Can't get tailscale ssh working without -t flag

Dutch-it-admin · August 26, 2022, 12:21pm

Our tailscale setup has tailscale ssh enabled and also magic dns.
Whenever I try to ssh to servers with tailscale ssh enabled I have to use a command like this:

ssh <hostname> -t <shell>

If I don’t do that I get an permission denied: no shell and the connection closes.
This is not the case when I have tailscale ssh disabled.
On our servers I have a standard shell defined for every user.
Look at SELINUX, sshd, own config. Tried it from different pcs to different servers, but all the same output.
Does anyone have the same issue or knows how to fix this?
Thanks in advance

uselesslogin · September 11, 2022, 5:54pm

I got the same message, in my case I set selinux to permissive and it works.

Dutch-it-admin · September 14, 2022, 2:02pm

After R&D’ing a bit longer I found a solution.
Setting selinux in permissive mode wasn’t an option, due to security reasons.
It’s basically telling selinux that tailsclae ssh is allowed to use a shell.

Just run this command on your servers/endpoints:

sudo ausearch -c 'login' --raw | audit2allow -M my-login && sudo semodule -i my-login.pp

Topic		Replies	Views
Tailscale up --ssh?	2	756	May 10, 2022
Tailscale update / fetch control key not possible due to DNS redirect	2	1566	May 19, 2023
UnRaid / Tailscale / Docker Tailscale About articles (troubleshooting, info)	5	1648	September 13, 2022
Tailscale + Fly + SSL	3	544	June 9, 2023
Ubuntu - SSH works via Tailscale, does not work via LAN IP (?) Linux	6	1307	January 27, 2023

Can't get tailscale ssh working without -t flag

Related Topics