Publicly accessible Azure VM uses password-based SSH authentication

Description

A publicly accessible compute instance has password-based SSH authentication. The usage of password-based SSH authentication increases the risk of brute-forcing username and passwords to gain access to the resource.

Remediation

  1. Review Create and manage SSH keys for authentication to a Linux VM in Azure for steps on creating and enabling SSH keys for authentication to compute instances. To transition from Username and Password authentication to SSH, you must deprovision the current VM and create an image of it with SSH as the authentication method. There is no way to transition directly.