Tailscale SSH

Just a quick thank you to the team working on Tailscale. It’s hands down the most seamless dev experience I’ve ever seen. Every time I think “such and such would be nice”, I search the docs, and it’s already implemented better than I could have expected (eg the stateless mode for ephemeral servers).

I tinkered with cloudflare before that but just couldn’t get on with the interface of the admin tooling.

With Tailscale I have a lot more confidence that I’ve set up the access rules as I need them. It’s all just a lot more obvious.

> This lets people gradually use Tailscale SSH over time without messing with their system one.

That is something I have really appreciated about Tailscale. It seems to consistently not mess with the existing environment. Considering it does networking witchcraft and it works on a variety of architectures and OSs this is quite an accomplishment.

I suspect Tailscale's customers have found the same.

How was the decision made to roll this functionality out before announcing it to customers (we found it during a previous security audit)?

While it might seem logical in your mind to bolt on extra features and add value, your customers evaluate risk based on functionality of the software they are approving. Customer buys a VPN solution, magically gets remote access that bypasses firewalls. Can we trust Tailscale to not roll out a remote file backup feature and start silently exfiltrating data (as an extreme example)?

I've been using Tailscale for years but will likely not use this feature, even though I would like to.

The fundamental problem with the approach really is that connections are different over the tailnet and over the local network. Here is a specific use case that is painful:

1. There exists a cluster of machines, each with large amounts of locally attached storage. They are all on the same local network and connected with 10Gb (and likely soon 40Gb ethernet interfaces).

2. Each machine is individually on the same tailnet so they can be accessed remotely.

3. Remote users frequently need to move large amounts of data between machines. A user copying a few hundred gigabytes of data with "scp" is normal.

4. For performance reasons, it's preferred to avoid the Tailscale/wireguard overhead when copying data between adjacent machines in a rack.

At this point, if I enable tailscale ssh for remote login, it appears that the problem of key management for connections between local machines (using ssh over the normal interface, not the tailnet) still remains, and in fact, the overall authentication configuration is more complex than it was before.

What I would love to exist, and would make me instantly use this feature, is if the tailnet issued SSH certificates (probably injected into its own ssh-agent?), the existing tailscale SSH implemention worked just like it currently does (it's great!), AND I could manually configure servers to accept certificates issued by the tailnet. Then SSH paths like "laptop --> (over tailnet) --> server 1 --> (over local network) --> server 2" could be made to work transparently, for those machines that need it, and for regular users, it still "just works".

> (...) the userspace tailscaled process takes over all TCP port 22 packets after the WireGuard decryption and doesn't even feed them into the kernel over TUN. We use gVisor's netstack to handle the TCP connections in-process.

> So it doesn't matter whether you have other processes (or iptables rules, etc) that would prevent the Tailscale SSH server from binding to port 22.

This sounds like a great feature when exploiting buggy WordPress/php apps! /s

I realize this is a feature - but it's a bit sad that the standard package handling isn't up to the task; leaving (I expect) the tailscale daemon as a "magic" netcitizen - not featuring in neither "ss" or "iptables" output (why can't I login to opensshd?).

Hey bradfitz, guy who previously had 32150 here. :-) This looks insanely cool, a couple questions:

I know it says it's linux-only right now, but is that client side or server only? Can my Windows users TailSSH into linux boxes?

Would be cool if somehow it could wedge into sudo auth so you could login as a a user and sudo without password if allowed by ACLs, especally if I could add "check" to the ssh. agent pam module?

One thing that has prevented me from trying Tailscale, despite the great word on the street, is I can't figure out pricing, despite contacting sales. I'd like to run it on ~120 dev+stg+prod VMs, with 10 people (devs, testers, ops). I'd like every box to talk over tailscale directly, as an overlay network, but servers I hope aren't users, that'd get expensive fast. But I need more devices than 10/user. I presume "custom" would help with that but I got no reply from sales. We are probably too small fry. Now that I'm typing this, I realize I guess we could just buy ~15-20 users despite needing only 10.

I think I've resolved myself to setting up Nebula for the server overlay network, and using Tailscale for physical users, with a traditional firewall bridging them.

