What is the issue?
Database GUI tools such as TablePlus and PgAdmin have an option to configure an SSH tunnel to a host. (attached screenshot)
This SSH tunnel feature can be used to connect to a bastion server that forwards the tool's database connection to a database server. (e.g. within an AWS VPC private subnet) In our case, we have Tailscale installed on an Amazon Linux 2023 bastion host, with the Tailscale SSH feature enabled on that host. We have configured our tools to use the SSH tunnel feature and connect to the bastion using its Tailscale IP. The database GUI tool's SSH tunnel feature requires that you provide a password or private SSH key, even though you don't use either since the bastion server is running Tailscale SSH. Again, in our case, we have been able to get around this requirement by supplying the GUI tool a "dummy" private SSH key, and this worked fine until recently.
The issue I am reporting is that the database client's SSH tunnel feature (and I suspect something with respect to how Tailscale SSH is implemented) stopped working after the Tailscale client was updated to v1.80.0 on the Amazon Linux 2023 bastion host.
I have verified that previous versions of the database GUI tools also have this problem, and that the previous version of the Linux Tailscale client (v1.78.1) does NOT have this problem.
Steps to reproduce
To reproduce the issue, you need to make sure you have the following set up:
- Run a database GUI client like TablePlus or PgAdmin, and have it configured to use the tool's SSH tunnel feature, tunneling a database connection through a Linux bastion server.
- The aforementioned Linux bastion server should be running Tailscale client version 1.80.0.
- The aforementioned Linux bastion server should also have Tailscale SSH enabled in the Tailscale admin dashboard.
I have attached SSH debug logs from TablePlus for the following:
- A failed connection attempt using the above set up. (tableplus-failed-log.txt)
- A successful connection attempt connecting to a different Linux bastion host running Tailscale v1.78.1. (tableplus-success-log.txt)
Are there any recent changes that introduced the issue?
Yes, the Tailscale client was updated from v1.78.1 to v1.80.0.
OS
Linux
OS version
Amazon Linux 2023.6.20250128
Tailscale version
1.80.0
Other software
TablePlus v6.2.4 (583)
Bug report
BUG-c7d7cca738d98456089e58329f3a608273c47d68d3178c30c88b8d6f5312e0be-20250205222027Z-b95008cdd87d4f9e
What is the issue?
Database GUI tools such as TablePlus and PgAdmin have an option to configure an SSH tunnel to a host. (attached screenshot)
This SSH tunnel feature can be used to connect to a bastion server that forwards the tool's database connection to a database server. (e.g. within an AWS VPC private subnet) In our case, we have Tailscale installed on an Amazon Linux 2023 bastion host, with the Tailscale SSH feature enabled on that host. We have configured our tools to use the SSH tunnel feature and connect to the bastion using its Tailscale IP. The database GUI tool's SSH tunnel feature requires that you provide a password or private SSH key, even though you don't use either since the bastion server is running Tailscale SSH. Again, in our case, we have been able to get around this requirement by supplying the GUI tool a "dummy" private SSH key, and this worked fine until recently.
The issue I am reporting is that the database client's SSH tunnel feature (and I suspect something with respect to how Tailscale SSH is implemented) stopped working after the Tailscale client was updated to v1.80.0 on the Amazon Linux 2023 bastion host.
I have verified that previous versions of the database GUI tools also have this problem, and that the previous version of the Linux Tailscale client (v1.78.1) does NOT have this problem.
Steps to reproduce
To reproduce the issue, you need to make sure you have the following set up:
I have attached SSH debug logs from TablePlus for the following:
Are there any recent changes that introduced the issue?
Yes, the Tailscale client was updated from v1.78.1 to v1.80.0.
OS
Linux
OS version
Amazon Linux 2023.6.20250128
Tailscale version
1.80.0
Other software
TablePlus v6.2.4 (583)
Bug report
BUG-c7d7cca738d98456089e58329f3a608273c47d68d3178c30c88b8d6f5312e0be-20250205222027Z-b95008cdd87d4f9e