Publicly accessible Azure VM has privileged role and password-based SSH authentication

azure.compute
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

A publicly accessible compute instance with a privileged service principal has password-based SSH authentication. The usage of password-based SSH authentication increases the risk of brute-forcing username and passwords to gain access to the resource.

Remediation

  1. Identify the service principal attached to this instance.
  2. Remove unnecessary privileges from the service principal. Consider using a role based on job function rather than a privileged role.
  3. Review Create and manage SSH keys for authentication to a Linux VM in Azure for steps on creating and enablement of SSH keys for authentication to compute instances. To transition from Username and Password authentication to SSH, you must deprovision the current VM and create an image of it with SSH as the authentication method. There is no way to transition directly.