Again, Tailscale SSH looks very nice, job well done!

This looks great, and I'd love to replace AWS SSM (at least for the purposes of instance access) with this! One question I have is have is around device limits.

With SSM, I can easily run an agent on every instance. Tailscale has pretty tight device limits on the Team and Business plans. I have no idea what the custom pricing looks like, but I'm guessing it would exceed my budget. What's the intended way to use this with a large number of servers? A small team can easily have more devices than 5x or 10x the number of users. Should we just set up some "gateway"/"bastion" instances to access via Tailscale SSH and then use regular ssh from there? Some sort of more limited device mode that doesn't count against the device limit (for ssh only, perhaps?) would be great.

This is neat. I've used Cloudflare's Zero-Trust SSH, but I've been frustrated that it interacts poorly with sftp and scp because of the client-side changes that they make to ~/.ssh/config

Does tailscale have the same issue?

I have Tailscale on all my Macs. I use MacOS default SSH between my machines, but only via the Tailscale interface.

Nevertheless, I had to open SSH on each machine, and it's a nightmare to close up the firewall so only Tailscale gets through. You'd think this was the whole point of Tailscale; there should be a one click lock to restrict to Tailscale. But the Tailscale documentation is wanting. I actually paid for a candidate for the best firewall front end, it came with "Let us know if we can help!" and radio silence once I explained the problem. Likely, restricting to Tailscale requires a granularity one can only hand-code.

I can write a firewall, I've written plenty in the past, I just couldn't find the several hours to do this as a one-off for me when it should be easy, but I was missing needed information.

Tailscale is justly proud of how it connects machines through uncooperative routers and such. Tailscale SSH should do the same. The idiot's guide to securing a machine so only Tailscale SSH gets through should be to find SSH in the preferences and turn the fucker off.

Just want to say thanks: This is insanely cool/easy. Combined with the VSCode Remote SSH extension and MagicDNS, it's now insanely easy to work on a project in a remote environment. I was recently reading through a relatively long post on setting up SSH through Tailscale to access a WSL2 environment, and now it's literally as easy as popping open VSCode in any environment that I have Tailscale installed on and accessing `user@my-magic-dns-machine`. Great work!

Any interest in adding mosh like features (https://mosh.org/)?

Low latency typing, session resumption etc

Could you share some details about the embedded SSH server? I'm curious if this would work to add SSH capabilities to devices that run Tailscale but don't include a built-in SSH server. Previously I've used dropbear, so it'd be really nice to be able to drop that requirement!

I attempted this on a VM inside a Linux host and got a lower privileged user from inside the guest VM to ssh to a root-privileged user outside on the host. Both were authenticated to Tailscale with the same gmail account, so from an OAuth perspective, this is valid. From the OS perspective though, the host SSH port is blocked, and a guest should never get full root access to the host or see the host's resources.

I am not sure if I am confused about something, or maybe there are prod use-cases where the same IDP identity should have different roles/privileges depending on the machine, and Tailscale SSH breaks that?

A nice next step would be tailscale managing an ssh key that's allowed to do interact with a git(hub) repository. So that I wouldn't have to create multiple keys or setup the same key on different machines and still be able to interact with a repo from all of them.

It'd be really nice just using git transparently and having tailscale take over the git ssh connection and authenticate using taliscale access controls.

At least for personal projects or small teams that'd be quite convenient.

Hi Brad: Thanks for helping out with this feature! I've been one of the early users of tailscale. My network is around 50 machines. I've recently started having issues with ssh on some of my machines, especially from mac m1 -> some ubuntu boxes. Could this be related to this new feature? Any suggestions/pointers on how to debug these issues?

What are the failure modes? Openssh is a well understood risk, this seems... unquantifiable?

What would we need to have open in our security groups for this to work?

I think ingress wouldn't be necessary since tailscaled creates a tunnel right?

But how about egress traffic? UDP for WireGuard or something else?

Thank you to the Tailscale team for altering my belief that VPN could only stand for Vexing Productivity Neutralizer.

