SSH over Tailscale #3802
Labels
enhancement
New feature or request
L4 Most users
Likelihood
P1 Nuisance
Priority level
T0 New feature
Issue type
Comments
bradfitz
added a commit
that referenced
this issue
Jan 24, 2022
Disabled by default.
To use, run tailscaled with:
TS_SSH_ALLOW_LOGIN=you@bar.com
And enable with:
$ TAILSCALE_USE_WIP_CODE=true tailscale up --ssh=true
Then ssh [any-user]@[your-tailscale-ip] for a root bash shell.
(both the "root" and "bash" part are temporary)
Updates #3802
Change-Id: I268f8c3c95c8eed5f3231d712a5dc89615a406f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jan 24, 2022
Disabled by default.
To use, run tailscaled with:
TS_SSH_ALLOW_LOGIN=you@bar.com
And enable with:
$ TAILSCALE_USE_WIP_CODE=true tailscale up --ssh=true
Then ssh [any-user]@[your-tailscale-ip] for a root bash shell.
(both the "root" and "bash" part are temporary)
Updates #3802
Change-Id: I268f8c3c95c8eed5f3231d712a5dc89615a406f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jan 24, 2022
Disabled by default.
To use, run tailscaled with:
TS_SSH_ALLOW_LOGIN=you@bar.com
And enable with:
$ TAILSCALE_USE_WIP_CODE=true tailscale up --ssh=true
Then ssh [any-user]@[your-tailscale-ip] for a root bash shell.
(both the "root" and "bash" part are temporary)
Updates #3802
Change-Id: I268f8c3c95c8eed5f3231d712a5dc89615a406f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jan 25, 2022
Disabled by default.
To use, run tailscaled with:
TS_SSH_ALLOW_LOGIN=you@bar.com
And enable with:
$ TAILSCALE_USE_WIP_CODE=true tailscale up --ssh=true
Then ssh [any-user]@[your-tailscale-ip] for a root bash shell.
(both the "root" and "bash" part are temporary)
Updates #3802
Change-Id: I268f8c3c95c8eed5f3231d712a5dc89615a406f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 2, 2022
Updates #3802 Change-Id: I44de6897e36b1362cd74c9b10c9cbfeb9abc3dbc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 2, 2022
Updates #3802 Change-Id: I44de6897e36b1362cd74c9b10c9cbfeb9abc3dbc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 2, 2022
Updates #3802 Change-Id: I44de6897e36b1362cd74c9b10c9cbfeb9abc3dbc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
DentonGentry
added
L4 Most users
bradfitz
added a commit
that referenced
this issue
Feb 10, 2022
Updates #3802 Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 15, 2022
Updates #3802 Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 15, 2022
Updates #3802 Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 15, 2022
Still largely incomplete, but in a better home now. Updates #3802 Change-Id: I46c5ffdeb12e306879af801b06266839157bc624 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 15, 2022
Still largely incomplete, but in a better home now. Updates #3802 Change-Id: I46c5ffdeb12e306879af801b06266839157bc624 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 15, 2022
Updates #3802 Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 15, 2022
Updates #3802 Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 15, 2022
Updates #3802 Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 16, 2022
Updates #3802 Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 17, 2022
Make tailssh ask LocalBackend for the SSH hostkeys, as we'll need to distribute them to peers. For now only the hacky use-same-as-actual-host mode is implemented. Updates #3802 Change-Id: I819dcb25c14e42e6692c441186c1dc744441592b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 17, 2022
Make tailssh ask LocalBackend for the SSH hostkeys, as we'll need to distribute them to peers. For now only the hacky use-same-as-actual-host mode is implemented. Updates #3802 Change-Id: I819dcb25c14e42e6692c441186c1dc744441592b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 17, 2022
Updates #3802 Change-Id: I2a889019c9e8b065b668dd58140db4fcab868a91 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Feb 17, 2022
Updates #3802 Change-Id: I2a889019c9e8b065b668dd58140db4fcab868a91 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jun 3, 2022
On DSM7 as a non-root user it'll run into problems. And we haven't tested on DSM6, even though it might work, but I doubt it. Updates #3802 Updates tailscale/corp#5468 Change-Id: I75729042e4788f03f9eb82057482a44b319f04f3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Soypete
pushed a commit
that referenced
this issue
Jun 14, 2022
This makes it so that the user is notified that the action they are about to take may result in them getting disconnected from the machine. It then waits for 5s for the user to maybe Ctrl+C out of it. It also introduces a `--accept-risk=lose-ssh` flag for automation, which allows the caller to pre-acknowledge the risk. The two actions that cause this are: - updating `--ssh` from `true` to `false` - running `tailscale down` Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: soypete <miriah@tailscale.com>
