-
Notifications
You must be signed in to change notification settings - Fork 925
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lxc remote add
should refuse --accept-certificate
when provided with a token
#13973
Comments
tomponline
added a commit
to canonical/lxd-ci
that referenced
this issue
Aug 27, 2024
The whole point of using token is to avoid blindly trusting a random server certificate. IMHO, LXD should refuse this combo (canonical/lxd#13973).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Remote add tokens were designed to allow securely onboarding clients while avoiding the risk of MITM. Since the token consumed by the client embeds the fingerprint of the expected server certificate, there is really no reason to use
--accept-certificate
.Accepting both a token and
--accept-certificate
is confusing and might imply (I didn't check the code) that LXD doesn't do the fingerprint verification. LXD should error out to clearly communicate that this combination is insecure and unneeded.The text was updated successfully, but these errors were encountered: