Azure-VirtualMachines-Password-Authentication-Disabled

Severity : High

Description: This control ensures that Azure virtual machines are configured to authenticate using SSH keys and not using basic authentication like passwords. Secure shell(SSH) is an encrypted connection protocol that allows secure sign-ins over unsecured connections. SSH is the default connection protocol for Linux VMs hosted in Azure. Although SSH itself provides an encrypted connection, using passwords with SSH still leaves the VM vulnerable to brute-force attacks. We recommend connecting to a VM over SSH using a public-private key pair, also known as SSH keys.

Remediation Steps:

Perform following to use SSH key pair for Virtual machine authentication :

  1. Login to Azure Portal using https://portal.azure.com.

  2. Navigate to Virtual machines.

  3. Click +Create. Then select +Virtual machine.

  4. On the Basics tab, in the Instance details section, choose a Linux based Image.

  5. Under Administrator account, select SSH public key.

  6. Enter a Username for the VM.

  7. For SSH public key source, select Generate new key pair, and then enter a name for the SSH public key in the Key pair name field.

  8. Configure other settings as required, on all the tabs.

  9. On the Review + create tab, review the configuration and click Review + create.

  10. After the validation is successful click Create.

  11. When the Generate new key pair window opens, select Download private key and create resource to download the private key file.

Important:

  • Protect the downloaded key file as it provides access to the virtual machine.

Reference:

Blue Hexagon Proprietary