Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lxc remote add should refuse --accept-certificate when provided with a token #13973

Open
simondeziel opened this issue Aug 23, 2024 · 0 comments
Open

lxc remote add should refuse --accept-certificate when provided with a token #13973

simondeziel opened this issue Aug 23, 2024 · 0 comments

Comments

@simondeziel
Copy link
Member

Remote add tokens were designed to allow securely onboarding clients while avoiding the risk of MITM. Since the token consumed by the client embeds the fingerprint of the expected server certificate, there is really no reason to use --accept-certificate.

Accepting both a token and --accept-certificate is confusing and might imply (I didn't check the code) that LXD doesn't do the fingerprint verification. LXD should error out to clearly communicate that this combination is insecure and unneeded.
@simondeziel simondeziel mentioned this issue Aug 23, 2024
Merged
tomponline added a commit to canonical/lxd-ci that referenced this issue Aug 27, 2024
@tomponline
Don't use --accept-certificate when consuming token (#277)
1b7f4fb 
The whole point of using token is to avoid blindly trusting a random
server certificate. IMHO, LXD should refuse this combo
(canonical/lxd#13973).
@simondeziel simondeziel mentioned this issue Aug 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simondeziel