Unrestricted SSH Access Should Not Be Allowed

More Info:

No security group should allow unrestricted inbound access to TCP port 22 (SSH).

Risk Level

Medium

Address

Security

Compliance Standards

HIPAA, PCIDSS, NIST, SOC2, CISAWS, CBP, HITRUST, AWSWAF, GDPR, NISTCSF, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate unrestricted SSH access in AWS using AWS CLI, follow these steps:

Open the AWS CLI on your local machine.
Run the following command to list all the security groups in your AWS account:

aws ec2 describe-security-groups

Identify the security group that allows unrestricted SSH access. You can look for a security group that has a rule allowing SSH traffic from 0.0.0.0/0 (any IP address) or ::/0 (any IPv6 address).
Once you have identified the security group, note down its Group ID.
Run the following command to revoke the SSH access rule from the security group:

aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr 0.0.0.0/0

Replace <security-group-id> with the Group ID of the security group that allows unrestricted SSH access.

Verify that the SSH access rule has been revoked by running the following command:

aws ec2 describe-security-groups --group-ids <security-group-id>

Replace <security-group-id> with the Group ID of the security group that allows unrestricted SSH access.

Repeat the above steps for all the security groups in your AWS account to ensure that SSH access is not allowed from any unauthorized IP addresses.

Using Python

To remediate the unrestricted SSH access issue in AWS using Python, follow these steps:

Import the necessary AWS SDKs and libraries in your Python script. You will need to import the boto3 library to interact with AWS services.

import boto3

Create a client session for EC2 using boto3.client().

ec2 = boto3.client('ec2')

Use the describe_security_groups() method to retrieve all the security groups in your AWS account.

security_groups = ec2.describe_security_groups()

Loop through each security group and check if it has any inbound rules allowing SSH access from any IP address (0.0.0.0/0).

for sg in security_groups['SecurityGroups']:
    for rule in sg['IpPermissions']:
        if rule['IpProtocol'] == 'tcp' and rule['FromPort'] <= 22 and rule['ToPort'] >= 22:
            for ip_range in rule['IpRanges']:
                if ip_range['CidrIp'] == '0.0.0.0/0':
                    print(f"Security group {sg['GroupId']} allows unrestricted SSH access.")

If any security group is found to have unrestricted SSH access, use the revoke_security_group_ingress() method to remove the rule allowing SSH access from any IP address.

ec2.revoke_security_group_ingress(
    GroupId=sg['GroupId'],
    IpPermissions=[
        {
            'IpProtocol': 'tcp',
            'FromPort': 22,
            'ToPort': 22,
            'IpRanges': [
                {
                    'CidrIp': '0.0.0.0/0'
                }
            ]
        }
    ]
)

Run the Python script to remediate the unrestricted SSH access issue in your AWS account.

Note: Make sure to run the script with appropriate AWS credentials and permissions.

Additional Reading:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Unrestricted SSH Access Should Not Be Allowed

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: