Certificate Authority for SSH and Kubernetes
Managing static SSH keys can lead to increased operational overhead and may lead to security vulnerabilities if not managed correctly. This is especially true with today's dynamic infrastructure and workforce. Servers and individuals come and go, managing who has access to what can be problematic.
Teleport is a Certificate Authority ("CA") for your infrastructure, offering more secure authentication and authorization based on certificates, not keys. The certificates issued by Teleport are short-lived and include rich RBAC meta-data so that you can implement temporary authorization and role-based access controls ("RBAC").
Teleport extends the benefits of using certificate based auth with the following features:
Flexible Expiration Time. Teleport can issue certificates with a configurable expiration time. This allows security administrators to implement policies like single-day access, one time logins or flexible idle connection termination based on a user's group membership.
Certificate Rotation. It's a good idea to occasionally rotate your certificates and you definitely want to do this in certains situations, like a breach. Teleport supports certificate rotation without downtime to keep your systems secure.
Kubernetes support. Teleport can issue certificates that control not only SSH access but access to Kubernetes clusters as well. This gives Kubernetes users (developers) an easy, single step to authenticate for both SSH and Kubernetes. This also creates a single control plane for security administrators to enforce their organization's security policies.
Integration with external identity providers. Teleport integrates with external identity providers, like Okta, ADFS and One Login, through SAML and OIDC so that you have a single source of truth for managing identity. This also enables single sign-on for your employees, so they don't have to log into multiple systems.