Jan-Lukas Else

Thoughts of an IT expert

Tailscale SSH

Published on in 👨‍💻 Dev
Short link: https://b.jlel.se/s/5fc
⚠️ This entry is already over one year old. It may no longer be up to date. Opinions may have changed.

I finally got around to using Tailscale SSH. I’ve been using Tailscale for over a year to access my servers via SSH (my VPS is even available via Tailscale only), but I haven’t used the new Tailscale SSH feature yet.

But actually, that was a bit silly of me. After all, this new feature is just as great as the rest of Tailscale.

The SSH feature now allows you to not have to worry about SSH keys anymore. I was even able to delete the SSH keys from my machines because now Tailscale does the authentication.

All I had to do was to add a --ssh to the tailscale up command and to adjust the ACLs so that the connection also works from my mobile and to my VPS, which has a (Tailscale) tag:

{
  "ssh": [
    {
      "action": "accept",
      "src":    ["autogroup:members"],
      "dst":    ["autogroup:self", "tag:public"],
      "users":  ["autogroup:nonroot", "root"],
    },
  ],
}

What I have adjusted here is the action which I changed from check to accept and I added tag:public to dst.

Good job, Tailscale team! 👍

Tags:

Jan-Lukas Else
Interactions & Comments