SSH Homelab with Tailscale: Secure Remote Access Without Hassle

SSH Homelab with Tailscale: Secure Remote Access Without Hassle

SSH Homelab with Tailscale: Secure Remote Access Without Hassle

When managing a homelab, SSH is the most essential tool for remote administration. However, exposing SSH to the internet can lead to security risks, requiring complex firewall rules, VPNs, or port forwarding. Enter Tailscale, a simple and secure way to access your homelab from anywhere without exposing ports to the internet.

Why Use Tailscale for SSH in Your Homelab?

  • Zero-config VPN: No need to mess with NAT, port forwarding, or static IPs.
  • End-to-End Encryption: Powered by WireGuard for secure communication.
  • Easy Authentication: Uses OAuth (Google, GitHub, etc.) to manage access.
  • Works Across Devices: Connect your laptop, phone, and VPS securely.
  • Access Your Entire Network: Use subnet routing to reach other devices.

Step-by-Step: SSH into Your Homelab with Tailscale

1️⃣ Install Tailscale on Your Homelab Server

If you are running Debian/Ubuntu, install Tailscale with:

curl -fsSL https://tailscale.com/install.sh | sh

Then start the Tailscale service:

sudo tailscale up

It will provide a URL—open it in your browser and authenticate.

For NixOS, add this to your configuration:

{
  services.tailscale.enable = true;
}

Then run:

sudo nixos-rebuild switch
sudo tailscale up

2️⃣ Install Tailscale on Your Client (Laptop/Phone)

Install Tailscale on the device from which you’ll SSH:

  • Linux/macOS: Use the same installation script as above.
  • Windows: Install from tailscale.com/download.
  • Android/iOS: Download the app from the Play Store/App Store.

Run tailscale up and log in using the same account as your homelab.

3️⃣ Get Your Tailscale IP and SSH

Once both devices are connected, run this on your homelab:

tailscale ip -4

You’ll get an IP like 100.64.x.x. From your laptop, SSH into your homelab:

ssh [email protected]

If you use Tailscale’s built-in MagicDNS, you can SSH using a hostname:

ssh user@homelab

4️⃣ (Optional) Enable Subnet Routing for Full Network Access

If your homelab is running multiple machines, you can access them remotely via Tailscale’s subnet routing.

On your homelab, run:

sudo tailscale up --advertise-routes=192.168.1.0/24

Approve this in the Tailscale admin panel, and now you can SSH into any device on your network.

5️⃣ (Optional) Enable Tailscale’s Built-in SSH

Tailscale provides an SSH proxy feature, eliminating the need to open an SSH port. Enable it on your homelab:

sudo tailscale up --ssh

Now, from any authorized device, simply run:

ssh user@homelab

without even needing SSH keys!

🎯 Conclusion

With Tailscale, SSH access to your homelab is secure, simple, and hassle-free. No more dealing with firewalls, dynamic IPs, or complex VPN setups. Whether you need to manage Proxmox, Kubernetes, or other self-hosted services, Tailscale ensures safe and seamless remote access.

🔹 Bonus Tip: Combine Tailscale with tmux or Mosh for even better remote SSH sessions!