Ensure that your production Microsoft Azure virtual machines are configured to use SSH keys instead of username/password credentials for SSH authentication.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Using SSH keys instead of common credentials (i.e. username and password) represents the best way to secure your Linux virtual machines against malicious activities such as brute-force attacks, by providing a level of authorization that can only be fulfilled by privileged users who have ownership to the private key associated with the public key created on these virtual machines. An attacker may be able to get access to the virtual machine’s public key, but without the associated private key, he/she will be unable to gain shell access to the server.
To determine if your Azure Linux virtual machines are configured to use SSH keys, perform the following actions:Note: Getting Azure virtual machine's SSH authentication type using Microsoft Azure Management Console is not currently supported.
Remediation / Resolution
To reconfigure your password-based Microsoft Azure Linux virtual machines to use keys for SSH authentication, you have to re-create the virtual machines. To redeploy the appropriate virtual machines (VMs) with the right SSH configuration, perform the following actions:Note: Enabling SSH key-based authentication for Linux virtual machines using Microsoft Azure Management Console is not currently supported.
- Azure Official Documentation
- How to use SSH keys with Windows on Azure
- Detailed steps: Create and manage SSH keys for authentication to a Linux VM in Azure
- Tutorial: Create a custom image of an Azure VM with the Azure CLI
- How to create a managed image of a virtual machine or VHD
- Understanding and using the Azure Linux Agent
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for SSH Authentication Type
Risk level: High