We've been experimenting a bit with tailscale and ssh access - and I'm not 100% ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

e12e on Jan 14, 2022 | parent | context | favorite | on: SSH Bastion Host Best Practices

We've been experimenting a bit with tailscale and ssh access - and I'm not 100% convinced there's a great way to guarantee continued access - if you bind sshd to the tailscale vpn ip, an update that restarts ssh and tailscale could result in sshd not being able to bind the expected IP - leading to ssh being down. I think this is mostly due to sshd listen directive being somewhat limited.

antb123 on Jan 16, 2022 [–]

I am doing a pilot of the same thing.

so far I am mostly using tailscale + firewall. Using a firewall directly on the host as you mentioned seemed a bit dangerous - although we are trying it on a few servers. For now cloud provider firewall + tailscale.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact