https://tailscale.com/blog/session-recording-beta/

 

  * Pricing
  * Enterprise
  * Customers
  * Download
  * Blog

  * Docs
  * Log In
  * Try for free

[business-v]
Business VPN

Low latency, and none of your traffic ever touches our servers.

[remote-acc]
Remote access

Low latency, and none of your traffic ever touches our servers.

[networking]
Site-to-site networking

Low latency, and none of your traffic ever touches our servers.

[homelab]
Homelab

Low latency, and none of your traffic ever touches our servers.

 
For teams

Low latency, and none of your traffic ever touches our servers.

[icon-teams]
[shape-team]
 
For businesses

Low latency, and none of your traffic ever touches our servers.

[icon-busin]
[shape-busi]
 
For individuals

Low latency, and none of your traffic ever touches our servers.

[icon-indiv]
[shape-indi]
 
FEATURED
Best practices used by billion-dollar companies
Read guide
[guide]
 
[customer-s]
Customer Stories
 
[blog]
Blog
 
Log In Use Tailscale

  * Pricing
  * Enterprise
  * Docs
  * Download
  * Customers
  * Blog

Announcing session recording for Tailscale SSH in beta

Sam Linville and Jairo Camacho on May 11, 2023
Photo of Sam Linville
Photo of Jairo Camacho

Today, we're launching session recording for Tailscale SSH in beta,
allowing you to record the terminal output whenever someone on your
tailnet initiates a Tailscale SSH connection. You can use these
recordings to detect threats, investigate security incidents, and
remain compliant with your network security policies. Let's talk
about how it works:

When a member of your tailnet initiates a connection over Tailscale
SSH, our client on the server records all of the terminal output in
asciinema format, and streams it to a dedicated recorder node on your
tailnet. Like all traffic in your tailnet, these streams are
encrypted end-to-end, and Tailscale never sees this data.

Dedicated recorder nodes

Instead of streaming your sensitive SSH recordings to our servers, we
created a lightweight recorder that you deploy inside of your
tailnet-- this way, you're always in control of your SSH recording
data. It's built on tsnet, so it can be easily deployed to your
tailnet as a Docker container with just an auth key. You can deploy
multiple recorder nodes in a fallback configuration, and each
recorder can save its data to the file system or store the data in
AWS S3 (or another S3-compatible object storage service like MinIO,
Wasabi, or Google Cloud Storage) for increased resilience.

Privacy by design

When we started designing session recording for Tailscale SSH, we
knew that we wanted to build a tool that let you retain complete
control over these sensitive logs. You don't have to trust us with
this data because we never see it in the first place.

Getting started with session recording

You can learn more about session recording for Tailscale SSH,
including step-by-step instructions for setting up recorder nodes, in
our documentation.

Recorder nodes save SSH session recordings to the Docker host's disk
by default. In this video, we walk through how to set this up on a
Linux virtual machine.

Sam introduces session recording for Tailscale SSH

Using Amazon S3 as a storage backend

Tailscale SSH session recording supports configuring S3 as a storage
backend for increased scalability and resilience. In this video, we
demonstrate how to properly configure an S3 bucket as the storage
target for a session recorder node.

Sam configures Amazon S3 as the storage backend for session recording

Free and Enterprise customers can get started today

Session recording for Tailscale SSH is available in beta on our Free
and Enterprise plans. Any owner, admin, or network admin can set up
session recording. Detailed setup instructions are available in our
documentation.

This feature replaces a legacy version of local SSH session logging
that saves recordings directly to the SSH server's filesystem. We are
deprecating that feature, and anyone using it should migrate to the
new SSH session recording feature. The legacy functionality will
remain active until at least August 1, 2023.

Share via      

- Back to index

Subscribe for monthly updates

Product updates, blog posts, company news, and more.

[                    ]
[                    ]
Subscribe
Too much email? RSS Twitter

  * Learn
  * SSH Keys
  * Docker SSH
  * DevSecOps
  * Multicloud
  * NAT Traversal
  * MagicDNS
  * PAM
  * PoLP
  * All articles

  * USE CASES
  * Enterprise

  * Get Started
  * Overview
  * Pricing
  * Downloads
  * Documentation
  * How It Works
  * Compare Tailscale
  * Customers
  * Integrations
  * Changelog
  * Use Tailscale Free

  * Company
  * Company
  * Newsletter
  * Press Kit
  * Blog
  * Careers
  * Contact Sales
  * Contact Support
  * Community Forum
  * Security
  * Status
  * Twitter
  * GitHub
  * YouTube

  * Help & Contact
  * Contact Sales
  * Contact Support
  * Community Forum
  * Open Source
  * Security
  * Compliance
  * Status
  * Twitter
  * Fediverse
  * GitHub
  * YouTube

 

WireGuard is a registered
trademark of Jason A. Donenfeld.

(c) 2023 Tailscale Inc. All rights reserved.
Tailscale is a registered trademark of Tailscale Inc.

Privacy & Terms