What is the issue?
If a key is compromised, the device can remove the keys on the device, re-install Tailscale, and re-authenticate to generate and distribute new node and SSH host keys.
If a key is compromised, the USER can remove the keys on the device, re-install Tailscale, and re-authenticate to generate and distribute new node and SSH host keys.
access control policies determine which devices, and which users, are authorized for an SSH connection.
*Access* control policies determine which devices** and ** users** are authorized for ** SSH CONNECTIONS.
as the SSH access rules in the default access control policy allows all traffic.
as the SSH access rules in the default access control policy allow all traffic.
On the host being connected to, you need to advertise that Tailscale is managing SSH connections which originate from the Tailscale network to this host. To do so, run:
tailscale set --ssh
Running tailscale set --ssh will cause any existing SSH connections you have to the host's Tailscale IP to hang.
This does not work on my Mac.
Is this because I installed through the Mac App Store?
If so, can Tailscale warn me of what capabilities are missing or provide a feature matrix?
Can you install dummy tailscale and other commands which explain why these capabilities are not functional with the MAS install?
Is there a way to perform this action with the MAS version?
Once the access control policy is saved, clients respond to the new rules within seconds. This will terminate existing SSH connections the user has established.
Running tailscale set --ssh will cause any existing SSH connections you have to the host's Tailscale IP to hang.
Does updating the ACP disrupt all ssh connections, or only those for users whose policies have been changed?
What if a node's policy is changed?
Does "tailscale set --ssh" disable the existing sshd and activate Tailscale sshd on the same port 22?
You can use the MagicDNS hostname to further shorten or simplify the device used in this command.
You can use the MagicDNS hostname to further shorten or simplify the name used in this command.
You can use the MagicDNS hostname to further shorten or simplify the device name used in this command.
Your SSH config (/etc/ssh/sshd_config) and keys (~/.ssh/authorized_keys) file will not be modified,
Your SSH config (/etc/ssh/sshd_config) and keys (~/.ssh/authorized_keys) files will not be modified,
Steps to reproduce
No response
Are there any recent changes that introduced the issue?
No response
OS
No response
OS version
No response
Tailscale version
No response
Other software
No response
Bug report
No response
What is the issue?
This does not work on my Mac.
Is this because I installed through the Mac App Store?
If so, can Tailscale warn me of what capabilities are missing or provide a feature matrix?
Can you install dummy tailscale and other commands which explain why these capabilities are not functional with the MAS install?
Is there a way to perform this action with the MAS version?
Does updating the ACP disrupt all ssh connections, or only those for users whose policies have been changed?
What if a node's policy is changed?
Does "tailscale set --ssh" disable the existing sshd and activate Tailscale sshd on the same port 22?
Steps to reproduce
No response
Are there any recent changes that introduced the issue?
No response
OS
No response
OS version
No response
Tailscale version
No response
Other software
No response
Bug report
No response