Features like Tailscale SSH represent the ruthless removal of annoyances.

edit: grammar

Were golang’s ssh and crypto packages independently audited ?

quick question. Does this do user (de)provisioning like Jumpcloud? I.e. if the target machine doesn't have a /home/someuser but someuser is in my tailnet ACL, will it create the account?

Can you do ssh tunnelling?

So we have no way to secure this besides disabling wireguard ?

Do you build tailscale with redo? and if not why not? :)

hello, is sftp supported? thanks

Are you after the LE part specifically? If not, I'm quite happy with mdns and the seems to be a unicast version available too:

https://www.zerotier.com/2021/05/06/zeronsd-unicast-dns-reso...

For public domains, I've got a quick script which mirrors what appears in avahi to route53, so that's one way to deal with certs.

They offer custom SSO providers using SAML or OIDC https://tailscale.com/kb/1119/sso-saml-oidc/

Unfortunately they are locked behind Enterprise pricing because of the extra help and debugging needed to get them working. Maybe at some point this will be offered standard though.

There is also the self-hostable Headscale implementation.

Actually pretty soon, probably.

It's working. It needs some UI love first and some docs so people know how it works and don't immediately freak out. :)

> when tailscale ssh was a secret binary in the tailscale github repo

That makes it sound like we put a binary in our git repo :) It was its own Go package main that people could run.

It was never a secret. We just didn't advertise it a ton! :)

This is a workaround, but could you minimize that risk by signing up for both Microsoft and Google? It should help for any policy / moderation / "computer says no" decisions that are vendor-specific.

(On the other hand, for security risks, it means that a security hole in either one would be a problem.)

I can see some risk with say Google as the surface area is much larger (maybe they don’t like some play store activity or some ads activity or YouTube activity, etc). But I use my GitHub account and I’m really not worried about automated moderation locking me out of my account.

Yeah, but e.g. no rsh (or telnet!) on macOS.

It's likewise a bit silly that we had to add TLS support to Tailscale: https://tailscale.com/blog/tls-certs/

But we want to interoperate well with the clients people already have (browsers, their system ssh client, etc...)

Yes and no. You shouldn't have rsh on your system at all -- there's a case for telnet to test connections (though netcat is better), but there's no case for rsh.

ssh used to allow setting cipher=none, but that's not available anymore.

Think of it this way: you're paying the small overhead of double encryption, but you're gaining not fatfingering your way to a password compromise.

    > would it make more sense to run simpler & unencrypted `rsh` instead of `ssh`?

Double encryption is twice as effective. I use double ROT-13 for double the security.

Is it pointless? SSH doesn’t send the password out over the wire but instead uses a challenge-response cryptographic system so even if one of the interim machines is compromised, they don’t have access to the clear text password. You shouldn’t be raising passwords (or even passwords in the first place with ssh) but practice defense in depth.

Unless you’re transferring large files the overhead of double encryption on ssh is totally blown away by waiting for human input.

IIRC There’s a fork of SSH that supports not encrypting things if you are trying to transfer large files.

Stay secure by default.

CPU overhead for encryption is basically non existend.

In this case, double encryption is a good idea though. Tailscale is a great way to reduce exposure of your infrastructure from the public internet, but it’s not without flaws. In theory, it should be possible for Tailscale and your SSO provider to add new nodes to your Tailnet. Though I don’t believe this is something that they’re actually willing to do, it’s definitely something to keep in mind if you’re planning on delegating SSH/sudo authentication to Tailscale.

Not really. Who knows what you’re connecting to once you connect to the tailscale endpoint.

It’s more likely that you’re gonna screw up and end up doing something you don’t intend to do for very little gain. SSH overhead in 2022 is really low.

Totally, I’m a happy customer, but completely relying on Tailscale for out-of-band SSH doesn’t sit right with me, especially for personal machines. One ban and poof, you can’t access your own servers.

And to be honest, I understand the appeal of not having to muck around with the system, but SSH isn’t that cumbersome once you’ve set up your /etc/hosts, and encrypt your id_rsa files. Couldn’t get any easier than `ssh <machine>`.

This bothers me as well as a personal user. I'd love to go all-in on tailscale but having companies like Google running the identity is really off-putting.

For now I think I'll be leaving the tailscale SSH functionality and keeping my own setup. I also have a static IP at home which is allowed access to my remote dedicated box. If they enabled some other identity provider that I could either self-host, or use their own with an email + password then I could close off that extra hole but for now it feels too risky for me.

On a corporate side I don't mind so much, SSO is so standard and I'd feel perfectly comfortable using Okta or Google SSO because there seem to be far fewer stories of an entire GSuite being banned with no recourse.

Tailscale is great and has solved a bunch of problems for me, but the idea of having a seperate IDP that have so many horror stories around them freaks me out enough to slightly lower my security to account for it. Thankfully there are fewer stories like that about GitHub so I'm using them for now.

And for anyone looking at Tailscale, I should also mention ZeroTier (https://www.zerotier.com/).

In my opinion they have better tech, but they are pretty bad at packaging it, and bad at making it work for actual use-cases.

Tailscale seems to be much more clever around building out stuff (like this one, SSH) that actually goes all the way for a particular use-case. ZeroTier feels more like a building block, where you need to bring more stuff yourself.

Either way, both are awesome pieces of technology, and really useful!

If the auth flow was as good as Touch ID and no window switching, yeah it would be acceptable but this flow would give me a headache with all the flashing.

Agreed this is a big limitation.

The only way to do it is if you have secondary email address domains. Say mdeeks@company.com and mdeeks@company.team. You can create a separate tailnet for company.team but you also have to roll out additional subnet routers (if you use them) that are authed on that second tailnet. Also you wont be able to easily write rules that interact with things that are not authed onto the second tailnet.

They need a first class concept of "canary" or "beta" that applies to ACLs, DNS configs, client versions, and all sorts of other toggles in the UI. It's a hard product problem and I'm not even sure how some of it should work.

I just know I need a way to test changes before I roll it out to everyone at the company. Right now there aren't good options for that.

I work around this issue by running multiple tailscaled daemons on different state directories and sockets.

E.g. I have the Tailscale macos application configured for the work network and then I run another tailscale daemon to connect to other home stuff:

    $ alias tailscaled
    tailscaled='sudo tailscaled --socket /Users/mkm/tmp/tailscale-mkm.socket'
    $ alias tailscale

I installed the tailscale binaries from sources with "go install tailscale.com/cmd/tailscale{,d}@main"

Do you use the same Google/Github/Microsoft/whatever account for both work and personal stuff?

That feature was recently added to SSM https://aws.amazon.com/about-aws/whats-new/2022/05/aws-syste...

Using something like gossm which I just put a PR in for this feature also makes this easier https://github.com/gjbae1212/gossm/pull/54

Hmm AFAIK you don't need a bastion to use SSM agent - it even allows you access through the browser. I think you meant EC2 Instance Connect which manages temporary SSH keys.

I'm curious, what's really clunky about SSM?

Other than ensuring the pre-requisites are met, and knowing the instance-id, SSM works pretty flawlessly. You can easily write a wrapper that looks up the instance-id from the hostname, if you prefer to use it that way.

The big thing you get with Teleport that you don't yet get with Tailscale --- apart from entirely owning the source of truth for SSH authentication on your own infra, which is a very minor issue for almost everyone but is a major issue for some people --- is that Teleport gives you transcript-level audit logs of your SSH sessions.

Teleport also has that web-based SSH console (it's one of the better web-based consoles) and the ability to do joint SSH connections. But the audit log is the big one.

Obviously, the flip side of this is that Tailscale's SSH is built in; if you're already using Tailscale, and you're not already using Teleport, you should enable Tailscale's SSH right away; it is hugely better than managing your own SSH service ad-hoc.

Well, how long did it take you to set up Teleport?

It's helpful for people to know, from context later in the thread, that one of the core concerns behind this comment is the idea of using SSO at all, and thus giving "the keys to the kingdom" to Google.

Of course, it's also worth knowing that SSO is basically a universal best-practice for security teams, and while it's not de jure required by SOC2, it's almost de facto required. For once, I think the best-practices and compliance people have this one right: you are extraordinarily unlikely to get burnt for trusting Google in this instance, and the security track record of ad-hoc authentication is worse than abysmal (ad-hoc authentication is probably implicated in a plurality of all major incidents).

Totally meta to this discussion: I am disturbed by the SSO/IAM trend because it gives root on the entire universe to a small collection of companies.

We are looking at a future where a security breach or misbehavior by one of a handful of companies could mass-compromise millions of businesses and critical infrastructure and possibly hundreds of millions to billions of devices. Even worse this permission is clandestine. It could be exercised against individual targets with no obvious audit trail, since auditing tends to also be delegated to the IAM provider (and nobody looks at local logs in most cases).

I guess we've been handing vendors a lot of power for a while with OS vendors that have "push" software update capability, but this is adding not only even more carte blanche permission to a small number of companies but extending it across systems running different OSes and even open source platforms like Linux and BSD.

Software update capability is also fairly coarse grained. Apple or Microsoft could push a compromised or malicious update, but it would be harder for them to specifically target a single user reliably and without being noticed. (Wait... why did I get a macOS update and none of my friends did?) SSO/IAM providers could easily do this. Imagine a subpoena that targets your SSO/IAM provider that gives the government (and maybe not even your government!) silent unlimited remote access to everything you have.

I can also imagine "cancellation" scenarios where a company doesn't like what you say so they dump your account and lock you out of all your infrastructure, requiring you to manually go around and "root" all your stuff. (If you think this would only ever be deployed against Nazis, study history a bit. Political winds shift.)

It's just a monstrous amount of power to give out, and I feel like people aren't thinking this through or maybe are not even aware of the power they are delegating.

I feel like people should at least understand what they are doing when they choose to delegate all their authentication to Google.

> goofy login flow

Can you be more specific about your complaints?

We just adopted it to consolidate multiple different OpenVPN installations.

Why?

* The Tailscale clients are dead simple and good quality (but not perfect). OpenVPN clients for mac and iOS are pretty bad. Onboarding OpenVPN users was a large document that generated a lot of questions and support issues. Tailscale onboarding is about two minutes for most users and we had nearly no support requests rolling it out widely to our company.

* Tying OpenVPN to Okta is a truly terrible experience. Users would login with their Okta creds and a push would silently go to their devices. If they didn't know to check their phone it would just fail to login. Alternatively you can paste your TOTP code after your password. Yes, really.

* We don't have to manage or debug anything related to LDAP.

* Maintenance on our side is extremely minimal. Just install subnet routers (<10 lines of bash) and put our ACLs in source control.

* We no longer have to tell users to logout and login to another VPN to get to certain resources. We just grant them access and suddenly they can reach what they need. ACLs are amazing and super easy to script, audit, and test.

* Split DNS that actually works on all operating systems. For private domain A, query this resolver (over the wireguard link), for private domain B, query this other resolver.

* I rolled it out as a PoC to all of our major VPCs in a day.

The bad? It's still a young product and is missing features and has some warts.

* Notifications on macOS that you need to relogin are just plain broken (they know and are working on it).

* We're currently battling issues with network resets due to what looks like a client bug when you have lots of users.

* No access to audit logs yet

* You can't restrict people from using exit nodes

* No good way to canary changes to your user population. Any mistake in the UI instantly breaks everyone.

One of my clients, an industrial/commercial property realtor (to contextualize the environment; we’re not talking military secrets here), uses it.

Day to day I interact with it like any other VPN client except I auth via the Google workspace account they gave me.

It’s Tailscale, or hosted OpenVPN and cross your fingers they’re not snooping, or DIY Wireguard or OpenVPN and all the usual ups and downs of DIY.

Software based infra is out of the unknown unknowns era these days and years of rising usability expectations means Oracle level nightmares to deal with do not gain enough momentum to survive anymore. Tailscale is plenty easy to deal with. The only consideration is do you believe your traffic is really secure? Otherwise “it just works” like anything else these days.

That said, my project for them is deprecating the infra accessed via Tailscale (24/7 EC2 running web dashboards). The already Dockerized dashboards will run locally now and use an API to retrieve the data. Real people directly in your infra is probably best avoided.

