Tailscale recently added a new SSH feature.

This is super cool for anyone who has a few linux or other servers lying around.

I have two Raspberry Pi’s, a work mac, and a windows computer.

The two pi’s are running the latest Ubuntu LTS, and also run gluster. This is my personal redundant storage array. I put a file into the samba share, and it replicates to both external ssd’s.

If I want to ssh into either of these devices, I need to put the public key of my work mac, and windows computer onto both pi’s…

If I added another server, I have to copy in multiple keys each time. This becomes a hassle.

Enter Tailscale

The latest releases have a new feature. On my servers, I run:

tailscale up --ssh

Now, tailscale hijacks ssh connections, and it will verify my device is logged in to Tailscale and connect automatically. They provision the ssh keys behind the scenes.

This is neat, if we add a new device to the network, any other device can ssh into it without any setup.

Also, if you install Prompt or another SSH client on an iPhone or Android…. You don’t have to put a private key on your devices! You can connect and it “just works” as long as Tailscale is running.

Finer control

If you are using Tailscale at work and you have many servers, you may not want all devices on the network to have access. Thankfully you can configure access controls:

In this example, I’m allowing my user to auto connect to any servers in my network, I could limit access for one user to a single server.

Why you need to setup tailscale

There’s a million cool things tailscale can do for you. It’s a layer on top of Wireguard that does everything for you.

Another awesome feature is creating an exit node

Buy a Raspberry Pi. Install tailscale, then run

tailscale up --ssh --advertise-exit-node

Now, the next time you are on Airport wifi, and you want to go to OddsJam.com or some sportsbooks to gamble 😉, connect to tailscale and use your personal VPN exit node. No more getting blocked by annoying filters out in public :)

Two more ideas

If you STILL don’t want to try out tailscale, here’s two more cool ideas.

Setup a SECURE dog / house / baby cam

I’m tired of companies like Amazon uploading all video to the cloud and sharing it with 3rd parties or having data leaks.

Buy a $20 camera, plug it in to a pi, auto save video on a loop, and notify yourself of motion events. The data never leaves your house, yet you’ll be able to see the camera from anywhere on your phone.

Setup a VS Code server

Maybe the most enticing for last… Install code-server, and access VS Code from an iPad.

If this isn’t your style, the other option I’ve used a few times is the Remote Development SSH plugin. This will let you connect from your laptop, to any of your (hopefully much more powerful) servers and code directly on them, a throwback to doing FTP based PHP development.

Coming soon, they’re also adding a “funnel” feature. It’s basically a proxy from the internet to your devices. Think ngrok. This will be useful if you want to share your local progress quickly with someone.

It’s amazing

If you couldn’t tell, I really like Tailscale. You also get automatic host names added to every device’s DNS. If I have a webserver running on the pi in the garage, I can go to `http://pi-garage` from any device. I don’t even need to remember or copy the IP’s from tailscale when I do things.

Leave a comment

Let me know what interesting stuff you’re using it for, or if I convinced you to give it a try.