Seem to be good attempt to make wireguard connections easier to control and manage.... albeit, still much more complicated that the ZTNA solution I have been using. Full ZTNA solution from Splashtop Secure Workspace, Cloudflare One, Zscaler Private Access seem much easier to manage... some comes w/ built in PAM for privilege injection as well as centralized session recording for compliance. Also had used Foxpass SSH key mgt solution that sync w/ existing IDP in a simple / fast way... take just few minutes to onboard Linux/SSH developers.
This is all too good to be true. I feel like Tailscale is setting us up to be SO reliant on their services that one day they will start requiring a subscription service to then access the indispensable access features that we've setup.
@@Tailscale I understand Im not alone when I say that I too would not mind pay for an Personal Pro plan. Say 20-50usd a year for the same but 10 users or an option for more users as an add-on, say 0.5-1usd per user over 3 Yes the share function is gold, but sometimes it would be great to have more than 3 users as an none-company too :)
I tried every other VPN and couldn't get it to work because I have a wireless ISP in the country with CGNAT. Tell scale was pretty much plug and play thank you. 😊
I stumbled into the Tailscale ssh service through another one of your videos, and enabled it one of my VMs. It promptly disabled ssh access to the vm through its default (non-Tailscale) network interface and it disabled all other network services like snmp and even ping, and a dozen docker service hosted in the vm. This pushed me down in a week-long rabbit hole troubleshooting. Is there a document online that deep dives into the mechanisms of how these protections are controlled under the hood and if there’s a way to fine tune them as a mortal user, I discovered so far pages of iptables rules introduced by Tailscale ssh? Many thanks, Alex!
We have a getting started video on the channel already. Let us know what that one is missing for you and we’ll see about incorporating that feedback into future content.
I tried to activate Tailscale SSH on my Synology NAS. I got the message "The Tailscale SSH server does not run on Synology". Isn't Synology NAS a Linux system ???
Does enabling tailscale SSH on the server make any changes on the same tailscale SSH server using NON-tailscale connections (local vlan)? I'm amazed the TS ACLs are applied so seamlessly. I've been using SSH for 3 decades and this set-up looks like magic to me 🧙. I'm assuming default port [22] has to be allowed in the local machine firewall (if enabled) for the tun interface. I'm used to doing all this in the sshd_config, ufw, etc
Hi there. Thanks for the video. I've been pulling my hair out for the last 3 days trying to connect to my Proxmox Tailscale container through Github Runner and then SSH to other Proxmox VMs and hosts through my Github workflow. I can successfully connect to the Tailscale container, but I cannot connect to other VMs and hosts via SSH. The latest error I'm encountering is "Pseudo-terminal will not be allocated because stdin is not a terminal." I've tried modifying the command with -t, -tt, and -T, but no luck. Also, it would be helpful to know that SSH is disabled by default in Tailscale connections.
I have a machine which is connected to tailscale, it has few applications running in it, when i ssh into the device the tailscale works for the person using the device, as soon as I close my terminal the tailscale goes down to him, what could be the root cause and solution for it
Hi Alex, i was wondering if you could help me please. All my three devices are connect, but when I try to access them, for example from my android phone to my Mac mini version 10.15.7 i do receive a message on my phone: Unable to connect error 0x104. Please could you advise? I am using Tailscale just to connect those machines from abroad. Many thanks.
I did it in 1 minute. TS is absolutely amazing! But, for some reason, the quick install from .sh did not work. I had to do install TS "manually". And I said "manually" because it is not manually at all. The installation plus config is automatically.
if the node your setting -ssh flag on is already an exit node, does this work ? I'm finding the ssh flag is not set but then, as an exit node and with its routes advertised, I get ssh direct to this anyways, which is also pretty cool
@@JimBLogic, yes it seems so. I have to authenticate every day. Fast as long as the browser remember that you are signed in. What is cool is that you can do SFTP over ssh (FileZilla), and this also open a new window for authentication. Then it automatically continues when you sign in.
Understand command line... but when it come to the ins and outs of this... This is quite disorienting... Where to even begin to understand all this.... so I have questions... What level of knowledge and which tool-sets would one need to understand this? Specifically...Which college courses or University level education or TH-cam videos are required to understand what is going on here?... Tailscale is wonderful for a startup like mine... and I am quite technically proficient... but honestly guys... there is too much esoteric IT lingo involved in this video for an outsider... ... and how many Tailscale users are do-it-yourself amateurs? ...Setting up a secure network on a shoestring budget by myself... this video raises way more out-of-scope questions than I can handle...
@@Gordonfreems I am being sincere... I am an advanced... highly educated user with advanced use-cases to deal with inside my shoestring solo startup... please do not be condescending to me... I know what a VPN is... I have expert level problems to solve here...
