This is a very very experimental Tailscale PAM module that allows you to SSH using your Tailscale credentials. This is a response to tailscale/tailscale#3006.
This code is unaudited, not fully tested and is not known to be secure. This is currently a proof of concept and is not made with the intent to be used yet.
Enjoy this preview into the future of auth.
- Install Rust through your favorite method (most of the time you can probably get away with using rustup).
- On Ubuntu run this command:
sudo apt-get install build-essential git libpam0g-dev. On other distributions you will need to figure this out on your own. - Install
cargo-deb:cargo install cargo-deb.. - Build the debian package:
cargo-deb -p pam_tailscale. - Install it on your target host.
- Enable sshd ChallengeResponseAuthentication with this magic sed command:
sed -i 's/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config. - Reload your sshd config:
systemctl reload sshd. - SSH into your new machine!