Console and Exec not proxied via dashboard

[JohnnyElvis]

When trying to execute "Console" or "Exec" to a VM or container the request is sent towards a node instead of being proxied via lxd-dashboard.

Although this issue is not of technical nature it causes a potential security risk if audited, since "end user" requires connection to LXD API and therefore defeating RBAC if "end user" has malicious intentions and additional know how.

Issue examined in version 3.6. Previous versions were not tested

[matthewalanpenning]

In the current implementation of exec and console you are correct the user's computer will need access to the LXD API endpoints on the LXD host. The external address/port options on the hosts page were added to allow users to use to configure different traffic options for connecting to the LXD API. A user still needs to obtain the websocket secret through the dashboard before a websocket connection can be established to the LXD host, preventing anyone from being able to connect without that secret.

I do prefer proxying the connection through the dashboard, that would make it a lot easier when dealing with routing traffic through firewalls, etc. Now that I am porting the software to Python there are a few modules that will make the option a lot easier for me to implement this. I have it on my list of things to incorporate in this rewrite of the software.