You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+8-1Lines changed: 8 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,7 +29,14 @@
29
29
- Fix OIDC registration issues [#960](https://github.com/juanfont/headscale/pull/960) and [#971](https://github.com/juanfont/headscale/pull/971)
30
30
- Add support for specifying NextDNS DNS-over-HTTPS resolver [#940](https://github.com/juanfont/headscale/pull/940)
31
31
- Make more sslmode available for postgresql connection [#927](https://github.com/juanfont/headscale/pull/927)
32
-
- Add support for [SSH ACL](https://tailscale.com/kb/1018/acls/#tailscale-ssh) blocks [#847](https://github.com/juanfont/headscale/pull/847)
32
+
- Add experimental support for [SSH ACL](https://tailscale.com/kb/1018/acls/#tailscale-ssh) (see docs for limitations) [#847](https://github.com/juanfont/headscale/pull/847)
33
+
- Please note that this support should be considered _partially_ implemented
34
+
- SSH ACLs status:
35
+
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
36
+
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_`ssh` connections **will be allowed**.
37
+
- If you decied to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
38
+
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
39
+
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
0 commit comments