If you live in the 2020, your Linux servers probably have encrypted storage. That means that if you reboot them, you have to provide a password before they can become useful to the world again. The usual way to do this is to include a dropbear SSH daemon in your init ram file system image, and run it before the init
process gets started, so you have a chance to SSH in and provide the key material your encrypted drives need to unlock.
I do that too, but I really dislike the idea of having yet another highly-privileged network service that's written in a memory unsafe language listen on the public internet this early in the boot process. So here's a dropbear alternative: hoopsnake.
Hoopsnake can do the following:
:22
on that tailnet device (so you can reach it, the internet can't!)...and that's mostly it.
Uh, well. I just uploaded it to github. It seems to do a thing in my personal tests, but should you make the bootability of your machines depend on it? I don't advise that yet.
Is it secure? I'm pretty hopeful that I got the auth portion right, and if not - it'll only listen on a network you alone control (the tailnet). Ideally that doesn't have that many threat actors? In any case, reach me on Signal if you need to report a security issue.
A dropbear is an Australian mythical animal that Australians will insist is totally real, I swear to you, please be afraid.
A hoop snake is an Australian mythical animal that Australians will insist is totally real, I swear to you, please be afraid.
To demonstrate how committed I was to the "Australians insisting something is real" bit, check out the git history where this tool started out being named "spidereffer"; let's all be glad that this isn't called that anymore.