Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in Trend Vision One™ Cloud Risk Management. For details, please refer to Upgrade to Trend Vision One
Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Check for Appropriate Admin SSH Public Key Management

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the admin SSH public key is not missing and is properly configured when SSH access is enabled for your Azure Machine Learning compute instances. Proper configuration of the admin SSH public key is crucial to prevent fallback to less secure password-based authentication methods.

Security

Ensuring proper admin SSH public key configuration is vital because it enforces stronger, key-based authentication, reducing the risk of falling back to less secure password authentication. This mitigates security vulnerabilities associated with relying on weaker access mechanisms for your Azure Machine Learning compute instances.

Audit

To determine if admin SSH public key is properly configured when SSH access is enabled for your Azure Machine Learning compute instances, perform the following operations:

Checking for appropriate admin SSH public key management using the Azure Command Line Interface (Azure CLI) is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Machine Learning workspace for Value, then choose Apply to list the Azure Machine Learning workspaces available in the selected subscription.

05 Click on the name (link) of the Machine Learning workspace that you want to examine.

06 In the resource navigation panel, select Overview, and choose Launch studio to open the Azure Machine Learning Studio.

07 In the left navigation panel, under Manage, choose Compute, and select the Compute instances tab to list the compute instances provisioned for the selected Azure Machine Learning workspace.

08 Click on the name (link) of the compute instance that you want to examine.

09 Select the Details tab and check the SSH access attribute value to determine the status of the SSH Access feature. If the SSH access attribute is set to Enabled, SSH Access is enabled for the selected Machine Learning compute instance and you can continue the Audit process with the next step.

10 In the SSH key section, check for the RSA public key in PEM format (i.e., the key starting with "ssh-rsa"), configured for the selected instance. If there is no RSA public key listed in the SSH key section, instead the following message is displayed: You don't have any SSH Keys, add one?, the admin SSH public key is missing from the selected Azure Machine Learning compute instance. As a result, the SSH access configuration for the selected compute instance is not compliant.

Remediation / Resolution

Missing SSH public key can lead to insecure access methods. To ensure that admin SSH public key is properly configured when SSH access is enabled for your Azure Machine Learning compute instances, perform the following operations:

Setting the admin SSH public key for Machine Learning compute instances using the Azure Command Line Interface (Azure CLI) is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Machine Learning workspace for Value, then choose Apply to list the Azure Machine Learning workspaces available in the selected subscription.

05 Click on the name (link) of the Machine Learning workspace that you want to access.

06 In the resource navigation panel, select Overview, and choose Launch studio to open the Azure Machine Learning Studio.

07 In the left navigation panel, under Manage, choose Compute, and select the Compute instances tab.

08 Click on the name (link) of the compute instance that you want to configure.

09 Select the Details tab and ensure that SSH access is set to Enabled in the Resource properties section.

10 Click on the Edit button (pencil icon) available in the SSH key section to update the SSH key configuration. For SSH public key source, select Use existing public key stored in Azure or Use existing public key to use an existing RSA public key or Generate new key pair to generate a new SSH key pair for your compute instance. Choose Save to apply the changes.

11 For the new SSH key to take effect, you must restart your compute instance. Choose Restart from the page top menu and select Restart for confirmation.

References

Publication date Oct 13, 2025

Related MachineLearning rules