Can't seem to prevent SSH from starting before tailscale initialises

HatAM

New Member
Joined
Jan 9, 2025
Messages
7
Reaction score
2
Credits
79
I've got a headless server that I only want to access on my tailscale VPN.

thus I've changed listenaddress in sshd_config to be my server's tailscale IP.

This all works fine if I do it while I'm already logged in and everything is running.
However, if I reboot then SSH doesn't start.
sudo systemctl status ssh.service returns that it failed to start because it couldn't assign the tailscale IP.

No matter. I add a condition for

[Unit]
After=network-online.target tailscaled.service
Wants=network-online.target

into /etc/systemd/system/ssh.service.d/override.conf

to get the system to wait for tailscale. No dice. Still doesn't work. Still fails because it can't assign the IP address.

Am I missing something? Is there a better way to do this?
 


Look at this. Go through the conversation until you find the entry below. This might help


$ grep -v \# /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.ip_nonlocal_bind = 1
 
You could probably do this with a custom systemd.service file


Maybe create a bash shell script similar to this.

Code:
#!/bin/bash
while ! ip addr show tailscale0 | grep -q "inet "; do
    sleep 1
done
systemctl start ssh

You might have to adjust the sleep slightly.
Create an override service file.

Code:
[Unit]
Description=Wait for Tailscale and start SSH
After=network-online.target tailscaled.service
Wants=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/wait-for-tailscale.sh
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

Adjust the ExecStart path to wherever your bash shell script is.

Enable and start the service

Code:
sudo systemctl enable wait-for-tailscale.service
sudo systemctl start wait-for-tailscale.service

I wouldn't think you need a timer, since the bash script has a sleep. But that might be possible also.
 

Members online


Latest posts

Top