Tailscale... and SSH
If you haven't used it yet, now is the time!
It’s been just over 1 year since Tailscale added this feature and I created this post.
This week, in between new posts, I’m reposting it because it’s such an awesome feature.
Not having to maintain ssh keys and have it all “just work” between your personal and business servers is super cool.
If you haven’t used this yet, enjoy the post!
I’ll be back in 2024 with all new content at least twice a month, see you then.
Tailscale recently added a new SSH feature.
This is super cool for anyone who has a few linux or other servers lying around.
I have two Raspberry Pi’s, a work mac, and a windows computer.
The two pi’s are running the latest Ubuntu LTS, and also run gluster. This is my personal redundant storage array. I put a file into the samba share, and it replicates to both external ssd’s.
If I want to ssh into either of these devices, I need to put the public key of my work mac, and windows computer onto both pi’s…
If I added another server, I have to copy in multiple keys each time. This becomes a hassle.
Enter Tailscale
The latest releases have a new feature. On my servers, I run:
tailscale up --sshNow, tailscale hijacks ssh connections, and it will verify my device is logged in to Tailscale and connect automatically. They provision the ssh keys behind the scenes.
This is neat, if we add a new device to the network, any other device can ssh into it without any setup.
Also, if you install Prompt or another SSH client on an iPhone or Android…. You don’t have to put a private key on your devices! You can connect and it “just works” as long as Tailscale is running.
Finer control
If you are using Tailscale at work and you have many servers, you may not want all devices on the network to have access. Thankfully you can configure access controls:
In this example, I’m allowing my user to auto connect to any servers in my network, I could limit access for one user to a single server.
Why you need to setup tailscale
There’s a million cool things tailscale can do for you. It’s a layer on top of Wireguard that does everything for you.
Another awesome feature is creating an exit node
Buy a Raspberry Pi. Install tailscale, then run
tailscale up --ssh --advertise-exit-nodeNow, the next time you are on Airport wifi, and you want to go to OddsJam.com or some sportsbooks to gamble 😉, connect to tailscale and use your personal VPN exit node. No more getting blocked by annoying filters out in public :)
Two more ideas
If you STILL don’t want to try out tailscale, here’s two more cool ideas.
Setup a SECURE dog / house / baby cam
I’m tired of companies like Amazon uploading all video to the cloud and sharing it with 3rd parties or having data leaks.
Buy a $20 camera, plug it in to a pi, auto save video on a loop, and notify yourself of motion events. The data never leaves your house, yet you’ll be able to see the camera from anywhere on your phone.
Maybe the most enticing for last… Install code-server, and access VS Code from an iPad.
If this isn’t your style, the other option I’ve used a few times is the Remote Development SSH plugin. This will let you connect from your laptop, to any of your (hopefully much more powerful) servers and code directly on them, a throwback to doing FTP based PHP development.
Coming soon, they’re also adding a “funnel” feature. It’s basically a proxy from the internet to your devices. Think ngrok. This will be useful if you want to share your local progress quickly with someone.
It’s amazing
If you couldn’t tell, I really like Tailscale. You also get automatic host names added to every device’s DNS. If I have a webserver running on the pi in the garage, I can go to `http://pi-garage` from any device. I don’t even need to remember or copy the IP’s from tailscale when I do things.
Let me know what interesting stuff you’re using it for, or if I convinced you to give it a try.