Certificate Authority for SSH and Kubernetes

Managing static SSH keys can lead to increased operational overhead and may lead to security vulnerabilities if not managed correctly.

This is especially true with today's dynamic infrastructure and workforce. Servers and individuals come and go, managing who has access to what can be problematic.

Teleport is a Certificate Authority ("CA") for your infrastructure, offering more secure authentication and authorization based on certificates, not keys. The certificates issued by Teleport are short-lived and include rich RBAC meta-data so that you can implement temporary authorization and role-based access controls ("RBAC").

Teleport extends the benefits of using certificate based auth with the following features:

  • Flexible Expiration Time. Teleport can issue certificates with a configurable expiration time. This allows security administrators to implement policies like single-day access, one time logins or flexible idle connection termination based on a user's group membership.
  • Certificate Rotation. It's a good idea to occasionally rotate your certificates and you definitely want to do this in certains situations, like a breach. Teleport supports certificate rotation without downtime to keep your systems secure.
  • Kubernetes support. Teleport can issue certificates that control not only SSH access but access to Kubernetes clusters as well. This gives Kubernetes users (developers) an easy, single step to authenticate for both SSH and Kubernetes. This also creates a single control plane for security administrators to enforce their organization's security policies.
  • Integration with external identity providers. Teleport integrates with external identity providers, like Okta, ADFS and One Login, through SAML and OIDC so that you have a single source of truth for managing identity. This also enables single sign-on for your employees, so they don't have to log into multiple systems.

Which Teleport offering is right for you?

Teleport is available through the free, open source Community Edition or our Commercial Offerings.

Community Free and Open-Source Edition Pro Enhanced Features and Support Enterprise Enterprise Grade Security, Compliance and Support
Identity-Based Authentication ? CommunityUses local users or Github Pro Enterprise
Multi-cloud Authentication ? Community Pro Enterprise
Kubernetes & SSH integration ? Community Pro Enterprise
Security Audit Logging ? Community Pro Enterprise
Session Recording ? Community Pro Enterprise
Dynamic Permissions ? Community Pro Enterprise
Support for IoT devices ? Community Pro Enterprise
Trust Federation ? Community Pro Enterprise
Multi-factor Authentication ? Community Pro Enterprise
Web-based client ? Community Pro Enterprise
Command line client ? Community Pro Enterprise
Single Sign-On ? CommunityOnly with Github SSO pro enterprise
Role Based Access Controls ? Community pro Enterprise
Support Channels communityGithub Issues and
Community Forum
proEmail and ticket support enterprisePrioritized email, phone and dedicated Slack/IM channel
Support Availability community proBusiness hours (PT) enterprise24/7 with response time guarantees
Backwards Compatibility (LTS) community proSupport for most recent LTS version enterpriseAll LTS versions are supported for 24-months
Regulation Compliance Support community pro enterpriseFedRamp, HIPAA, PCI, SOC2 and others
  Download Community Demo Pro Demo Enterprise

This site uses cookies to improve service. By using this site, you agree to our use of cookies. More info.