Say goodbye to your legacy VPNMake the switch to Tailscale
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.

SSH but make it Tailscale

No additional hardware to manage. No complicated firewall rules. Tailscale keeps it secure.

SSH but make it Tailscale

SSO and MFA

Use your existing identity provider and multi-factor authentication to protect SSH connections. Protect SSH connections the same way you authorize and protect application access.

Sign in with Tailscale app

Built-in key rotation

Rotate keys with a single command. Tailscale does the key distribution. Each server and user device gets its own node key, used for authenticating and encrypting the Tailscale connection. Follow key management best practices and rotate keys frequently. Node keys can be rotated by re-authenticating the device, as frequently as every day.

Built-in key rotation

Enable SSH Session Recording

Whenever a Tailscale SSH connection is initiated, store terminal output recording in any S3 compatible service or local disk to aid in security investigations, and meet compliance requirements.

Enable SSH Session Recording
Uhh this is sweet! Redirecting SSL authentication to Tailscale to handle it for you eliminates the need to manage PKI at scale, or go through the nightmare of changing keys out when someone leaves. And, EVERYTHING is protected, regardless of where the workload lives. AWESOME!
Liam Keegan, @LiamJKeegan

Connect to, and from, any device

SSH even from your mobile devices, and across OSes. Tailscale SSH works where Tailscale works. Code from an iPad to your Linux workstation, without having to figure out how to get your private SSH key onto it. Answer an on-call emergency from anywhere, which means you can leave your desk now.

Connect to, and from, any device

Access servers without publicly exposing them

Unlike bastion hosts, you don't need to funnel all your traffic through a single, demarcated network entry point. As long as there's a way, Tailscale will find how to connect to your server.

Access servers without publicly exposing them

Reduced latency with point-to-point connections

Connect directly from your device to your server, without having to hairpin through a bastion. Connect wherever you work, without slowing down by routing traffic through head office.

Reduced latency with point-to-point connections
Lock

Authentication and encryption

Authenticate, authorize, and encrypt SSH connections using Tailscale. No need to generate, distribute, and manage SSH keys. Rely on Tailscale to manage access for SSHing to machines in your network.
Key

Use SSH keys unique to your tailnet

Ensure keys aren't reused across different networks. Keys are only for that tailnet - meaning you can ensure developers don't use the same keys for work and personal use.

Manage permissions as code

Define what connections to your devices you want to allow using a standard syntax. Understand your SSH access controls in a centralized configuration file.

Manage permissions as code

Revoke SSH access easily

Revoke access to SSH to a machine almost instantaneously by updating Tailscale ACLs. When an employee offboards, be confident their SSH key won't allow access to critical infrastructure.

Revoke SSH access easily

Add a user or server painlessly

Maintain users and servers in your network without snowballing complexity. When you welcome a new employee, you don't need to touch every machine to update access. When you provision a new server, use ACLs to give the right people access and add it to your team's known hosts.

Add a user or server painlessly

Works with what you're already using

Mac, iOS, Windows, Android or Linux — even your Raspberry Pi. Tailscale works wherever you do.

Mac

Mac

iPhone & iPad

iPhone & iPad

Windows

Windows

Android

Android

Linux

Linux

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
mercury
instacrt
Retool
duolingo
Hugging Face