
+ guest-oslogin/src/pam/pam_oslogin_admin.cc | 2 +-
+ guest-oslogin/src/pam/pam_oslogin_login.cc | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)
 
-diff --git a/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc b/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc
+diff --git a/guest-oslogin/src/pam/pam_oslogin_admin.cc b/guest-oslogin/src/pam/pam_oslogin_admin.cc
 index 04d0808..376916e 100644
---- a/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc
-+++ b/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc
+--- a/guest-oslogin/src/pam/pam_oslogin_admin.cc
++++ b/guest-oslogin/src/pam/pam_oslogin_admin.cc
 @@ -36,7 +36,7 @@ using oslogin_utils::ParseJsonToEmail;
  using oslogin_utils::UrlEncode;
  using oslogin_utils::kMetadataServerUrl;
@@ -21,10 +21,10 @@ index 04d0808..376916e 100644
  
  extern "C" {
  
-diff --git a/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc b/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc
+diff --git a/guest-oslogin/src/pam/pam_oslogin_login.cc b/guest-oslogin/src/pam/pam_oslogin_login.cc
 index 9e708f4..428600b 100644
---- a/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc
-+++ b/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc
+--- a/guest-oslogin/src/pam/pam_oslogin_login.cc
++++ b/guest-oslogin/src/pam/pam_oslogin_login.cc
 @@ -36,7 +36,7 @@ using oslogin_utils::ParseJsonToEmail;
  using oslogin_utils::UrlEncode;
  using oslogin_utils::kMetadataServerUrl;
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/group.conf b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/group.conf
new file mode 100644
index 0000000000..881c111e1d
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/group.conf
@@ -0,0 +1,2 @@
+# Instruct oslogin to add the docker group to user that login via ssh
+sshd;*;*;Al0000-2400;docker
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/nsswitch.conf b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/nsswitch.conf
index 0d67de1121..07af435bc0 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/nsswitch.conf
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/nsswitch.conf
@@ -2,7 +2,7 @@
 # Keep this in sync with nsswitch.conf from coreos/baselayout
 passwd:      files usrfiles sss systemd cache_oslogin oslogin
 shadow:      files usrfiles sss
-group:       files usrfiles sss systemd
+group:       files usrfiles sss systemd cache_oslogin oslogin
 
 hosts:       files usrfiles dns myhostname
 networks:    files usrfiles dns
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/pam_sshd b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/pam_sshd
index 422a58c221..9452354ce5 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/pam_sshd
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/pam_sshd
@@ -1,9 +1,12 @@
+# Needed for oslogin support (needs to be prepended)
+auth       [default=ignore] pam_group.so
+auth       [success=done perm_denied=die default=ignore] pam_oslogin_login.so
+account    [success=ok default=ignore] pam_oslogin_admin.so
+account    [success=ok ignore=ignore default=die] pam_oslogin_login.so
+session    [success=ok default=ignore] pam_mkhomedir.so
+
 # Keep this file in sync with the net-misc/openssh/files/sshd.pam_include.2
 auth       include	system-remote-login
 account    include	system-remote-login
 password   include	system-remote-login
 session	   include	system-remote-login
-# Needed for oslogin support
-account    requisite    pam_oslogin_login.so
-account    optional     pam_oslogin_admin.so
-session    optional     pam_mkhomedir.so
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20180611.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild
similarity index 57%
rename from sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20180611.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild
index 26351f0f7a..101ca35363 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20180611.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild
@@ -4,8 +4,8 @@
 EAPI=6
 
 DESCRIPTION="Components to support Google Cloud OS Login. This contains bits that belong in USR"
-HOMEPAGE="https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_oslogin"
-SRC_URI="https://github.com/GoogleCloudPlatform/compute-image-packages/archive/${PV}.tar.gz"
+HOMEPAGE="https://github.com/GoogleCloudPlatform/guest-oslogin"
+SRC_URI="https://github.com/GoogleCloudPlatform/guest-oslogin/archive/${PV}.tar.gz"
 
 LICENSE="Apache-2.0"
 SLOT="0"
@@ -22,7 +22,7 @@ DEPEND="
 
 RDEPEND="${DEPEND}"
 
-S=${WORKDIR}/compute-image-packages-${PV}/google_compute_engine_oslogin
+S=${WORKDIR}/guest-oslogin-${PV}/
 
 src_prepare() {
 	eapply -p2 "$FILESDIR/0001-pam_module-use-var-lib-instead-of-var.patch"
@@ -30,18 +30,21 @@ src_prepare() {
 }
 
 src_compile() {
-	emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" JSON_INCLUDE_PATH="${ROOT%/}/usr/include/json-c"
+	emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" \
+            VERSION=${PV} \
+            JSON_INCLUDE_PATH="${ROOT%/}/usr/include/json-c"
 }
 
 src_install() {
-	dolib.so libnss_cache_google-compute-engine-oslogin-1.3.0.so
-	dolib.so libnss_google-compute-engine-oslogin-1.3.0.so
+	dolib.so src/libnss_cache_oslogin-${PV}.so
+	dolib.so src/libnss_oslogin-${PV}.so
 
 	exeinto /usr/libexec
-	doexe google_authorized_keys
+	doexe src/google_authorized_keys
+	doexe src/google_oslogin_nss_cache
 
-	dopammod pam_oslogin_admin.so
-	dopammod pam_oslogin_login.so
+	dopammod src/pam_oslogin_admin.so
+	dopammod src/pam_oslogin_login.so
 
 	# config files the base Ignition config will create links to
 	insinto /usr/share/google-oslogin
@@ -49,4 +52,5 @@ src_install() {
 	doins "${FILESDIR}/nsswitch.conf"
 	doins "${FILESDIR}/pam_sshd"
 	doins "${FILESDIR}/oslogin-sudoers"
+	doins "${FILESDIR}/group.conf"
 }