Ensure password authentication is disabled for Azure Linux Virtual Machine

MEDIUM

Description

Azure Linux Virtual Machine uses passwords instead of SSH for authentication, this method is more vulnerable to brute force and word list attacks.

Remediation

Once a Virtual Machine Scale Set is created in the console, the authentication mode cannot be changed. To create a resource with the correct settings, follow the steps below.

In Azure Console -

  1. Open the Azure Portal and go to Virtual Machine Scale Sets.
  2. Create a new Virtual Machine Scale Set.
  3. Under Basics, for the Administrator account Authentication type, choose SSH public key and setup the appropriate key pair.
  4. Configure as needed.

In Terraform -

  1. In the azurerm_linux_virtual_machine_scale_set resource, set disable_password_authentication to true.

References:
https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set#disable_password_authentication

Policy Details

Rule Reference ID: AC_AZURE_0288
CSP: Azure
Remediation Available: Yes
Resource Category: Compute
Resource Type: Virtual Machine

Frameworks