Skip to content

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

License

Notifications You must be signed in to change notification settings

ardeche07/teleport

This branch is 14522 commits behind gravitational/teleport:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

1af4230 · Jul 12, 2021
Jul 12, 2021
Jul 12, 2021
May 26, 2021
May 28, 2021
Jun 29, 2021
Jun 7, 2021
Jul 12, 2021
Jun 25, 2021
Jul 12, 2021
Jul 8, 2021
Jul 9, 2021
Jul 12, 2021
Jul 12, 2021
Jun 30, 2021
Jul 7, 2021
May 29, 2020
Jun 22, 2021
Jun 22, 2021
Jun 29, 2021
Apr 15, 2020
Mar 27, 2021
Sep 29, 2020
Mar 19, 2021
May 26, 2021
Nov 25, 2020
Jul 17, 2020
Oct 31, 2015
Jul 8, 2021
Jul 1, 2021
Apr 26, 2021
Jun 16, 2021
Jan 4, 2017
Jun 22, 2021
Jun 22, 2021
Apr 26, 2021
Apr 28, 2021
Jul 8, 2021
Jun 18, 2021

Read our Blog: https://goteleport.com/blog/

Read our Documentation: https://goteleport.com/docs/getting-started/

Table of Contents

  1. Introduction
  2. Installing and Running
  3. Docker
  4. Building Teleport
  5. Why did We Build Teleport?
  6. More Information
  7. Support and Contributing
  8. Is Teleport Secure and Production Ready?
  9. Who Built Teleport?

Introduction

Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, Kubernetes API, MySQL, and PostgreSQL wire protocols.

On the server-side, Teleport is a single binary which enables convenient secure access to behind-NAT resources such as:

Teleport is trivial to set up as a Linux daemon or in a Kubernetes pod. It's rapidly replacing legacy sshd-based setups at organizations who need:

  • Developer convenience of having instant secure access to everything they need across many environments and cloud providers.
  • Audit log with session recording/replay for multiple protocols
  • Easily manage trust between teams, organizations and data centers.
  • Role-based access control (RBAC) and flexible access workflows (one-time access requests)

In addition to its hallmark features, Teleport is interesting for smaller teams because it facilitates easy adoption of the best infrastructure security practices like:

  • No need to manage shared secrets such as SSH keys: Teleport uses certificate-based access with automatic certificate expiration time for all protocols.
  • Two-factor authentication (2FA) for everything.
  • Collaboratively troubleshoot issues through session sharing.
  • Single sign-on (SSO) for everything via Github Auth, OpenID Connect, or SAML with endpoints like Okta or Active Directory.
  • Infrastructure introspection: Use Teleport via the CLI or Web UI to view the status of every SSH node, database instance, Kubernetes cluster, or internal web app.

Teleport is built upon the high-quality Golang SSH implementation. It is fully compatible with OpenSSH, sshd servers, and ssh clients.

Project Links Description
Teleport Website The official website of the project.
Documentation Admin guide, user manual and more.
Demo Video 5-minute video overview of the UI.
Blog Our blog where we publish Teleport news.
Forum Ask us a setup question, post your tutorial, feedback, or idea on our forum.
Slack Need help with your setup? Ping us in our Slack channel.
Cloud-hosted We offer Teleport Pro and Enteprise with a Cloud-hosted option. For teams that require easy and secure access to their computing environments.

Teleport 6.0 - 4:00m Demo Video

Installing and Running

| Follow the Installation Guide

Download the latest binary release, unpack the .tar.gz and run sudo ./install. This will copy Teleport binaries into /usr/local/bin.

Then you can run Teleport as a single-node cluster:

$ sudo teleport start

In a production environment, Teleport must run as root. For testing or non-production environments, run it as the $USER:

chown $USER /var/lib/teleport

  • In this case, you will not be able to log in as another user.

Docker

| Follow the Docker-Compose Getting Started Guide

Deploy Teleport

If you wish to deploy Teleport inside a Docker container:

# This command will pull the Teleport container image for version 6
$ docker pull quay.io/gravitational/teleport:6

View latest tags on Quay.io | gravitational/teleport

For Local Testing and Development

Follow the instructions in the docker/README file.

Building Teleport

The Teleport source code contains the Teleport daemon binary written in Golang and a web UI written in Javascript (a git submodule located in the /webassets directory).

