Can't get tailscale ssh working without -t flag

Our tailscale setup has tailscale ssh enabled and also magic dns.
Whenever I try to ssh to servers with tailscale ssh enabled I have to use a command like this:

ssh <hostname> -t <shell>

If I don’t do that I get an permission denied: no shell and the connection closes.
This is not the case when I have tailscale ssh disabled.
On our servers I have a standard shell defined for every user.
Look at SELINUX, sshd, own config. Tried it from different pcs to different servers, but all the same output.
Does anyone have the same issue or knows how to fix this?
Thanks in advance

I got the same message, in my case I set selinux to permissive and it works.

After R&D’ing a bit longer I found a solution.
Setting selinux in permissive mode wasn’t an option, due to security reasons.
It’s basically telling selinux that tailsclae ssh is allowed to use a shell.

Just run this command on your servers/endpoints:

sudo ausearch -c 'login' --raw | audit2allow -M my-login && sudo semodule -i my-login.pp
1 Like