Disable Password Authentication

Password authentication should be disabled on Azure virtual machines

Access to virtual machines should be authenticated using SSH keys. Removing the option of password authentication enforces more secure methods while removing the risks inherent with passwords.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Use ssh authentication for virtual machines

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32


 resource "azurerm_linux_virtual_machine" "good_linux_example" {
   name                            = "good-linux-machine"
   resource_group_name             = azurerm_resource_group.example.name
   location                        = azurerm_resource_group.example.location
   size                            = "Standard_F2"
   admin_username                  = "adminuser"
   admin_password                  = "somePassword"
   
   admin_ssh_key {
     username   = "adminuser"
     public_key = file("~/.ssh/id_rsa.pub")
   }
 }
 
 resource "azurerm_virtual_machine" "good_example" {
 	name                            = "good-linux-machine"
 	resource_group_name             = azurerm_resource_group.example.name
 	location                        = azurerm_resource_group.example.location
 	size                            = "Standard_F2"
 	admin_username                  = "adminuser"
 
 	
 	os_profile_linux_config {
 		ssh_keys = [{
 			key_data = file("~/.ssh/id_rsa.pub")
 			path = "~/.ssh/id_rsa.pub"
 		}]
 
 		disable_password_authentication = true
 	}
 }
 

Password authentication should be disabled on Azure virtual machines

Impact

Recommended Actions

Remediation Links