SSH is currently enabled by default for AKS provisioned nodes, and it’s essential to manually disable it if desired. This public preview feature grants you the flexibility to toggle SSH on or off, providing you with greater control over cluster security and reducing potential attack vectors.
To disable SSH for your AKS cluster, you can use the following command:
az aks update --name myAKSCluster --resource-group MyResourceGroup --no-ssh-key
Keep in mind that after updating the SSH key, AKS does not automatically apply the changes to your node pool. You have the option to initiate a node pool update operation at your convenience. It’s worth noting that the updated SSH key will only take effect after a node image update has been successfully completed. This ensures a seamless transition to the new SSH configuration.