Automated deployment toolkit for standing up a Tailscale mesh VPN with SSH key authentication and AnyDesk remote desktop across Linux and Windows machines.
- Multi-distro Linux support - Ubuntu, Debian, Kali, Fedora, RHEL, CentOS, Rocky, AlmaLinux, Arch, Manjaro
- Windows 10/11 - PowerShell-based setup with silent installation
- SSH key management - ED25519 key generation, server hardening, and automated distribution
- AnyDesk integration - Unattended remote desktop with password authentication
- Master control script - Interactive menu with device inventory, health checks, documentation generation, and backup/restore
- Secure by default - Auth keys validated, auto-deleted after use, never exposed in process lists
- Flexible auth - Key file,
TS_AUTHKEYenvironment variable, or explicit--key-fileflag - One-command deployment - Package scripts into a tarball and bootstrap remote machines
Generate a reusable, pre-authorized auth key at Tailscale Admin Console.
Option A - Key file (auto-deleted after use):
# Linux
echo "tskey-auth-YOUR-KEY-HERE" > linux_setup/key.txt
# Windows (PowerShell)
"tskey-auth-YOUR-KEY-HERE" | Out-File -Encoding ASCII windows_setup\key.txtOption B - Environment variable (nothing on disk):
# Linux
export TS_AUTHKEY="tskey-auth-YOUR-KEY-HERE"
sudo -E ./tailscale-setup-linux.sh
# Windows (PowerShell)
$env:TS_AUTHKEY = "tskey-auth-YOUR-KEY-HERE"
.\tailscale-setup-windows.ps1Auth key priority:
--key-fileflag >TS_AUTHKEYenv var >key.txtin script directory.
Linux (recommended - interactive menu):
cd linux_setup && chmod +x *.sh
sudo ./tailscale-master-setup.shWindows (Administrator PowerShell):
cd windows_setup
PowerShell.exe -ExecutionPolicy Bypass -File .\tailscale-setup-windows.ps1tailscale_setup/
├── package.sh # Package scripts into distributable archive
├── linux_setup/
│ ├── lib.sh # Shared library (colors, logging, helpers)
│ ├── tailscale-master-setup.sh # Main menu — orchestrates everything
│ ├── tailscale-setup-linux.sh # Tailscale VPN install/uninstall
│ ├── tailscale-ssh-setup.sh # SSH key generation and distribution
│ ├── tailscale-anydesk-setup.sh # AnyDesk install/configure
│ ├── bootstrap.sh # Quick deploy helper (non-interactive)
│ └── key.txt # Auth key file (user-provided, gitignored)
├── windows_setup/
│ ├── tailscale-setup-windows.ps1 # Tailscale VPN for Windows
│ ├── tailscale-ssh-setup-windows.ps1 # OpenSSH Server setup for Windows
│ ├── tailscale-anydesk-setup-windows.ps1 # AnyDesk for Windows
│ └── key.txt # Auth key file (user-provided, gitignored)
└── Documents/
├── START-HERE.md # Detailed walkthrough
└── Tailscale-Setup-Guide.docx # Printable guide
# Tailscale
sudo ./tailscale-setup-linux.sh # Install & connect
sudo ./tailscale-setup-linux.sh --key-file /path/to/key.txt
sudo ./tailscale-setup-linux.sh --uninstall
sudo ./tailscale-setup-linux.sh --help
# SSH
sudo ./tailscale-ssh-setup.sh --server # Configure SSH on remote machines
sudo ./tailscale-ssh-setup.sh --client # Generate keys on control machine
sudo ./tailscale-ssh-setup.sh --distribute # Push keys to remote machines
sudo ./tailscale-ssh-setup.sh --remove
# AnyDesk
sudo ./tailscale-anydesk-setup.sh --full-setup
sudo ./tailscale-anydesk-setup.sh --uninstall| Option | Description |
|---|---|
| 1 | Quick Setup (Tailscale + SSH + AnyDesk) |
| 2 | Tailscale only |
| 3 | SSH key setup |
| 4 | AnyDesk setup |
| 5 | View device inventory |
| 6 | Generate documentation (PDF, HTML, Markdown, Text) |
| 7 | Health check |
| 8 | Uninstall services |
| 9 | Advanced (backup, restore, logs, QR export) |
Run PowerShell as Administrator:
# Tailscale
PowerShell.exe -ExecutionPolicy Bypass -File .\tailscale-setup-windows.ps1
PowerShell.exe -ExecutionPolicy Bypass -File .\tailscale-setup-windows.ps1 -Uninstall
PowerShell.exe -ExecutionPolicy Bypass -File .\tailscale-setup-windows.ps1 -KeyFile .\key.txt
PowerShell.exe -ExecutionPolicy Bypass -File .\tailscale-setup-windows.ps1 -Help
# SSH Server (OpenSSH)
.\tailscale-ssh-setup-windows.ps1
.\tailscale-ssh-setup-windows.ps1 -AuthorizedKeyFile .\id_ed25519.pub
# AnyDesk
.\tailscale-anydesk-setup-windows.ps1 -FullSetup
.\tailscale-anydesk-setup-windows.ps1 -UninstallPackage and deploy to remote machines in one shot:
./package.sh
scp tailscale-setup.tar.gz user@host:~/
ssh user@host 'tar xzf tailscale-setup.tar.gz && cd linux_setup && sudo ./bootstrap.sh'
# Use --role to set control machine:
sudo ./bootstrap.sh --role control- Generate a reusable, pre-authorized auth key in the Tailscale admin console
- On each remote machine (client): run quick setup and choose "Client Machine"
- On your main machine (control): run quick setup and choose "Control Machine", then distribute SSH keys
- Connect via
ssh user@<tailscale-ip>or AnyDesk ID
- Auth keys are validated (
tskey-auth-prefix check) before use - Key files are
chmod 600before reading and securely shredded after successful connection - Auth keys are passed to Tailscale via environment variable, never as CLI arguments visible in
ps key.txtfiles are gitignored to prevent accidental commits- SSH uses ED25519 key-based authentication with password login disabled
- All traffic is encrypted end-to-end via Tailscale (WireGuard)
- No ports are exposed to the public internet
| Platform | Log Files |
|---|---|
| Linux | /var/log/tailscale-setup.log, /var/log/tailscale-master-setup.log, /var/log/tailscale-ssh-setup.log, /var/log/tailscale-anydesk-setup.log |
| Windows | C:\ProgramData\tailscale-setup.log, C:\ProgramData\tailscale-ssh-setup.log, C:\ProgramData\tailscale-anydesk-setup.log |
| Linux | Windows | |
|---|---|---|
| OS | Ubuntu, Debian, Kali, Fedora, RHEL, CentOS, Rocky, AlmaLinux, Arch, Manjaro | Windows 10+ |
| Access | Root / sudo | Administrator PowerShell |
| Network | Internet connection | Internet connection |
| Optional | pandoc + texlive-xetex (PDF generation) |
- |
