Azure audit compute vms without ssh authentication remediation

Using Console

Using CLI

To remediate the misconfiguration “Virtual Machines Should Only Allow SSH Based Authentication” for AZURE using AZURE CLI, please follow the below steps:

Open Azure CLI on your local machine or use the Azure Cloud Shell.
Run the following command to list all the virtual machines in your subscription:
```
az vm list --query "[].{Name:name, ResourceGroup:resourceGroup}"
```
Identify the virtual machine that you want to remediate and note down its name and resource group.
Run the following command to update the network security group of the virtual machine to allow only SSH-based authentication:
```
az vm update --name <vm-name> --resource-group <resource-group-name> --set "networkProfile.networkInterfaces[0].ipConfigurations[0].loadBalancerBackendAddressPools=[]" --no-wait
```
Replace <vm-name> with the name of your virtual machine and <resource-group-name> with the name of the resource group it belongs to.
This command will remove any load balancer backend address pools from the virtual machine’s network interface, which will restrict access to only SSH-based authentication. Note: This command will not affect any other network security groups that the virtual machine may be associated with.
Verify that the remediation is successful by checking the network security group of the virtual machine using the following command:
```
az vm show -d --name <vm-name> --resource-group <resource-group-name> --query "networkProfile.networkInterfaces[0].ipConfigurations[0].loadBalancerBackendAddressPools"
```
This command should return an empty array, indicating that there are no load balancer backend address pools associated with the virtual machine’s network interface. Congratulations, you have successfully remediated the misconfiguration “Virtual Machines Should Only Allow SSH Based Authentication” for AZURE using AZURE CLI.

Using Python

To remediate the misconfiguration “Virtual Machines Should Only Allow SSH Based Authentication” in Azure using Python, you can use the Azure Python SDK to update the Network Security Group (NSG) rules for the virtual machine. Here are the steps to follow:

Install the Azure Python SDK using pip:

pip install azure-mgmt-compute

Authenticate to your Azure account using the Azure CLI or by setting environment variables for your Azure credentials.
Get the NSG associated with the virtual machine:

from azure.mgmt.network import NetworkManagementClient
from azure.identity import AzureCliCredential

credential = AzureCliCredential()
network_client = NetworkManagementClient(credential, subscription_id)
nsg_name = "my-nsg"
nsg = network_client.network_security_groups.get(resource_group_name, nsg_name)

Update the NSG rules to only allow SSH traffic:

from azure.mgmt.network.v2021_02_01.models import SecurityRuleProtocol, SecurityRuleAccess, SecurityRuleDirection, SecurityRule

nsg.rules = [
    SecurityRule(
        name="SSH",
        protocol=SecurityRuleProtocol.tcp,
        source_address_prefix="*",
        destination_address_prefix="*",
        access=SecurityRuleAccess.allow,
        direction=SecurityRuleDirection.inbound,
        priority=100,
        source_port_range="*",
        destination_port_range="22"
    )
]
nsg = network_client.network_security_groups.create_or_update(resource_group_name, nsg_name, nsg)

This code creates a new NSG rule that only allows inbound TCP traffic on port 22 (SSH) and deletes all other rules. The updated NSG is then created or updated in Azure.Note that this code assumes that the virtual machine is already configured to use SSH-based authentication. If not, you will need to configure SSH-based authentication on the virtual machine before updating the NSG rules.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Azure audit compute vms without ssh authentication remediation

Triage and Remediation

Remediation