Release v0.7.3 — enforce SSH session-recording policy (close bypass) · GeiserX/tailscale-rs

Fixed (security)

SSH session-recording policy is now enforced — a silent bypass is closed. The SSH server (ssh feature) parsed an SSHAction's recorders / on_recording_failure / hold_and_delegate off the wire but dropped them in the domain conversion, so a control policy demanding "record this session or refuse it" was silently downgraded to a plain accept. Those fields are now carried into the domain action and the server applies a fail-closed gate: when a matched rule requires recording (non-empty recorders) but no recorder transport is available, the session is refused (with the policy's reject_session_with_message if set). This matches Go tailssh's posture when reject-on-failure is configured. A hold_and_delegate (check-mode) rule is likewise not silently accepted. The common no-recording path is unchanged.

Deferred follow-ups: the recorder transport (dial recorders + asciinema/CastV2 PTY stream — after which the interim fail-closed relaxes to Go's fail-open-unless-reject-on-failure default), and the hold_and_delegate delegate round-trip.

This project is not associated with Tailscale Inc.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.7.3 — enforce SSH session-recording policy (close bypass)

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Fixed (security)

Uh oh!