Tailscale SSH alternative for OpenZiti

Tetrov · December 29, 2024, 4:12pm

I would like to achieve this:
https://tailscale.com/kb/1193/tailscale-ssh

SSH as normal, using Tailscale for authentication. With Tailscale SSH, Tailscale takes over port 22 for SSH connections incoming from the Tailscale network. Tailscale will authenticate and encrypt the connection over WireGuard, using Tailscale node keys. The SSH client and server will still create an encrypted SSH connection, but it will not be further authenticated.
Verify high-risk connections with check mode. Optionally require certain connections, or connections as certain users (for example, root), to re-authenticate before connecting. This allows the user to access these high-risk applications for the next 12 hours or for a specified check period before re-authenticating again.

I know there is "zssh" but my clients are only able to use standard SSH (OpenSSH) client. How can I avoid private/public key authentication and only use OpenZiti auth?

TheLumberjack · December 31, 2024, 5:50am

Hi @Tetrov, at this time, OpenZiti doesn't have this precise feature. Even with zssh, you still present an openssh key.

We've talked about enabling some sort of feature like this, but we have limited resources and have not made this feature a priority yet. It's something we think would be neat and useful, but it's not a priority for us at this time.

Topic		Replies	Views
Why implement a zitified ssh Ziti Overlay	9	191	November 29, 2022
Ziti Routing Question General Questions	15	478	September 29, 2023
How does SSL work in OpenZiti network? Building/Development	8	194	June 21, 2024
Documentation SSH Access with OpenZiti	31	270	December 31, 2024
Ziti for the Win! - first service with no handholding (sort of)	5	162	August 17, 2023

Tailscale SSH alternative for OpenZiti

Related topics