Certificate Authority for SSH and Kubernetes
Managing static SSH keys can lead to increased operational overhead and may lead to security vulnerabilities if not managed correctly.
This is especially true with today's dynamic infrastructure and workforce. Servers and individuals come and go, managing who has access to what can be problematic.
Teleport is a Certificate Authority ("CA") for your infrastructure,
offering more secure authentication and authorization based on
certificates, not keys.
The certificates issued by Teleport are short-lived and include rich RBAC meta-data
so that you can implement temporary authorization and role-based access controls ("RBAC").
Teleport extends the benefits of using certificate based auth with the following features:
Flexible Expiration Time. Teleport can issue
certificates with a configurable expiration time. This allows security
administrators to implement policies like single-day access, one time
logins or flexible idle connection termination based on a user's group
Certificate Rotation. It's a good idea to occasionally rotate your certificates and you definitely
want to do this in certains situations, like a breach. Teleport
rotation without downtime to keep your systems secure.
Kubernetes support. Teleport can issue certificates
that control not only SSH access but access to Kubernetes clusters as
well. This gives Kubernetes users (developers) an easy, single step to
authenticate for both SSH and Kubernetes. This also creates a single
control plane for security administrators to enforce their organization's security policies.
Integration with external identity providers. Teleport integrates with external identity providers, like Okta, ADFS and One Login, through SAML and OIDC so that you have a single source of truth for managing identity. This also enables single sign-on for your employees, so they don't have to log into multiple systems.