github-actions[bot]
commented
1 month ago This issue is stale because it has been open for 90 days with no activity.
Open almereyda opened 5 months ago
github-actions[bot]
commented
1 month ago This issue is stale because it has been open for 90 days with no activity.
almereyda
commented
1 month ago No stale activity.
dparv
commented
3 weeks ago +1
Why
Tailscale upstream supports SSH check mode.
We would like to use it with Headscale, too.
Description
When defining an Tailscale SSH ACL policy with the
actionset tocheck, an additional authentication against the OIDC endpoint is required, which grants access within an optionalcheckPeriod, defaulting to 12 hours and allowing to be set toalways.References
This is related to, but not identical to:
1303, where a user tried to use
checkmode1623, where upstream reports about the availability of a web check mode in the Tailscale client, currently restricted to the upstream control plane.