Ts-SSH provides a way to SSH into Tailnet machines from environments where a full Tailscale daemon cannot be installed, such as CI/CD runners or other restricted systems. It leverages Tailscale's tsnet library to create userspace connectivity, offering a standard SSH experience. The project was notably built almost entirely with AI coding tools.
A starter prompt for Claude Code, what you'll need, and how to reach them.
You are a senior Go developer experienced in network programming and security. Your task is to build a command-line tool, `ts-ssh`, that allows SSH access to machines within a Tailnet without requiring the full Tailscale daemon to be installed on the client machine. The core functionality must rely on the `tsnet` Go library for userspace Tailscale connectivity.
Here's the plan:
1. **Project Setup**: Initialize a new Go module. Structure the project for a CLI application, using `cobra` or `urfave/cli` for command-line parsing.
2. **Tailscale Connectivity**: Implement a Go function `connectToTailnet(authKey string)` that uses `tsnet.NewServer` to establish a userspace Tailscale node. It should authenticate using the provided `authKey` (a Tailscale pre-authentication key) and report its Tailscale IP.
3. **SSH Client Integration**: Once the `tsnet` connection is active, use `golang.org/x/crypto/ssh` to create an SSH client that tunnels its traffic through the `tsnet` virtual interface. The SSH client should support:
* Connecting to a remote host by its Tailscale IP or hostname.
* Key-based authentication (loading private keys from standard locations like `~/.ssh/id_rsa`).
* Executing single commands and streaming output.
* Basic terminal emulation for interactive SSH sessions.
4. **File Transfer (SCP-like)**: Add a subcommand for `scp`-like file transfers using the SSH client, allowing files to be pushed to and pulled from remote Tailnet hosts.
5. **Multi-Host Parallel Execution**: Implement a subcommand `ts-ssh exec-parallel [host1] [host2] --command 'ls -al'` that takes multiple Tailnet hostnames/IPs and executes the same command on them concurrently, streaming aggregated output.
6. **Error Handling & User Feedback**: Provide clear error messages for connectivity issues, authentication failures, and SSH command failures. Include verbose logging for debugging.
7. **Build & Verify**: Ensure the application compiles for Linux, macOS, and Windows (AMD64 and ARM64). Create a test script that sets up a temporary Tailnet (e.g., with Docker containers running `tailscaled`) and verifies SSH connectivity, command execution, and file transfer through `ts-ssh`.
Focus on robust error handling and clear user experience for the CLI. Prioritize security best practices for key handling.Reach out to the 'developer' and 'indie operator' communities who use Tailscale for their infrastructure and are actively building tools. Highlight how the operator's AI coding tools (like ai-usage-monitor) are also built with similar principles, demonstrating technical prowess and solving developer-centric problems for automation and CI/CD.
ts-ssh solves a specific problem: accessing machines on your Tailnet from environments where you can't install the full Tailscale daemon (like CI/CD runners or restricted systems). It uses Tailscale's tsnet library to establish userspace connectivity, then provides a standard SSH experience. Works with existing workflows since it supports normal SSH features like ProxyCommand, key auth, and terminal handling. Some features that proved useful: • Parallel command execution across multiple hosts • Built-in tmux session management for multi-host work • SCP-style file transfers • Works on Linux/macOS/Windows (AMD64 and ARM64) The codebase is interesting from a development perspective - it was written almost entirely using AI tools (mainly Claude Code, with some OpenAI and Jules). Not as an experiment, but because it actually worked well for this kind of systems programming. Happy to discuss the workflow if anyone's curious about that aspect. Source and binaries are on GitHub. Would appreciate feedback from anyone dealing with similar connectivity challenges.
Reply in the Hacker News thread to i8code (derekg) and mention the prototype, then open a discussion or issue on their GitHub repo.
“I've explored building a similar daemon-less Tailscale SSH tool and found your approach fascinating, especially with AI coding tools. I've quickly spun up a prototype that demonstrates key authentication and parallel command execution over `tsnet` — I'd be happy to share my learnings or even contribute to your project.”
Open the original ↗