tailscale ssh doesn't work with the macOS sandbox app
#4518
Comments
|
It's likely this just won't work in the App Store version. We might have to detect that version and said, "Sorry, use a different macOS version." /cc @nickoneill @crawshaw |
Still a little wonky, though. See the tcsetattr error and inability to
hit Ctrl-D, for instance:
bradfitz@laptop ~ % tailscale.app ssh foo@bar
tcsetattr: Operation not permitted
# Authentication checked with Tailscale SSH.
# Time since last authentication: 1h13m22s
foo@bar:~$ ^D
^D
^D
Updates #4518
Updates #4529
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
As of #4531 it's better, but still not great. See the tcsetattr error and inability to |
Still a little wonky, though. See the tcsetattr error and inability to
hit Ctrl-D, for instance:
bradfitz@laptop ~ % tailscale.app ssh foo@bar
tcsetattr: Operation not permitted
# Authentication checked with Tailscale SSH.
# Time since last authentication: 1h13m22s
foo@bar:~$ ^D
^D
^D
Updates #4518
Updates #4529
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Still a little wonky, though. See the tcsetattr error and inability to
hit Ctrl-D, for instance:
bradfitz@laptop ~ % tailscale.app ssh foo@bar
tcsetattr: Operation not permitted
# Authentication checked with Tailscale SSH.
# Time since last authentication: 1h13m22s
foo@bar:~$ ^D
^D
^D
Updates #4518
Updates #4529
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Still a little wonky, though. See the tcsetattr error and inability to
hit Ctrl-D, for instance:
bradfitz@laptop ~ % tailscale.app ssh foo@bar
tcsetattr: Operation not permitted
# Authentication checked with Tailscale SSH.
# Time since last authentication: 1h13m22s
foo@bar:~$ ^D
^D
^D
Updates #4518
Updates #4529
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 50eb8c5)
Still a little wonky, though. See the tcsetattr error and inability to
hit Ctrl-D, for instance:
bradfitz@laptop ~ % tailscale.app ssh foo@bar
tcsetattr: Operation not permitted
# Authentication checked with Tailscale SSH.
# Time since last authentication: 1h13m22s
foo@bar:~$ ^D
^D
^D
Updates #4518
Updates #4529
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 50eb8c5)
|
I think you are saying that macOS won't work as the server you SSH to, but it should still work fine as the client you SSH from. (Or are you saying the client will not work?) |
|
MacOS with Tailscale wrapper client won't work well. Bad enough to be embarrassing and will invite tons of dup bugs we'll be unable to do anything about. MacOS with system ssh client is fine. We just don't get the magic host key checking bit yet. |
|
I looked into this a bit. The I thought that this was maybe due to the ssh process not inheriting some permissions, so I tried doing this directly in the ssh.go CLI command (via Looking at the console, there is a Looking at the default sandbox profile for apps ( Can we perhaps use This may also be something for @nickoneill to bring up at the next WWDC. I can also try to make a self-contained sample and see if Quinn or someone else from Apple in their forums has ideas. |
|
Posted https://developer.apple.com/forums/thread/709444 on Apple's forums. |
What is the issue?
Steps to reproduce
Run
/Applications/Tailscale.app/Contents/MacOS/Tailscale ssh <host>on any macOS machine, where<host>is any Tailscale node.Are there any recent changes that introduced the issue?
No response
OS
macOS
OS version
12.2.1
Tailscale version
1.24
Bug report
No response
The text was updated successfully, but these errors were encountered: