Hacker News new | past | comments | ask | show | jobs | submit login

I organically grew my tailscale network and with the recent `tailscale ssh`[0] it has turned my life around. I have no open ports to anything & be it my personal machine in the depths of my closet or stuff on the cloud; everything is seamless connected.

[0]: https://tailscale.com/tailscale-ssh/




For those still using SSH as normal, you can setup Tailscale to accept connections only from Tailscale, and ignore any public internet traffic i.e., restrict ssh access to be only over Tailscale. For example, with UFW you could delete every rule except for the “Anywhere on tailscale0” and “41641/udp” rules.


Exactly how it `turned my life around`.

I can now go to sleep without having to worry about random bots trying to mine crypto on my machines. To add to the goodness, one does not have to worry about either SSH-keys or remember cryptic passwords.


This seems like a ... strange ... comment. Do you usually worry about your ssh keys getting stolen? How do you use git?

FWIW, setting up something like tailscale is remarkably simple (I'm using PHP here to keep it simple):

In sshd_config:

    AuthorizedKeysCommand /auth_ssh %u
    AuthorizedKeysCommandUser nobody
And in auth_ssh, verify that the user is allowed to connect to that server, then look it up on github (my public keys: https://github.com/withinboredom.keys).

If you want to allow any github user you allow to connect various permissions, check out libnss-ato.

These are all 1 or 2 lines of configuration and are not hard. You just have to know they exist.


Thank you for the pointers. Honestly, I had no idea about what you pointed out.

Regarding the strangeness; yes I was lazy and had password based ssh and was in constant fear that someone might pop my box.


I really want to enable tailscale ssh but I often need to ssh using my phone and so far none of the android ssh clients I have tried work properly with tailscale ssh.

I believe they are all based upon variations of the same java ssh library and exhibit the same behavior. They all connect to tailscale ssh using 'none' authentication but after connecting don't display anything which means I can't get the URL tailscale ssh presents to do its authentication.

Edit: I was just able to work around the issue by installing Termux and using openssh in that environment to do my initial ssh authentication. Afterwards my normal ssh app works.


on iOS, at least, the Tailscale app will pop up a push notification for you to authenticate in that case; I'm not sure if the same is true on Android but could be worth checking your notification settings.


Notifications are enabled for Tailscale but I don't get one to authenticate.

I was just able to work around the issue by installing Termux which provides a small Linux environment on your phone. I was able to use openssh in the Termux environment to connect and get the authentication URL. After that my preferred ssh app can connect without issue.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: