Edit two guides for Cloud users #11470
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ptgott
force-pushed
the
paul.gottschling/10634-3
branch
from
ab411ff to
8782e6a
Compare
r0mant
approved these changes
Mar 30, 2022
docs/pages/includes/tctl.mdx
Outdated
Comment on lines
42
to
43
| If you have installed `tctl` as your local user, you will not need to run `tctl` | ||
| commands via `sudo`. |
There was a problem hiding this comment.
Not sure I fully understand what "installed as your local user" means. Maybe remove this sentence?
| <Tabs> | ||
| <TabItem scope={["oss"]} label="Self-Hosted"> | ||
|
|
||
| - A running Teleport cluster, version >= 7.0.0. For details on how to set this up, |
There was a problem hiding this comment.
I'm not sure how this got in here. My best guess is that I copied these tabs from another guide where this was hardcoded and didn't inspect the text carefully enough. I've replaced it with the version variable.
| Server](../getting-started/linux-server.mdx). | ||
|
|
||
| - One host running your favorite Linux environment (such as Ubuntu 20.04, CentOS | ||
| 8.0-1905, or Debian 10). This will serve as a Teleport Server Access Node. |
There was a problem hiding this comment.
Should it be as specific as 8.0-1905? Maybe just say CentOS 8?
|
|
||
| - One host running your favorite Linux environment (such as Ubuntu 20.04, CentOS | ||
| 8.0-1905, or Debian 10). This will serve as a Teleport Server Access Node. | ||
|
|
||
| - Teleport (=teleport.version=) installed locally. |
There was a problem hiding this comment.
Is this referring to client tools like tsh, tctl? Otherwise it seems similar to bullet point number 1.
|
|
||
| ## Step 1/4. Install Teleport | ||
| - A running Teleport cluster, version >= 7.0.0. For details on setting this up, see |
There was a problem hiding this comment.
Same comments here as above.
| ``` | ||
|
|
||
| If you have installed `tctl` as your local user, you will not need to run `tctl` commands via `sudo`. | ||
| </Details> | ||
| Each Teleport Node can be configured to run as an enhanced SSH server. |
There was a problem hiding this comment.
What does "enhanced SSH server" mean?
There was a problem hiding this comment.
I just realized this wording was already used here before, but I think it's confusing. I think that the next sentence "--type=node specifies that ...." already explain what's happening well, maybe remove this one?
| <ScopedBlock scope={["oss", "enterprise"]}> | ||
|
|
||
| ```txt | ||
| Profile URL: https://tele.example.com:443 |
There was a problem hiding this comment.
Feels like indentation is a bit off here (same below)
Suggested change
| Profile URL: https://tele.example.com:443 | |
| > Profile URL: https://tele.example.com:443 |
| - It grants additional privileges to the Teleport Proxy Service. In the default Node Recording mode, the Proxy Service stores no secrets and cannot "see" the decrypted data. This makes a Proxy Server less critical to the security of the overall cluster. But if an attacker gains physical access to a Proxy Server running in Proxy Recording mode, they will be able to see the decrypted traffic and client keys stored in the Proxy Server's process memory. | ||
| - Recording Proxy Mode requires the use of SSH agent forwarding. Agent forwarding is required because without it, a Proxy Server will not be able to establish a second connection to the destination node. | ||
|
|
||
| Teleport proxy should be available to clients and be set up with TLS. |
There was a problem hiding this comment.
Suggested change
| Teleport proxy should be available to clients and be set up with TLS. | |
| Teleport Proxy should be available to clients and be set up with TLS. |
ulysseskan
reviewed
Mar 30, 2022
| This will generate an initial login link where you can create a password and set up two-factor authentication for `tele-admin`. | ||
|
|
||
| <Admonition type="note" title="Note"> | ||
| We've only given `tele-admin` the roles `editor` and `access` according to the *Principle of Least Privilege* (POLP). |
There was a problem hiding this comment.
I would leave out the POLP acronym here and just have it as "Principle of Least Privilege".
ulysseskan
reviewed
Mar 30, 2022
| <ScopedBlock scope={["cloud"]}> | ||
|
|
||
| Once configured, log in to any Node in the `mytenant.teleport.sh` cluster as any | ||
| principal listed in your Teleport profile: |
There was a problem hiding this comment.
Perhaps user, hostname, or user@hostname would be a better word than principal here?
ulysseskan
approved these changes
Mar 30, 2022
zmb3
approved these changes
Mar 31, 2022
(1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks
ptgott
force-pushed
the
paul.gottschling/10634-3
branch
from
8782e6a to
852a25b
Compare
ptgott
force-pushed
the
paul.gottschling/10634-3
branch
from
852a25b to
ab5a4d8
Compare
ptgott
added a commit
that referenced
this pull request
Mar 31, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Mar 31, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Mar 31, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Apr 1, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Apr 1, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Apr 1, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Apr 1, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Apr 1, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
ptgott
added a commit
that referenced
this pull request
Apr 1, 2022
Backports #11470 * Edit two guides for Cloud users (1) Server Access Getting Started While this guide mentions Teleport Cloud throughout, I wanted to make sure that users of one edition wouldn't see scope-irrelevant details. - Add scoped Tabs to the Prerequisites section - Add the scoped "tctl.mdx" Details box - Add ScopedBlocks for minor scope-relevant details like the address of the Proxy Service - Edit the tctl.mdx partial to mention when you would use sudo to run tctl on a local machine, a detail that was added to this guide but could be included in any guide that uses the tctl.mdx partial. Also makes misc. style, grammar, and clarity edits. (2) Edit the OpenSSH guide and spin off a PRM guide - The Recording Proxy Mode instructions don't apply to Cloud users. I didn't want to use a ScopedBlock to hide the relevant H2s, since these still appear within a page's table of contents. Instead, I separated the Recording Proxy Mode instructions into their own guide, and added an edition warning for Cloud users at the top of the guide. I also did some restructuring of the OpenSSH guide to clean it up after separating the Recording Proxy Mode instructions. - Used ScopedBlocks to ensure that only scope-relevant information is shown in the OpenSSH guide. - Misc grammar/style/clarity tweaks * Respond to PR feedback
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(1) Server Access Getting Started
While this guide mentions Teleport Cloud throughout, I wanted to make
sure that users of one edition wouldn't see scope-irrelevant details.
of the Proxy Service
tctl on a local machine, a detail that was added to this guide but
could be included in any guide that uses the tctl.mdx partial.
Also makes misc. style, grammar, and clarity edits.
(2) Edit the OpenSSH guide and spin off a PRM guide
The Recording Proxy Mode instructions don't apply to Cloud users.
I didn't want to use a ScopedBlock to hide the relevant H2s, since
these still appear within a page's table of contents. Instead, I
separated the Recording Proxy Mode instructions into their own guide,
and added an edition warning for Cloud users at the top of the guide.
I also did some restructuring of the OpenSSH guide to clean it up after
separating the Recording Proxy Mode instructions.
Used ScopedBlocks to ensure that only scope-relevant information is
shown in the OpenSSH guide.
Misc grammar/style/clarity tweaks