diff --git a/cmd/tsconnect/src/app/app.tsx b/cmd/tsconnect/src/app/app.tsx
index b21b1893f..ee538eaea 100644
--- a/cmd/tsconnect/src/app/app.tsx
+++ b/cmd/tsconnect/src/app/app.tsx
@@ -43,8 +43,26 @@ class App extends Component<{}, AppState> {
)
}
+ const lockedOut = netMap?.lockedOut
+ let lockedOutInstructions
+ if (lockedOut) {
+ lockedOutInstructions = (
+
+
This instance of Tailscale Connect needs to be signed, due to
+ {" "}tailnet lock{" "}
+ being enabled on this domain.
+
+
+
+ Run the following command on a device with a trusted tailnet lock key:
+
tailscale lock sign {netMap.self.nodeKey}
+
+
+ )
+ }
+
let ssh
- if (ipn && ipnState === "Running" && netMap) {
+ if (ipn && ipnState === "Running" && netMap && !lockedOut) {
ssh =
{urlDisplay}
{machineAuthInstructions}
+ {lockedOutInstructions}
{ssh}
>
diff --git a/cmd/tsconnect/src/app/ssh.tsx b/cmd/tsconnect/src/app/ssh.tsx
index a15f42b6d..df81745bd 100644
--- a/cmd/tsconnect/src/app/ssh.tsx
+++ b/cmd/tsconnect/src/app/ssh.tsx
@@ -60,11 +60,11 @@ function SSHSession({
function NoSSHPeers() {
return (
- None of your machines have
+ None of your machines have{" "}
Tailscale SSH
- enabled. Give it a try!
+ {" "}enabled. Give it a try!
)
}
diff --git a/cmd/tsconnect/src/types/wasm_js.d.ts b/cmd/tsconnect/src/types/wasm_js.d.ts
index c985b356f..492197ccb 100644
--- a/cmd/tsconnect/src/types/wasm_js.d.ts
+++ b/cmd/tsconnect/src/types/wasm_js.d.ts
@@ -63,6 +63,7 @@ declare global {
type IPNNetMap = {
self: IPNNetMapSelfNode
peers: IPNNetMapPeerNode[]
+ lockedOut: boolean
}
type IPNNetMapNode = {
diff --git a/cmd/tsconnect/wasm/wasm_js.go b/cmd/tsconnect/wasm/wasm_js.go
index 2a27ca421..f1bd1c55d 100644
--- a/cmd/tsconnect/wasm/wasm_js.go
+++ b/cmd/tsconnect/wasm/wasm_js.go
@@ -272,6 +272,7 @@ func (i *jsIPN) run(jsCallbacks js.Value) {
TailscaleSSHEnabled: p.Hostinfo.TailscaleSSHEnabled(),
}
}),
+ LockedOut: nm.TKAEnabled && len(nm.SelfNode.KeySignature) == 0,
}
if jsonNetMap, err := json.Marshal(jsNetMap); err == nil {
jsCallbacks.Call("notifyNetMap", string(jsonNetMap))
@@ -521,8 +522,9 @@ func (w termWriter) Write(p []byte) (n int, err error) {
}
type jsNetMap struct {
- Self jsNetMapSelfNode `json:"self"`
- Peers []jsNetMapPeerNode `json:"peers"`
+ Self jsNetMapSelfNode `json:"self"`
+ Peers []jsNetMapPeerNode `json:"peers"`
+ LockedOut bool `json:"lockedOut"`
}
type jsNetMapNode struct {
diff --git a/flake.nix b/flake.nix
index f5d4ee66c..2da7bb6fd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -108,6 +108,7 @@
graphviz
perl
go_1_20
+ yarn
];
};
};