Say goodbye to your legacy VPNMake the switch to Tailscale
Product
Solutions
Enterprise
Customers
Docs
Blog
Pricing
Download
Get started - it's free!
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
Terms of ServicePrivacy Policy
© 2025 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.

Tailscale SSH

Automated SSH key management

SSH to any device without bastion hosts to manage, public exposure, or high latency.

Get started
Talk to sales
World map with different server types like VPC and on-prem connected.

Trusted by 10,000+ global companies

Key icon

No manual key management

Generate, rotate, distribute and manage SSH keys with a single command. Encrypt all connections by default.

Terminal window

Any device, anywhere

SSH from any device and across operating systems. Answer an on-call emergency from anywhere.

User check icon

SSO + MFA

Keep your existing identity provider (IdP) and multi-factor authentication for streamlined and secure access.

Manual SSH management isn’t secure

Stay secure, save time

Easily manage shell access to any Linux-based infrastructure and reduce the risk of mismanagement that comes with static SSH keys and manual sharing and rotation. Verify user identities against existing identity providers (e.g. Google Workspace or Okta) and manage access via centralized ACLs.

Get started for free
Diagram demonstrating Tailscale SSH
Diagram explaining SSH recording

Quick, compliant authentication

Enable session recordings for audits, and instantly revocable access via ACLs. Keep your existing identity provider and multi-factor authentication to protect SSH connections.

Get a custom demo

Stay secure by default

Image of an ACL file

Keys aren’t reused, access is defined

SSH keys are unique to each network, ensuring keys aren't reused. Define what connections you want to allow using a standard syntax in a centralized configuration file.

Read about Tailscale ACLs
Globe lock icon

Access servers without public exposure

Powered by the WireGuard protocol, all connections are end-to-end encrypted by default.

Point-to-point icon

Reduce latency with point-to-point connections

Connect directly from your device to your server, without needing a bastion. Less hardware to manage, lower latency, and one less point of exposure.

Key icon

Built-in key rotation

Key distribution and rotation with a single command. Each server and user device gets its own node key, used for authentication and encryption.

Pricing that works for everyone

Personal

For individuals who want to securely connect personal devices, for free.

$0per active user/month
Get started free
Starter

For small teams seeking an easy-to-use and quick-to-deploy secure network access solution.

$6per active user/month
Get started free
Premium

For growing teams seeking advanced service/resource-level networking and identity-aware access controls.

$18per active user/month
Get started free
Enterprise

For organizations seeking advanced user and posture management, robust compliance, and dedicated support.

Custom
Contact Sales

Frequently asked questions

Over 9,000 Engineering & IT teams use Tailscale’s networking software to secure their work from anywhere, reduce developer disruption, and protect critical infrastructure. Want to learn more? Read our frequently asked questions, or talk to a member of our team.

Contact sales

Do SSH keys allow multiple sessions?

Yes, SSH keys allow for multiple sessions.

How do you SSH into a Raspberry Pi terminal?

Follow this guide on how to SSH into a Raspberry Pi terminal.