How to prevent public key login when using AADSSHLoginForLinux

Dino 0 Reputation points
2023-03-11T13:43:44.0966667+00:00

We have a Linux VM set up with the Microsoft.Azure.ActiveDirectory.AADSSHLoginForLinux extension, so users log in via Azure AD. But now a user can just use ssh-copy-id to copy their public SSH key into the VM and use that to log in. Even when AD permissions are removed for the user, the key stays on the machine and they can log in using their public key. Is there any way to prevent this? Or maybe is there a way to remove the users home directory after login permissions have been revoked?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,077 questions
{count} votes

1 answer

Sort by: Most helpful
  1. vipullag-MSFT 23,936 Reputation points Microsoft Employee
    2023-03-14T04:57:25.7566667+00:00

    Hello Dino

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    The Microsoft.Azure.ActiveDirectory.AADSSHLoginForLinux extension is designed to allow users to log in to Linux VMs using their Azure AD credentials, but it does not restrict users from adding their public SSH keys to the authorized_keys file on the VM.

    To prevent public key login, disable SSH password authentication on the Linux VM.

    You can edit the '/etc / ssh / sshd_config" file and set PasswordAuthentication no

    Once this file is modified then try to save the file. Restart the SSH service sudo systemctl restart ssh

    To remove a user's home directory after login permissions have been revoked, you can delete the user's account from the Azure Active Directory.

    Hope this helps.

    If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

    0 comments No comments