Tailscale has released Tailscale SSH to beta, which makes authentication and authorization trustworthy and effortless by replacing SSH keys with the Tailscale identity of any machine. With Tailscale, each server and user device gets its own identity and node key for authenticating and encrypting the Tailscale network connection, and uses access control lists defined in code for authorizing connections, making it a natural extension for Tailscale to now manage access for SSH connections in your network.
“SSH is an everyday tool for developers, but managing SSH keys for a server isn’t so simple or secure, SSH keys are difficult to protect and time consuming to manage. Protecting your network connections with SSH keys requires that admins spend significant resources managing, provisioning, or deprovisioning user access. Tailscale SSH removes the pain from SSH key management with the same powerful simplicity Tailscale offers for virtual private networks.”
Tailscale Product Manager Maya Kaczorowski
Kris Nóva, Senior Principal Engineer and published distributed systems expert used Tailscale to create a private network between her homelab in New York and a datacenter in Iceland: “Tailscale is seriously the best user experience of my life. I ran a Kubernetes 1.24 cluster on Tailscale with eBPF CNI networking on top of a tailnet, which connects my private subnet at home, across the Arctic ocean to a private subnet in a volcano-powered datacenter in Iceland. It blew my mind how easy and powerful it was to use. I’m excited to use their new SSH feature.”
With Tailscale SSH, users can now securely code from their iPad running Tailscale, across operating systems to a Linux workstation, without having to figure out how to get their SSH private key onto their iPad. Enterprise Tailscale customers will reduce churn and resources on SSH key management or bastion jump boxes, and avoid risk of exposing memory unsafe servers to the open internet. The beta release gives all users:
Authentication and encryption: Authenticate, authorize, and encrypt SSH connections using Tailscale. No need to generate, distribute, and manage SSH keys.
SSO and MFA: Use existing identity providers and multi-factor authentication to protect SSH connections the same way you authorize and protect application access.
Built-in key rotation: Tailscale makes it simple to rotate keys with a single command and manages key distribution. Node keys can be rotated by re-authenticating the device, as frequently as every day.
Re-verify SSH connections: Tailscale works with existing identity providers and re-verifies before SSH connections are established, and gives users the option to re-authenticate when establishing high-risk SSH connections.
Revoke SSH access easily: When an employee offboards, Tailscale allows admins to revoke access to SSH to a machine almost instantaneously with Tailscale ACLs.
Manage permissions as code: Define connections to devices using a standard syntax and understand SSH access controls in a centralized configuration file.
Reduced latency with point-to-point connections: Connect directly from a device to a server, without having to hairpin through a bastion. Developers can connect wherever they work, without slowing them down by routing their traffic through the main office.
Add a user or server painlessly: Maintain users and servers in a network without adding complexity. Tailscale ACLs to give the right people access and add it to a team's known hosts.
Tailscale makes network security accessible to teams of any scale and gives developers and DevOps teams the ability to connect to resources easily and securely in the cloud, on-premises, and everywhere in between. Tailscale uses the WireGuard® protocol, the open source, opinionated standard for secure connectivity. It is set up and configured in a matter of minutes on average, while other VPN solutions take weeks to fully implement and several hours a week to maintain.
Tailscale builds software that makes it easy to interconnect and secure devices, no matter where they are. Every day, banks and multinational companies use Tailscale to protect their corporate networks. Homelabs and start-ups trust Tailscale to collaborate and share access to tooling. We're building a future for the Internet that's easy, small and safe, like it used to be. Founded in 2019 and fully distributed, we’re backed by Accel, CRV, Heavybit, Insight Partners, and Uncork Capital.