Teleport is an open-source tool for providing zero trust access to servers and cloud applications using

SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a ...

, Kubernetes and HTTPS. It can eliminate the need for

VPNs A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...

by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy. Teleport started as an open source library used by the Gravity project to enable secure software deployments into restricted and regulated environments. Teleport was open sourced as a standalone tool by Gravitational Inc. in 2016. It is currently deployed in production by

Samsung The Samsung Group (or simply Samsung) ( ko, 삼성 ) is a South Korean multinational manufacturing conglomerate headquartered in Samsung Town, Seoul, South Korea. It comprises numerous affiliated businesses, most of them united under the ...

NASDAQ The Nasdaq Stock Market () (National Association of Securities Dealers Automated Quotations Stock Market) is an American stock exchange based in New York City. It is the most active stock trading venue in the US by volume, and ranked second ...

, IBM, Ticketmaster,

Epic Games Epic Games, Inc. is an American video game and software developer and publisher based in Cary, North Carolina. The company was founded by Tim Sweeney as Potomac Computer Systems in 1991, originally located in his parents' house in Potomac, M ...

and others. It has been publicly audited by technology security companies like Cure 53 and Doyensec. Alternatives to Teleport include a

bastion host A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks, so named by analogy to the military fortification. The computer generally hosts a single application or process, for example, a p ...

and strongDM.

History

Teleport was built by Gravitational Inc, a company that specializes in Kubernetes-based application deployment and compliance. The security gateway protocol that became Teleport originated within a remote application management platform also built by Gravitational, called Gravity. Gravitational was a member of the 2015 Y Combinator cohort, and Teleport was originally released in June 2016. Teleport 3.0 was released in October 2018 and introduced Kubernetes integration. Version 4.0 was released in 2019 and included support for IoT infrastructure and products. The open-source version of Teleport is known as Teleport Community and is available for download on GitHub. Gravitational Inc also offers a commercial version of Teleport (Teleport Enterprise) that includes features like role-based access control (RBAC).

Features

Teleport provides the following features, as detailed on

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous ...

Access Proxy

Teleport proxy provides SSH and HTTPs access to servers, applications, and Kubernetes clusters across multiple data centers, cloud providers, and edge devices. Teleport proxy is identity-aware, i.e. it only allows certificate-based authentication by integrating with an identity manager such as GitHub, Google Apps, Okta or Active Directory, and others.

Audit Log

Teleport collects system events across all servers it is installed on and stores them in an audit log for compliance purposes. Auditable events include authentication attempts, file transfers, network connections, and file system changes made during an SSH session. The audit log can be stored on an encrypted file system, in Amazon DynamoDB and other cloud data stores.

Session Recording

Teleport records interactive user sessions for SSH and Kubernetes protocols and stores them in the audit log. Stored sessions can be replayed via a built-in session player.

IoT Access

Servers running Teleport can be accessed by clients regardless of their physical location, even when they are using a cellular connection.

Dynamic Authorization

Teleport users can request a one-time elevation of permissions to complete a privileged task. Such requests can be approved or denied via chat ops tools such as Slack, Mattermost, or a custom workflow, implemented via Teleport API.

Web UI

Teleport Proxy offers a web-based client for configuration, accessing servers via SSH and Kubernetes and for accessing the audit log. Teleport requires at least 1GB of virtual memory to be built and compiled.

Architecture

Teleport is written in Go programming language, and runs on

UNIX Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...

-compatible operating systems, including Linux,

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

, and several

BSD The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...

variants. Teleport consists of two

executable In computing, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instruction (computer science), instructi ...

s: tsh (command line client) and teleport (server daemon). The teleport server daemon can run in the following modes: * Node. In this mode, the daemon is providing SSH and Kubernetes access to the server it is running on. * Proxy. In this mode, the daemon is acting as an identity-aware proxy for all protocols supported by Teleport. Currently, this includes SSH, HTTPS, and Kubernetes API. * Auth Server. In this mode, the daemon is acting as a certificate authority that all other daemons must authenticate with. The auth server is issuing certificates for users and for servers and stores the audit log.

References

{{reflist Free and open-source software Cross-platform free software Free network-related software Free security software

Secure Shell