logoalt Hacker News

doublepg23today at 1:59 AM5 repliesview on HN

I’m a heavy Tailscale user, so I do trust them quite a bit, but I never used the Tailscale SSH feature. I feel like OpenSSH’s security record is pretty unbeatable, not sure why I’d swap over for such a security-sensitive tool.


Replies

OJFordtoday at 6:36 AM

The SSH vulnerability here only applies if the attacker is already on the network. It violates your Tailscale ACLs, but it's not arbitrary external root ssh access. Arguably that's a more secure starting point than vanilla ssh to publicly accessible machine.

show 2 replies
bakiestoday at 2:23 AM

Yeah pretty much just use tailscale as a vpn.. do one thing as they say.

jdifftoday at 2:10 AM

I've used it before to access my tailnet machines through a browser on a machine I can't download software on.

show 1 reply
dgacmutoday at 2:35 AM

I used it for a bunch of remote monitor boxes to have a way of centrally managing ssh access to things that were often on- and off-line. It was simple and convenient and access was easily revocable.

isattytoday at 2:10 AM

Convenience for the most part but in general, I agree. I like having it as an option.