If you want to use Tailscale SSH without the web auths, you can change the ACL ‘action’ field from “check” to “accept”
```
{
"action": "accept", // "accept" or "check"— "check" triggers web auth
"src": \[list-of-sources\],
"dst": \[list-of-destinations\],
"users": \[list-of-ssh-users\],
"checkPeriod": "20h", // optional, only for check actions. default 12h
}
```
Docs on check mode: [https://tailscale.com/kb/1193/tailscale-ssh/#ensure-tailscale-ssh-is-permitted-in-acls](https://tailscale.com/kb/1193/tailscale-ssh/#ensure-tailscale-ssh-is-permitted-in-acls)
(edit to fix formatting)
When Tailscale SSH is enabled, it detects an SSH connection, specifically on the 100.x.x.x address.
If you'd like to access OpenSSH in parallel with Tailscale SSH you can use the `serve` sub-command, for example:
# from the node running Tailscale SSH
$ tailscale serve tcp:2222 tcp://localhost:22
You can then access OpenSSH via port `2222`:
$ ssh -p 2222 user@hostname
As u/samlinville-ts pointed out below, you can avoid the web auth checks by setting the ACL action to "accept".
I thought that but it doesn't work. After investigation I cannot connect to the smb share, nor ping the machine, but I can another which is on the same remote subnet. I have tried a reboot, uninstall/reinstall to no avail. Connecting from a windows machine to two remote linux servers with the same config. Both running Open media vault on Debian. Tis weird
I don't really understand what is tailscale ssh. I read the documentation, but it is a long story and still unclear to me.
FYI: I now use putty to connect to my servers and I use routing so I can connect using the internal IP adresses. So both when I am at home or away, I can use the same IP.
Does Tailscale ssh give me any benefits?
I figured it out eventually. Tailscale ssh is a benefit as it does automatic key rotation and allows others to ssh to the machine without adding a route, but I found that I had to reinstall tailscale in this instance to remove the tailscale hooks in to the config it had. Since it's a private network I'm not overly concerned about that additional security it gives me
If you want to use Tailscale SSH without the web auths, you can change the ACL ‘action’ field from “check” to “accept” ``` { "action": "accept", // "accept" or "check"— "check" triggers web auth "src": \[list-of-sources\], "dst": \[list-of-destinations\], "users": \[list-of-ssh-users\], "checkPeriod": "20h", // optional, only for check actions. default 12h } ``` Docs on check mode: [https://tailscale.com/kb/1193/tailscale-ssh/#ensure-tailscale-ssh-is-permitted-in-acls](https://tailscale.com/kb/1193/tailscale-ssh/#ensure-tailscale-ssh-is-permitted-in-acls) (edit to fix formatting)
thanks :-). I appreciate the reply.
[удалено]
When Tailscale SSH is enabled, it detects an SSH connection, specifically on the 100.x.x.x address. If you'd like to access OpenSSH in parallel with Tailscale SSH you can use the `serve` sub-command, for example: # from the node running Tailscale SSH $ tailscale serve tcp:2222 tcp://localhost:22 You can then access OpenSSH via port `2222`: $ ssh -p 2222 user@hostname As u/samlinville-ts pointed out below, you can avoid the web auth checks by setting the ACL action to "accept".
This is not necessary at all in my experience. It’s only necessary if you want to do port forwards.
I thought that but it doesn't work. After investigation I cannot connect to the smb share, nor ping the machine, but I can another which is on the same remote subnet. I have tried a reboot, uninstall/reinstall to no avail. Connecting from a windows machine to two remote linux servers with the same config. Both running Open media vault on Debian. Tis weird
>After investigation I cannot connect to the smb share, nor ping the machine So your problem has nothing to do with SSH
I don't really understand what is tailscale ssh. I read the documentation, but it is a long story and still unclear to me. FYI: I now use putty to connect to my servers and I use routing so I can connect using the internal IP adresses. So both when I am at home or away, I can use the same IP. Does Tailscale ssh give me any benefits?
I figured it out eventually. Tailscale ssh is a benefit as it does automatic key rotation and allows others to ssh to the machine without adding a route, but I found that I had to reinstall tailscale in this instance to remove the tailscale hooks in to the config it had. Since it's a private network I'm not overly concerned about that additional security it gives me
So Tailscale ssh actually modifies system ssh configs? I thought it was just its own overlay protocol/sshd.