ssh-authentication
Explanation
Access to instances should be authenticated using SSH keys. Removing the option of password authentication enforces more secure methods while removing the risks inherent with passwords.
Possible Impact
Passwords are potentially easier to compromise than SSH Keys
Suggested Resolution
Use SSH keys for authentication
Insecure Example
The following example will fail the azure-compute-ssh-authentication check.
resource "azurerm_virtual_machine" "bad_example" {
os_profile_linux_config {
disable_password_authentication = false
}
}
Secure Example
The following example will pass the azure-compute-ssh-authentication check.
resource "azurerm_virtual_machine" "good_example" {
os_profile_linux_config {
disable_password_authentication = true
}
}