@@georgeanthony6767 this is relatively basic networking and very much worth learning, if you have the time. What concepts exactly aren't you familiar with? This is the SSH video, you may as well use traditional ssh-key-setups, you will find many manuals online. Tailscale ssh is nice-to-have, but not required for a secure network, if that's what you mostly want. There are many great books out there, if you'd read for example »Computer Networking: A Top-Down Approach« by Kurose / Ross you'd learn all you'd need to know and more. It's a big book, but you can skip what you don't feel you need. > What level of knowledge and which tool-sets would one need to understand this? Basic networking > Tailscale is wonderful for a startup like mine... and I am quite technically proficient... but honestly guys... there is too much esoteric IT lingo involved in this video for an outsider... It's great you have a use-case already, but maybe you don't actually need tailscale right now? What issues are you trying to solve? > ... and how many Tailscale users are do-it-yourself amateurs? Many, I would assume. It really is not difficult, don't be discouraged. > ...Setting up a secure network on a shoestring budget by myself... this video raises way more out-of-scope questions than I can handle... Like I said, it's not difficult to set up (it is more difficult to understand deeply, but this you may not need). If you have a concrete use-case just go step by step. Also consider using ChatGPT to ask questions along the way.
Would love a video about getting ssl working with caddy as the documentation is somewhat lacking. I am thinking in regards to docker services with a reverse proxy (instead of file server)
Came here from the excellent Self Hosted podcast, and now a tailscale fan.
CGNAT for meu used to be a pain , but Tailscale made everything so easy. Thank you, guys.
Haha same here :)
Perfectly timed. Thank you so much for this. Have a great holiday break.
Alex! Love your videos. I learned so much from you. Thank you.
Glad you like them!
Seem to be good attempt to make wireguard connections easier to control and manage.... albeit, still much more complicated that the ZTNA solution I have been using. Full ZTNA solution from Splashtop Secure Workspace, Cloudflare One, Zscaler Private Access seem much easier to manage... some comes w/ built in PAM for privilege injection as well as centralized session recording for compliance. Also had used Foxpass SSH key mgt solution that sync w/ existing IDP in a simple / fast way... take just few minutes to onboard Linux/SSH developers.
This is all too good to be true. I feel like Tailscale is setting us up to be SO reliant on their services that one day they will start requiring a subscription service to then access the indispensable access features that we've setup.
We hear this a lot. Perhaps this post will help you trust us a bit.
tailscale.com/blog/free-plan
@@Tailscale I understand Im not alone when I say that I too would not mind pay for an Personal Pro plan. Say 20-50usd a year for the same but 10 users or an option for more users as an add-on, say 0.5-1usd per user over 3
Yes the share function is gold, but sometimes it would be great to have more than 3 users as an none-company too :)
I'm not exaggerating when i tell you i love you, and Tailscale. This shit is so fucking cool.
I tried every other VPN and couldn't get it to work because I have a wireless ISP in the country with CGNAT. Tell scale was pretty much plug and play thank you. 😊
Excellent, brillant, marvelous... I am speechless, it is so good. Thanks a lot!
I swear that this is MAGIC! Thank you Alex.
I stumbled into the Tailscale ssh service through another one of your videos, and enabled it one of my VMs. It promptly disabled ssh access to the vm through its default (non-Tailscale) network interface and it disabled all other network services like snmp and even ping, and a dozen docker service hosted in the vm. This pushed me down in a week-long rabbit hole troubleshooting. Is there a document online that deep dives into the mechanisms of how these protections are controlled under the hood and if there’s a way to fine tune them as a mortal user, I discovered so far pages of iptables rules introduced by Tailscale ssh? Many thanks, Alex!
Thanks Alex. Love the podcast too! Keep the tuts comin'!
You got it!
Really interesting video. I never knew it had all these capabilities
I would love an extremely indepth tutorial from beginning the download to finish product.
We have a getting started video on the channel already. Let us know what that one is missing for you and we’ll see about incorporating that feedback into future content.
i'm sure its me, but i cannot get tail scale to work on my new MacBook pro or my iPhone@@Tailscale
Thanks Too much for your efforts this is the best VPN I used On All Of my devices
Can you use funnel without using code ?
How do I do this within the Home Assistant add-on?
I tried to activate Tailscale SSH on my Synology NAS. I got the message "The Tailscale SSH server does not run on Synology". Isn't Synology NAS a Linux system ???
I think it's because it knows Synology OS already runs its own SSH service. You can access it directly by specifying port 22 on the Tailscale IP.
Yeah same problem here.
Is this possible on Synology NAS?
Does enabling tailscale SSH on the server make any changes on the same tailscale SSH server using NON-tailscale connections (local vlan)? I'm amazed the TS ACLs are applied so seamlessly. I've been using SSH for 3 decades and this set-up looks like magic to me 🧙. I'm assuming default port [22] has to be allowed in the local machine firewall (if enabled) for the tun interface. I'm used to doing all this in the sshd_config, ufw, etc
My access controls doesn't have a "checkPeriod" line, is it safe to add it manually?
Hi there. Thanks for the video. I've been pulling my hair out for the last 3 days trying to connect to my Proxmox Tailscale container through Github Runner and then SSH to other Proxmox VMs and hosts through my Github workflow. I can successfully connect to the Tailscale container, but I cannot connect to other VMs and hosts via SSH. The latest error I'm encountering is "Pseudo-terminal will not be allocated because stdin is not a terminal." I've tried modifying the command with -t, -tt, and -T, but no luck. Also, it would be helpful to know that SSH is disabled by default in Tailscale connections.
