Azure Instance Using Basic Authentication
- Query id: dafe30ec-325d-4516-85d1-e8e6776f012c
- Query name: Azure Instance Using Basic Authentication
- Platform: Terraform
- Severity: Medium
- Category: Best Practices
- CWE: 284
- URL: Github
Description¶
Azure Instances should use SSH Key instead of basic authentication
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_virtual_machine" "positive1" {
name = "${var.prefix}-vm"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
network_interface_ids = []
vm_size = "Standard_DS1_v2"
os_profile_linux_config {
disable_password_authentication = false
}
}
Positive test num. 2 - tf file
resource "azurerm_linux_virtual_machine" "positive1" {
name = "${var.prefix}-vm"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
network_interface_ids = []
vm_size = "Standard_DS1_v2"
disable_password_authentication = false
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_linux_virtual_machine" "negative1" {
name = "${var.prefix}-vm"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
network_interface_ids = [azurerm_network_interface.main.id]
vm_size = "Standard_DS1_v2"
admin_ssh_key {
username = "adminuser"
public_key = file("~/.ssh/id_rsa.pub")
}
}
Negative test num. 2 - tf file
resource "azurerm_virtual_machine" "negative1" {
name = "${var.prefix}-vm"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
network_interface_ids = [azurerm_network_interface.main.id]
vm_size = "Standard_DS1_v2"
os_profile_linux_config {
disable_password_authentication = true
}
admin_ssh_key {
username = "adminuser"
public_key = file("~/.ssh/id_rsa.pub")
}
}