Allow ssh only via tailscale?

Sorry if this has been asked, but I can’t find it on these forums or via general googling.

I’m using tailscale to ssh to a linux server, and it works great. But I can still ssh via the “old way”, i.e. to the public IP address for the server.

My goal would be to have only http and https reachable on the server, and ssh enabled via tailscale only.

Is this easy to do? Is it an sshd config thing, or a firewall thing, a network thing, or something else? Thanks for any ideas!

hello and welcome to the forum,

yes, i have done that a few times
https://tailscale.com/kb/1077/secure-server-ubuntu-18-04/

as a windoz guy, i fumbled thru that the first time.
need to be careful not to lose control to the remote machine.
might test using a vm or as i do, rent the cheapest virtual machine from hetzner or any such provider.

this could be a very easy way to get ssh only over tailscale
note: the software is beta

1 Like

An solution could be just to set the sshd to listen on the tailscale interface only.
BUT its risky business since then you cannot even connect using the LAN IP, so I would not really recommend this approach, unless you have other ways of controlling the server.