Skip to content(if available)orjump to list(if available)

Show HN: Ts-SSH – SSH over Tailscale without running the daemon

Show HN: Ts-SSH – SSH over Tailscale without running the daemon

21 comments

·June 20, 2025

ts-ssh solves a specific problem: accessing machines on your Tailnet from environments where you can't install the full Tailscale daemon (like CI/CD runners or restricted systems).

  It uses Tailscale's tsnet library to establish userspace connectivity, then provides
  a standard SSH experience. Works with existing workflows since it supports normal SSH
   features like ProxyCommand, key auth, and terminal handling.

  Some features that proved useful:
  • Parallel command execution across multiple hosts
  • Built-in tmux session management for multi-host work
  • SCP-style file transfers
  • Works on Linux/macOS/Windows (AMD64 and ARM64)

  The codebase is interesting from a development perspective - it was written almost
  entirely using AI tools (mainly Claude Code, with some OpenAI and Jules). Not as an
  experiment, but because it actually worked well for this kind of systems programming.
   Happy to discuss the workflow if anyone's curious about that aspect.

  Source and binaries are on GitHub. Would appreciate feedback from anyone dealing with
   similar connectivity challenges.
Visit

anotherpaulg

Looks very interesting. I was hoping it would solve a problem I’ve had recently:

I want to ssh into a windows box that I only have a normal user account on. So I can’t (and don’t want to) change any admin settings or install anything as admin.

All the obvious approaches hit roadblocks.

Seems like this tool solves the opposite problem: sshing out from a minimally privledged environment.

un1970ix

This is why you don't let Claude handle versioning and the release process. From v0.1.0 to v1.0.0 to v2.0.0, and then suddenly 1.2.0? Semantic versioning isn't quantum mechanics. (Even then, I'll admit it's sometimes hard for me too to decide the right increment when tagging versions. :)

KomoD

> This is why you don't let Claude handle versioning and the release process.

Or anything else without reviewing it.

lol @ the issue in the repo: "module declares its path as: github.com/yourusername/ts-ssh"

ape4

In general, maybe security code (which is what this is) might not be the best place for AI.

ramon156

- 0.0.1 -> improvements

- 0.1.0 -> breaking changes

- 1.0.0 -> overhaul/refactor needed

I know not every case is easy but this is my rule of thumb. I've honestly never needed a major version change

Timon3

That kind of goes counter to semantic versioning, where:

- x.y.Z (patch) -> backward compatible bug fixes

- x.Y.z (minor) -> backward compatible new features

- X.y.z (major) -> breaking changes

But of course it's fine to use whatever versioning scheme you like, as long as you communicate it to your consumers.

https://semver.org/

Edit: updated the version strings for clarity.

zamadatix

Minor note, but since the topic is accurate semvar: rule 4 specifies 0.x.y is a special case where anything may change at any time.

chrisweekly

Using a 3-digit version like semver, while assigning different semantics, is a recipe for confusion if anyone except you ever refers to a package using this "rule of thumb".

null

[deleted]

huslage

I am scared that this is vibe coded and not audited in any way. tsnet is good software, but wrapping it in this way is a recipe for disaster. Please reconsider.

isatty

I agree and had the same thought. Tailscale ssh is good and I was interested in something like this but absolutely not if it’s AI generated garbage.

mystifyingpoi

> I am scared that this is vibe coded

Totally serious question: would you feel better about this piece of software, if you didn't know that it was vibe coded?

Do we need "build without AI" stickers on every piece of software created these days?

cchance

Seems so lol, every new opensource project i see some guys gotta comment "its probably just vibecoded nonsense, screw this project"

Sorry welcome to 2025, almost every app you see is going to have claude or some other AI assisting with it either fully or in part, its just a fact, coding is faster with AI assistance its just a fact.

People gotta stop bitching about AI in opensource and start pointing out what exactly they dislike or found wrong with the project

KomoD

I don't really care if "AI assistance" was used as long a human is actually reviewing the output, which just doesn't seem to be the case here (and usually not the case when it comes to "vibe coding")

eknkc

I feel fine if AI was used to add features to an established software. Let it loose on the linux kernel for what I care. It still somehow feels icky to use it to build something from scratch.

Bender

Somewhat off topic question but I ask this from time to time and maybe now is that time. Has AI started fixing everyone's software bugs and closing out all the CVE's yet?

un1970ix

No one is against using AI or coding with agents unless you don't understand what it's doing and you're incapable of reviewing the output. The problem isn't the tool, it's "coders" who unthinkingly trust it without verification.

KetoManx64

Can you explain what the possible risks are?

null

[deleted]