headscale icon indicating copy to clipboard operation
headscale copied to clipboard

Published 20 hours ago verified publisher icon juanfont

Preauth keys for different users

Open QZAiXH opened this issue 1 year ago • 13 comments

Bug description I have two preauth keys A and B, and a new client. I first use A to join headscale and this client successfully joins user A. After that I use B on the client and the client does not switch to user B, it is still on A. Is this correct?

QZAiXH avatar Apr 03 '23 09:04 QZAiXH

Furthermore fast account switching with multiple users on the same headscale instance is currently not working (afaict).

I suspect the same reason under the hood, headscale might be using the machine id/key for a more unique identifier than it should be.

I tested:

  • joining via preauth key, subsequent login via preauth key for second user -> no user switch, no second account, just a renegotiation of node key
  • joining via preauth key, subsequent login via OIDC -> oidc fails, in the log i see could not register machine error="machine was previously registered with a different user"
  • joining via OIDC, subsequent login via preauth key -> same as #1. preauth key changes nothing, except for the node key.

ItsShadowCone avatar Apr 07 '23 23:04 ItsShadowCone

You should be able to fast-switch users seamlessly if you do the following after logging in with preauth key A.

tailscale logout
tailscale down

tailscale up --auth-key preauthkey-B ...

I've written an implementation that does exactly this in one of the projects that I am working on.

pallabpain avatar Apr 16 '23 18:04 pallabpain

I tried it today on headscale 0.21.0 and it does not work. tailscale switch --list only shows a single user.

ItsShadowCone avatar Apr 17 '23 17:04 ItsShadowCone

me to

Carseason avatar Apr 28 '23 10:04 Carseason

This issue is stale because it has been open for 180 days with no activity.

github-actions[bot] avatar Oct 26 '23 01:10 github-actions[bot]

i believe it is still relevant however

ItsShadowCone avatar Oct 29 '23 16:10 ItsShadowCone

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Jan 28 '24 01:01 github-actions[bot]

Did anyone test this for v0.23.0?

ItsShadowCone avatar Feb 01 '24 02:02 ItsShadowCone

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar May 02 '24 01:05 github-actions[bot]

Furthermore fast account switching with multiple users on the same headscale instance is currently not working (afaict).

I suspect the same reason under the hood, headscale might be using the machine id/key for a more unique identifier than it should be.

Are you trying to login to the same headscale with the same node twice?

So [node a, login 1] and [node a, login 2] is both in your fast user switching menu and as two nodes in headscale?

Does Tailscale SaaS support this?

kradalby avatar May 05 '24 14:05 kradalby

See my response in #1920

I think the whole point in fast user switching @ tailscale SaaS is same node multiple logins.

ItsShadowCone avatar May 05 '24 15:05 ItsShadowCone

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Aug 04 '24 01:08 github-actions[bot]

Can we confirm that this bug is either still existing or fixed in the latest beta?

ItsShadowCone avatar Aug 06 '24 11:08 ItsShadowCone