Disclaimer - I’m pretty new to all this too, so someone will probably describe this in better detail, but here’s my rough explanation:
So for the sake of security, being on talescale is akin to having your devices on the same (virtual) network, not to having publicly facing ports opened. As a result it doesn’t meaningfully increase your attack surface.
If you’re reaching a server via SSH over Tailscale, it’s not the same as if you were using SSH over the open Internet (opening port 22 on your router to the public). Tailscale basically tricks your devices into thinking they’re on the same network, then using TLS (secure tunnel, like other VPN products would use) it allows you to connect to ports that are open on the device.
You may need to open ports on a software firewall if you’re running it (e.g. I use UFW on my Ubuntu server). The only additional attack surface in this case are your Tailscale account credentials, though it’s way less likely someone tries to get in that way than if you had an open port facing the Internet.
Disclaimer - I’m pretty new to all this too, so someone will probably describe this in better detail, but here’s my rough explanation:
So for the sake of security, being on talescale is akin to having your devices on the same (virtual) network, not to having publicly facing ports opened. As a result it doesn’t meaningfully increase your attack surface.
If you’re reaching a server via SSH over Tailscale, it’s not the same as if you were using SSH over the open Internet (opening port 22 on your router to the public). Tailscale basically tricks your devices into thinking they’re on the same network, then using TLS (secure tunnel, like other VPN products would use) it allows you to connect to ports that are open on the device.
You may need to open ports on a software firewall if you’re running it (e.g. I use UFW on my Ubuntu server). The only additional attack surface in this case are your Tailscale account credentials, though it’s way less likely someone tries to get in that way than if you had an open port facing the Internet.