envknob, ipn/ipnlocal: add SSH admin kill switch

Updates #3802 Change-Id: I6127907446d1a6be1b097d9ba3b534f2b8eb707f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-23 03:17:43 +00:00 · 2022-03-23 13:52:29 -07:00
parent 77b4fe0afa
commit d2f3ec8a63
3 changed files with 18 additions and 4 deletions
--- a/envknob/envknob.go
+++ b/envknob/envknob.go
@@ -142,3 +142,10 @@ func LookupInt(envVar string) (v int, ok bool) {
 // UseWIPCode is whether TAILSCALE_USE_WIP_CODE is set to permit use
 // of Work-In-Progress code.
 func UseWIPCode() bool { return Bool("TAILSCALE_USE_WIP_CODE") }
+
+// CanSSHD is whether the Tailscale SSH server is allowed to run.
+//
+// If disabled, the SSH server won't start (won't intercept port 22)
+// if already enabled and any attempt to re-enable it will result in
+// an error.
+func CanSSHD() bool { return !Bool("TS_DISABLE_SSH_SERVER") }