Terraform Unrestricted Ssh Access
Description
Detects unrestricted SSH access (port 22) in Azure Network Security Groups and security rules defined in Terraform configurations. Allowing SSH access from any IP address (0.0.0.0/0) exposes systems to potential unauthorized access and brute force attacks.
Detection Strategy
• Identifies Azure NSG resources ('azurerm_network_security_group') and security rules ('azurerm_network_security_rule') in Terraform code
• Checks if any security rule allows inbound traffic on port 22 (SSH)
• Verifies if the source address prefix is set to '*', '0.0.0.0/0', 'Internet', or 'any'
• Reports a vulnerability if SSH port is open to unrestricted source IP addresses
Vulnerable code example
# Azure NSG rule allowing SSH access from any source
resource "azurerm_network_security_rule" "vulnerable_rule" {
name = "Allow_SSH_From_Anywhere"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"...✅ Secure code example
resource "azurerm_network_security_rule" "secure_rule" {
name = "Allow_SSH_From_Trusted_IPs"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.