Azure Linux scale set does not use an SSH key
Description
The default option for a Linux scale set uses basic authentication as an access credential for the secure shell network protocol. Using SSH keys instead of common credentials (i.e. username and password) represents the best way to secure your Linux scale sets against malicious activities such as brute-force attacks, by providing a level of authorization that can only be fulfilled by privileged users who have ownership to the private key associated with the public key created on these sets. An attacker may be able to get access to the linux scale set's public key, but without the associated private key, he/she will be unable to gain shell access to the server.
Code Example
go
resource "azurerm_linux_virtual_machine_scale_set" "example" {
...
~ disable_password_authentication = true
}Remediation
Terraform
- Resource: azurerm_linux_virtual_machine_scale_set
- Attribute: disable_password_authentication
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0559 |
| Severity | HIGH |
| IaC Type | arm |
| Frameworks | ARM, Terraform, Bicep, TerraformPlan |
| Checkov ID | CKV_AZURE_49 |