How do I reauth a client properly?

How is this still an issue? I disabled key expiry for a machine today, then I noticed it said it was going to expire in 20 minutes.

Okay, so I guess it’s not going to auto-renew, so I look for a CLI option to renew key, but there is none.

So I naively issue a tailscale up --force-reauth and again, am kicked out of my remote machine. Awesome. Whatever login link I was meant to see, is not really accessible to me.

This is unpleasant, to put it nicely. What am I even supposed to do here to avoid this?

Whenever I am making changes to the Tailscale service I have an alternative remote solution running (Teamviewer, for instance), even if it’s just a temporary one while that work is happening.

I guess I find it hard to believe that I’m not the only one (read: there are paying clients with more serious needs than mine) who wants to manually re-key machines and wants to do it by-hand, even for remote machines. With a bit of alerting too…

If you want to manually rekey machines you can generate a key in the control plane and then use that key to auth.

sudo tailscale up --authkey tskey-abcdef1432341818

This really should be in the docs under the renew keys section if it is the preferred way to manually reauth a remote unit (via tailscale only).

I tested this on a remote windows rdp connection via tailscale using a preauthorized key and was able to reconnect via tailscale without any local input so it does work in this role.

Is there way to re authenticate with without ending up with a new entry in the tailnet? I also recently had a node expire and I temporarily extended the key. I tried running a sudo tailscale up but the node didn’t do any kind of re-authentication. I then ran a tailscale up with a new preauth key, this worked but made a new entry for my node with a ‘-1’ at the end. Any way around this?