Yeah this is all great feedback, thanks. Makes sense about the env var!
On the second item- this is interesting. I definitely see the reason for asking :) We actually don’t use SSH keys for Tailscale SSH, since the auth is handled within Tailscale (more info at https://tailscale.com/kb/1193/tailscale-ssh#authentication-a...). I’ll think more about this. Do you have a break-glass setup with a normal SSH key for this today?
On the second item- this is interesting. I definitely see the reason for asking :) We actually don’t use SSH keys for Tailscale SSH, since the auth is handled within Tailscale (more info at https://tailscale.com/kb/1193/tailscale-ssh#authentication-a...). I’ll think more about this. Do you have a break-glass setup with a normal SSH key for this today?