Ensure that your production Microsoft Azure virtual machines are configured to use SSH keys instead of username/password credentials for SSH authentication. Using SSH keys enhances security by eliminating the risks associated with password-based authentication.
PoC代码[已公开]
id: azure-vm-ssh-auth-type
info:
name: Azure VM SSH Authentication Type Not Using Keys
author: princechaddha
severity: high
description: |
Ensure that your production Microsoft Azure virtual machines are configured to use SSH keys instead of username/password credentials for SSH authentication. Using SSH keys enhances security by eliminating the risks associated with password-based authentication.
impact: |
Using password-based SSH authentication can expose virtual machines to unauthorized access if the passwords are weak or compromised.
remediation: |
Configure all Azure virtual machines to use SSH keys for authentication. Disable password authentication to enhance the security of your virtual machines.
reference:
- https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows
tags: cloud,devops,azure,microsoft,vm,azure-cloud-config
flow: |
code(1);
for (let vmData of iterate(template.vmList)) {
set("ids", vmData);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az vm list --query '[*].id'
extractors:
- type: json
name: vmList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az vm show --ids "$ids" --query 'osProfile.linuxConfiguration.disablePasswordAuthentication'
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'ids + " is configured with password-based SSH authentication, which is insecure"'
# digest: 490a00463044022017e36206b7ec3f96ffd139db9b56bc8df0aaa1e96bbf7f67bd00454f0e0acde60220011594d97fff91043336d82ef7eef4315bddccdb72b371ad12b54a5bcb257841:922c64590222798bb761d5b6d8e72950