HIGH
Source
Trivy
ID
AVD-AZU-0039

Password authentication should be disabled on Azure virtual machines

Access to virtual machines should be authenticated using SSH keys. Removing the option of password authentication enforces more secure methods while removing the risks inherent with passwords.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Use ssh authentication for virtual machines

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
resource "azurerm_linux_virtual_machine" "good_linux_example" {
  name                = "good-linux-machine"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  size                = "Standard_F2"
  admin_username      = "adminuser"
  admin_password      = "somePassword"

  admin_ssh_key {
    username   = "adminuser"
    public_key = file("~/.ssh/id_rsa.pub")
  }
}

resource "azurerm_virtual_machine" "good_example" {
  name                = "good-linux-machine"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  size                = "Standard_F2"
  admin_username      = "adminuser"


  os_profile_linux_config {
    ssh_keys = [{
      key_data = file("~/.ssh/id_rsa.pub")
      path     = "~/.ssh/id_rsa.pub"
    }]

    disable_password_authentication = true
  }
}