How Teleport Works

Implement zero trust security for cloud applications and infrastructure, meet compliance requirements, and have complete visibility into access and behavior.

Talk to Sales Download Teleport

What is Teleport

Teleport is a modern security gateway for remotely accessing:

  • Clusters of Linux servers via SSH or SSH-over-HTTPS in a browser.
  • Kubernetes clusters.

Teleport is intended to be used in place of, or together with, sshd for organizations who need:

  • SSH audit with session recording/replay.
  • Kubernetes API Access with audit and kubectl exec recording/replay.
  • Easily manage trust between teams, organizations and data centers.
  • Have SSH or Kubernetes access to behind-firewall clusters without any open ports.
  • Role-based access control (RBAC) for SSH protocol.
  • Unified RBAC for SSH and Kubernetes.

In addition to its hallmark features, Teleport is interesting for smaller teams because it facilitates easy adoption of the best infrastructure security practices like:

  • No need to distribute keys: Teleport uses certificate-based access with automatic certificate expiration time.
  • 2nd factor authentication (2FA) for SSH and Kubernetes.
  • Collaboratively troubleshoot issues through session sharing.
  • Single sign-on (SSO) for SSH/Kubernetes and your organization identities via Github Auth, OpenID Connect or SAML with endpoints like Okta or Active Directory.
  • Cluster introspection: every SSH node and its status can be queried via CLI and Web UI.

Teleport is built on top of the high-quality Golang SSH implementation and it is fully compatible with OpenSSH and can be used with sshd servers and ssh clients. The Teleport Community Edition is open sourced and available on Github with an Apache 2.0 license.

Project Links Description
Documentation Admin guide, user manual and more
Github Repo Apache 2.0 license
Security Updates Teleport Community Edition Security Updates
Community Forum Teleport Community Forum
Teleconsole The free service to “invite” SSH clients behind NAT, built on top of Teleport
Teleport Enterprise Website The website for the enterprise offering of Teleport
Blog Our blog where we publish Teleport news among other items.

Installing and Running

Download the latest binary release, unpack the .tar.gz and run sudo ./install. This will copy Teleport binaries into /usr/local/bin.

Then you can run Teleport as a single-node cluster:

$ sudo teleport start 

In a production environment Teleport must run as root. But to play, just do chown $USER /var/lib/teleport and run it under $USER, in this case you will not be able to login as someone else though.

If you wish to deploy Teleport inside a Docker container:

# This command will pull the Teleport container image for version 4.2.0
# Replace 4.2.0 with the version you need:
$ docker pull quay.io/gravitational/teleport:4.2.0

Building Teleport

Teleport source code consists of the actual Teleport daemon binary written in Golang, and also it has a web UI (located in /web directory) written in Javascript. The WebUI is not changed often and we keep it checked into Git under /dist, so you only need to build Golang:

Make sure you have Golang v1.13 or newer, then run:

# get the source & build:
$ mkdir -p $GOPATH/src/github.com/gravitational
$ cd $GOPATH/src/github.com/gravitational
$ git clone https://github.com/gravitational/teleport.git
$ cd teleport
$ make full

# create the default data directory before starting:
$ sudo mkdir -p /var/lib/teleport
$ sudo chown $USER /var/lib/teleport

If the build succeds the binaries will be placed in $GOPATH/src/github.com/gravitational/teleport/build

NOTE: The Go compiler is somewhat sensitive to amount of memory: you will need at least 1GB of virtual memory to compile Teleport. 512MB instance without swap will not work.

NOTE: This will build the latest version of Teleport, regardless of whether it is stable. If you want to build the latest stable release, git checkout to that tag (e.g. git checkout v4.2.0) before running make full.

Rebuilding Web UI

To enable speedy iterations on the Web UI, teleport can load the web UI assets from the source directory. To enable this behavior, set the environment variable DEBUG=1 and rebuild with the default target:

$ make

# Run Teleport as a single-node cluster in development mode: 
$ DEBUG=1 ./build/teleport start -d

Keep the server running in this mode, and make your UI changes in /dist directory.

Why did We Build Teleport?

The Teleport creators used to work together at Rackspace. We noticed that most cloud computing users struggle with setting up and configuring cloud application and infrastructure security because popular tools, while flexible, are complex to understand and expensive to maintain. Additionally, most organizations use multiple infrastructure form factors such as several cloud providers, multiple cloud accounts, servers in colocation, and even smart devices. Some of those devices run on untrusted networks, behind third party firewalls. This only magnifies complexity and increases operational overhead.

We had a choice, either to start a security consulting business or build a solution that’s dead-easy to use and understand, something that creates an illusion of all of your servers and internal apps running in the same room as you as if they were magically teleported there, with all industry best practices for security an compliance properly implemented and maintained…

And Teleport was born!

More Information

Contributing

The best way to contribute is to create issues or pull requests on Github. You can also reach us through our website contact form or visit our Community Forum.

Is Teleport Secure and Production Ready?

Teleport has completed several security audits from the nationally recognized technology security companies. Some of them have been made public. We are comfortable with the use of Teleport from a security perspective.

You can see some of companies who use Teleport in production on the Teleport product page.

We are actively supporting Teleport and addressing any issues that are submitted to its repo. Ask questions, send pull requests, report issues and don’t be shy! :)

The latest stable Teleport build and previous releases can be found in the Download section.

Which Teleport offering is right for you?

Teleport is available through our commercial Enterprise offering or the Community open source software.

Teleport Enterprise

Teleport Enterprise is built around the open-source core to secure critical production infrastructure and meet compliance and audit requirements.

Demo Teleport Enterprise

Teleport Community

Teleport Community provides modern SSH best practices out of the box for managing elastic infrastructure. Open-source software anyone can use for free.

Download Teleport Community

Trusted by Leading Organizations

Some of the largest companies in the world use Gravitational solutions.

image/svg+xml
image/svg+xml

This site uses cookies to improve service. By using this site, you agree to our use of cookies. More info.