Failed to ssh-keyscan to tailscaled dns after tailscale/github-action@main

[slavasab]

We have the following setup:

jobs:
  deploy:
    runs-on: ubuntu-latest
    name: Deploy Staging Website
    steps:
      - name: Setup Tailscale
        uses: tailscale/github-action@main
        with:
          authkey: ${{ secrets.TAILSCALE_AUTHKEY }}

      - name: Add to auth keys
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -t ed25519 $MACHINE >> ~/.ssh/known_hosts
        env:
          MACHINE: app-api-staging

From time to time our job fails on ssh-keyscan -t ed25519 $MACHINE >> ~/.ssh/known_hosts and app-api-staging is a tailscale MagicDNS.

On app-api-staging we see the following logs:
tailscaled[530]: CreateEndpoint error for 100.81..:53254 -> 100.107..:22: connection was refused

Sometimes it works, sometimes it doesn't.

I'd be grateful for any advice.

[evilhamsterman]

I think I've run into something like this myself. I don't think it's your keyscan directly it seems sometime the tailscale client takes upwards of a minute to actually establish connections before it can pass traffic. But the action completed so the next step runs and fails because it can't reach resources.