Make sure you have Golang v1.16 or newer, then run:

# get the source & build:
$ git clone https://github.com/gravitational/teleport.git
$ cd teleport
$ make full

# create the default data directory before starting:
$ sudo mkdir -p -m0700 /var/lib/teleport
$ sudo chown $USER /var/lib/teleport

If the build succeeds, the installer places the binaries in the following directory: $GOPATH/src/github.com/gravitational/teleport/build

Important:

  • The Go compiler is somewhat sensitive to the amount of memory: you will need at least 1GB of virtual memory to compile Teleport. A 512MB instance without swap will not work.
  • This will build the latest version of Teleport, regardless of whether it is stable. If you want to build the latest stable release, run git checkout to the corresponding tag (for example, run git checkout v6.0.0) before running make full.

Web UI

The Teleport Web UI resides in the Gravitational Webapps repo.

Rebuilding Web UI for development

To clone this repository and rebuild the Teleport UI package, run the following commands:

$ git clone git@github.com:gravitational/webapps.git
$ cd webapps
$ make build-teleport

Then you can replace Teleport Web UI files with the files from the newly-generated /dist folder.

To enable speedy iterations on the Web UI, you can run a local web-dev server.

You can also tell Teleport to load the Web UI assets from the source directory. To enable this behavior, set the environment variable DEBUG=1 and rebuild with the default target:

# Run Teleport as a single-node cluster in development mode:
$ DEBUG=1 ./build/teleport start -d

Keep the server running in this mode, and make your UI changes in /dist directory. For instructions about how to update the Web UI, read the webapps README file.

Updating Web UI assets

After you commit a change to the webapps repo, you need to update the Web UI assets in the webassets/ git submodule.

Run make update-webassets to update the webassets repo and create a PR for teleport to update its git submodule.

You will need to have the gh utility installed on your system for the script to work. For installation instructions, read the GitHub CLI installation documentation.

Updating Documentation

TL;DR version:

make docs
make run-docs

For more details, read the docs/README file.

Managing dependencies

All dependencies are managed using Go modules. Here are the instructions for some common tasks:

Add a new dependency

Latest version:

go get github.com/new/dependency

Update the source to use this dependency, then run:

make update-vendor

Specific version:

go get github.com/new/dependency@version

Update the source to use this dependency, then run:

make update-vendor

Set dependency to a specific version

go get github.com/new/dependency@version
make update-vendor

Update dependency to the latest version

go get -u github.com/new/dependency
make update-vendor

Update all dependencies

go get -u all
make update-vendor

Debugging dependencies

Why is a specific package imported?

go mod why $pkgname

Why is a specific module imported?

go mod why -m $modname

Why is a specific version of a module imported?

go mod graph | grep $modname

Why did We Build Teleport?

The Teleport creators used to work together at Rackspace. We noticed that most cloud computing users struggle with setting up and configuring infrastructure security because popular tools, while flexible, are complex to understand and expensive to maintain. Additionally, most organizations use multiple infrastructure form factors such as several cloud providers, multiple cloud accounts, servers in colocation, and even smart devices. Some of those devices run on untrusted networks, behind third-party firewalls. This only magnifies complexity and increases operational overhead.

We had a choice, either start a security consulting business or build a solution that's dead-easy to use and understand. A real-time representation of all of your servers in the same room as you, as if they were magically teleported. Thus, Teleport was born!

More Information

Support and Contributing

We offer a few different options for support. First of all, we try to provide clear and comprehensive documentation. The docs are also in Github, so feel free to create a PR or file an issue if you have ideas for improvements. If you still have questions after reviewing our docs, you can also:

  • Join Teleport Discussions to ask questions. Our engineers are available there to help you.
  • If you want to contribute to Teleport or file a bug report/issue, you can create an issue here in Github.
  • If you are interested in Teleport Enterprise or more responsive support during a POC, we can also create a dedicated Slack channel for you during your POC. You can reach out to us through our website to arrange for a POC.

Is Teleport Secure and Production Ready?

Teleport has completed several security audits from the nationally recognized technology security companies. Some of them have been made public. We are comfortable with the use of Teleport from a security perspective.

You can see the list of companies who use Teleport in production on the Teleport product page.

However, Teleport is still a relatively young product, so you may experience usability issues. We actively support Teleport and address any issues that users submit to this repo. Ask questions, send pull requests, report issues, and don't be shy! :)

You can find the latest stable Teleport build on our Releases page.

Who Built Teleport?

Teleport was created by Gravitational Inc. We have built Teleport by borrowing from our previous experiences at Rackspace. It has been extracted from Gravity, our Kubernetes distribution optimized for deploying and remotely controlling complex applications into multiple environments at the same time:

  • Multiple cloud regions
  • Colocation
  • Private enterprise clouds located behind firewalls

About

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 72.3%
  • C 26.0%
  • Shell 1.1%
  • Makefile 0.5%
  • Dockerfile 0.1%
  • Python 0.0%