Linux VM Without SSH Key
Description
SSH (Secure Shell) provides encrypted communication sessions for Linux VMs in a potentially insecure network. Utilizing SSH keys rather than passwords enhances the security even further. SSH keys are more secure and complex than passwords and are more challenging for attackers to compromise.
This policy checks to ensure that Linux VMs and Linux VM Scale Sets in Azure are configured to use SSH keys for authentication.
Code Example
terraform
resource "azurerm_linux_virtual_machine" "example" {
name = "example-linux-vm"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ admin_ssh_key {
+ username = "adminuser"
+ public_key = file("~/.ssh/id_rsa.pub")
}
}
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = "example-linux-vmss"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ admin_ssh_key {
+ username = "adminuser"
+ public_key = file("~/.ssh/id_rsa.pub")
}
}Remediation
Terraform
Resources:
- azurerm_linux_virtual_machine
- azurerm_linux_virtual_machine_scale_set
Argument:
- admin_ssh_key
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0685 |
| Severity | HIGH |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_178 |