Soypete
pushed a commit
that referenced
this issue
Jun 14, 2022
This makes it so that the user is notified that the action they are about to take may result in them getting disconnected from the machine. It then waits for 5s for the user to maybe Ctrl+C out of it. It also introduces a `--accept-risk=lose-ssh` flag for automation, which allows the caller to pre-acknowledge the risk. The two actions that cause this are: - updating `--ssh` from `true` to `false` - running `tailscale down` Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: soypete <miriah@tailscale.com>
Soypete
pushed a commit
that referenced
this issue
Jun 14, 2022
Updates #3802 Change-Id: Ic9a4b8c51cff6dfe148a1c78bc0e5074195b7f80 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Soypete
pushed a commit
that referenced
this issue
Jun 14, 2022
Updates tailscale/corp#5468 Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>
Soypete
pushed a commit
that referenced
this issue
Jun 14, 2022
On DSM7 as a non-root user it'll run into problems. And we haven't tested on DSM6, even though it might work, but I doubt it. Updates #3802 Updates tailscale/corp#5468 Change-Id: I75729042e4788f03f9eb82057482a44b319f04f3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jun 17, 2022
Updates #3802 Change-Id: Icb4ccbc6bd1c6304013bfc553d04007844a5c0bf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jun 17, 2022
Updates #3802 Change-Id: Icb4ccbc6bd1c6304013bfc553d04007844a5c0bf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jun 17, 2022
Updates #3802 Change-Id: I6b9a3175f68a6daa670f912561f2c2ececc07770 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jun 18, 2022
Updates #3802 Change-Id: I6b9a3175f68a6daa670f912561f2c2ececc07770 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jun 18, 2022
Updates #3802 Change-Id: I6b9a3175f68a6daa670f912561f2c2ececc07770 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
twitchyliquid64
pushed a commit
that referenced
this issue
Jun 21, 2022
Updates #3802 Change-Id: Icb4ccbc6bd1c6304013bfc553d04007844a5c0bf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
twitchyliquid64
pushed a commit
that referenced
this issue
Jun 21, 2022
Updates #3802 Change-Id: I6b9a3175f68a6daa670f912561f2c2ececc07770 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
Tailscale SSH feature launched: https://tailscale.com/blog/tailscale-ssh/ I imagine we should have new issues tracking future feature additions. |
bradfitz
added a commit
that referenced
this issue
Sep 18, 2022
For control to fetch a list of Tailscale SSH username candidates to filter against the Tailnet's SSH policy to present some valid candidates to a user. Updates #3802 Updates tailscale/corp#7007 Change-Id: I3dce57b7a35e66891d5e5572e13ae6ef3c898498 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Sep 18, 2022
For control to fetch a list of Tailscale SSH username candidates to filter against the Tailnet's SSH policy to present some valid candidates to a user. Updates #3802 Updates tailscale/corp#7007 Change-Id: I3dce57b7a35e66891d5e5572e13ae6ef3c898498 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Sep 19, 2022
For control to fetch a list of Tailscale SSH username candidates to filter against the Tailnet's SSH policy to present some valid candidates to a user. Updates #3802 Updates tailscale/corp#7007 Change-Id: I3dce57b7a35e66891d5e5572e13ae6ef3c898498 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Sep 19, 2022
For control to fetch a list of Tailscale SSH username candidates to filter against the Tailnet's SSH policy to present some valid candidates to a user. Updates #3802 Updates tailscale/corp#7007 Change-Id: I3dce57b7a35e66891d5e5572e13ae6ef3c898498 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz
added a commit
that referenced
this issue
Jan 6, 2023
Fix regression from 337c779 (for #3802) where tailscaled started calling Setgroups and then failing as a regular user. Instead, ignore that failure if the groups are already correct. Also, remove incubator_{freebsd,darwin}.go files and merge them into incubator.go to avoid having to fix this in three places. Fixes #6888 Change-Id: I79f780c6467a9b7ac03017b27d412d6b0d2f7e6b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since all packets sent over Tailscale have an associated identity thanks to Tailscale, a lot of authentication work can be simplified. Notably, SSH could be made much less tedious by taking advantage of your TCP connection's identity. The cmd/tsshd was the start of these experiments.
This is a tracking bug for more such SSH work.
The text was updated successfully, but these errors were encountered: