Open almereyda opened 5 months ago
Tailscale upstream supports SSH check mode.
We would like to use it with Headscale, too.
When defining an Tailscale SSH ACL policy with the action set to check, an additional authentication against the OIDC endpoint is required, which grants access within an optional checkPeriod, defaulting to 12 hours and allowing to be set to always.
action
check
checkPeriod
always
This is related to, but not identical to:
This issue is stale because it has been open for 90 days with no activity.
No stale activity.
+1
Why
Tailscale upstream supports SSH check mode.
We would like to use it with Headscale, too.
Description
When defining an Tailscale SSH ACL policy with the
action
set tocheck
, an additional authentication against the OIDC endpoint is required, which grants access within an optionalcheckPeriod
, defaulting to 12 hours and allowing to be set toalways
.References
This is related to, but not identical to:
1303, where a user tried to use
check
mode1623, where upstream reports about the availability of a web check mode in the Tailscale client, currently restricted to the upstream control plane.