Secure LXD after it was a public lxd server

You describe how to migrate container between hosts on your website: https://stgraber.org/2016/04/12/lxd-2-0-remote-hosts-and-container-migration-612/

I was able to remove the bind (with setting it to empty) but I can’t see a way to remove the password. By the way the password is saved in the bash_history and maybe there should instead be a prompt from lxd to enter the password.

The lxd server is only bound to the core.https_address or are some other ports needed? I had some problems with the pull method and switched to the push method which worked.

Thanks for the great software. :slight_smile:

I think that if your LXD server don’t listen to the network (only to localhost) it’s not a really pressing issue, however if you reset a core.https_address it’s true that old clients could connect again. If you do
lxc config trust list
you should see a list of past authorized clients and then you can remove them with
lxc config trust remove + fingerprint

lxc config unset core.trust_password