I have a machine which is connected to tailscale, it has few applications running in it, when i ssh into the device the tailscale works for the person using the device, as soon as I close my terminal the tailscale goes down to him, what could be the root cause and solution for it
Hi Alex, i was wondering if you could help me please. All my three devices are connect, but when I try to access them, for example from my android phone to my Mac mini version 10.15.7 i do receive a message on my phone: Unable to connect error 0x104. Please could you advise? I am using Tailscale just to connect those machines from abroad. Many thanks.
In my structure... when I go to save it ... says:"Error: action="check" is not supported" 🤔
Are you putting this into the ssh stanza?
Hi Alex,
Pls let me know how I can access my network drive that I attached to glinet router outside of my network
Thank you!!
when trying to run tailscale set --ssh on a mac I get the error :"The Tailscale SSH server does not run in sandboxed Tailscale GUI builds"
Great video. Can you do one with magic dns?
Of course! It’s on the list. :)
I did it in 1 minute. TS is absolutely amazing! But, for some reason, the quick install from .sh did not work. I had to do install TS "manually". And I said "manually" because it is not manually at all. The installation plus config is automatically.
I checked the pricing page on Tailscale and it lists Tailscale SSH in Premium. This means that it isn't available on the free tier, right?
if the node your setting -ssh flag on is already an exit node, does this work ? I'm finding the ssh flag is not set but then, as an exit node and with its routes advertised, I get ssh direct to this anyways, which is also pretty cool
i had tough times wish had known this early
Alex, a wish is for you to do an ACL video. 😊 Fx how to let machine A connect to machine B, but machine B can not connect to machine A.
Noted!
Its not as simple as this when connecting to an AWS ec2 instance. I still havnt been able to accomplish this through tailscale.
Oh my God. Tailscale is like a magic thing. 我喜欢Tailscale❤
Please, add windows support.
Check is now default on Tailscale (2024)
Does this mean it has a 12h default reset?
@@JimBLogic, yes it seems so. I have to authenticate every day. Fast as long as the browser remember that you are signed in.
What is cool is that you can do SFTP over ssh (FileZilla), and this also open a new window for authentication. Then it automatically continues when you sign in.
2:57 ❤
Really good content but who is your audience ? What in the world is "SSH" or "ACL" and on ?
go through in their documentations for that and Oh their audience is mostly software developers
The Tailscale SSH server does not run on Synology.
The Tailscale SSH server is not supported on windows
Big sad face.
I understand nothing of what you said.
Understand command line... but when it come to the ins and outs of this... This is quite disorienting... Where to even begin to understand all this.... so I have questions...
What level of knowledge and which tool-sets would one need to understand this?
Specifically...Which college courses or University level education or TH-cam videos are required to understand what is going on here?...
Tailscale is wonderful for a startup like mine... and I am quite technically proficient... but honestly guys... there is too much esoteric IT lingo involved in this video for an outsider...
... and how many Tailscale users are do-it-yourself amateurs?
...Setting up a secure network on a shoestring budget by myself... this video raises way more out-of-scope questions than I can handle...
You only need to understand what a VPN is to understand this, calm down
@@Gordonfreems I am being sincere... I am an advanced... highly educated user with advanced use-cases to deal with inside my shoestring solo startup... please do not be condescending to me... I know what a VPN is... I have expert level problems to solve here...
@@georgeanthony6767 this is relatively basic networking and very much worth learning, if you have the time. What concepts exactly aren't you familiar with? This is the SSH video, you may as well use traditional ssh-key-setups, you will find many manuals online. Tailscale ssh is nice-to-have, but not required for a secure network, if that's what you mostly want.
There are many great books out there, if you'd read for example »Computer Networking: A Top-Down Approach« by Kurose / Ross you'd learn all you'd need to know and more. It's a big book, but you can skip what you don't feel you need.
> What level of knowledge and which tool-sets would one need to understand this?
Basic networking
> Tailscale is wonderful for a startup like mine... and I am quite technically proficient... but honestly guys... there is too much esoteric IT lingo involved in this video for an outsider...
It's great you have a use-case already, but maybe you don't actually need tailscale right now? What issues are you trying to solve?
> ... and how many Tailscale users are do-it-yourself amateurs?
Many, I would assume. It really is not difficult, don't be discouraged.
> ...Setting up a secure network on a shoestring budget by myself... this video raises way more out-of-scope questions than I can handle...
Like I said, it's not difficult to set up (it is more difficult to understand deeply, but this you may not need). If you have a concrete use-case just go step by step. Also consider using ChatGPT to ask questions along the way.
Would love a video about getting ssl working with caddy as the documentation is somewhat lacking. I am thinking in regards to docker services with a reverse proxy (instead of file server)
Great suggestion!
I assume running tailscale as a docker container breaks this functionality ?
Nope. It will work! The question is.... should you?