I would have loved this at a company a couple of years ago which was massively all in on Google Auth for literally everything. If you're fine with that being your concrete level of authentication for everything; internal tools, external tools, etc, then tailscale sort of just slots right in, and SSH makes it even more so.

I would be very hesitant to build around this personally, hijacking Google accounts is already something pretty high value to a companies adversary, and using Tailscale and SSH like this turns it from a compromise of accounts indirectly through password resets into access to unlimited production machines, internal services, etc. It feels almost layer violating to have a soft social login through Google, that gets persisted in every Chrome browser and logged into on every employees phones also directly control SSH, but maybe that's just me.

1. api keys != auth keys

2. you can disable key expiry for devices where it makes sense, see https://tailscale.com/kb/1028/key-expiry/#disabling-key-expi...

Are you asking whether the owners and operators of the Tailscale control plane can theoretically add devices to your network without your authorisation? If so then yes, definitely.

Perhaps a terrible analogy, but to me the question reads like "can the bank just spend my savings?"

How might you expect a fresh node to join your existing Tailnet without Tailscale having a means to add a node?

> For a small business, what is so hard about keeping a file (CA private key) secure and changing it when required?

For a small business? Well, keeping a file secure and changing it when required ^^'

I mean, it's not out of this world hard to generate your private CA but there are a thousand footguns, the experience isn't exactly friendly, and it's Yet Another Thing To Do And Keep Track Off, i.e even if there's someone who has the technical chops, they may not have the bandwidth, and also, lottery factor. Let alone keeping it properly secure. There's a whole framework/procedure to create to set that up properly.

(been there done that, I was exactly in the situation above)

Changing it when it is required.

SFTP is a sub-protocol of SSH (technically a "subsystem" in the RFC-speak), which implements features similar to "legacy" FTP.

Anyway, our ssh server knows about sftp, so `sftp <host>` should just work.

> Isn't SFTP just ftp over SSH?

FTP is a wholly different protocol, that has aged rather poorly. You might be thinking of FTPS, which is FTP with TLS. SFTP is its own thing and is actually decent/sane.

> can this be used to create SSO-enabled SFTP?

From another reply somewhere else in the comments, apparently yes.

SFTP isn't really FTP over SSH, it's just a collision of naming.

Tailscalar here, you can also fetch, validate and edit your ACL's using the API https://github.com/tailscale/tailscale/blob/main/api.md#acl

Tailscale is the network infrastructure for this feature. This is like being concerned that Cisco can see your ICMP headers in iOS.

I think in this context, I'd worry about attributing any actions taken on the root account back to a named user. I suppose tailscale keeps an auth log (anyone know details?) so you likely could determine "root"="alice" by looking across different log files. Attributing privileged commands to an employee is critical for security.

In other contexts you want to avoid shared root accounts, as you'd want to block access for former employees, but you don't want to rotate credentials every time. SSO for tailscale makes that easier.

Why? To me it doesn’t make sense not to do so. What kind of security gives you logging it as non root user and then using sudo (maybe even without a password) to become root?

Root makes everything more easier, for example to copy a file on a server with scp if you don’t have root login you first has to copy it to /tmp and the copy it in the right directory by logging in as normal user and elevating with su/sudo.

Also you have to remember which username was chosen when the server was installed, was it user, admin, or pi, or some default?

I get not using root for everyday usage on a desktop, but for a server having a non root user is not that useful.

Of course you have to know what you are doing, but sudo doesn’t protect you from stupid mistakes anyway (especially if configured with NOPASSWD as I always see doing because having to continuously type the password is annoying and password tends to be forgotten)

Indeed, "root" is not a person - only persons should have authorization (to log in, to elevate via su/sudo).

Ed: although in this case the binding between a system user and a person happens at the tailscale level.

I've always heard that and adhered to that, but what's the advantage of me logging in with a user account to then use sudo for every command? It's not like I could break less than being logged in as root.

They have a relatively detailed series of comparisons with other solutions in their documentation: https://tailscale.com/kb/comparisons/vpns/