Teleport is an open-source tool for providing zero trust access to servers and cloud applications using SSH, Kubernetes and HTTPS.[2][3] It can eliminate the need for VPNs by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy.[4]

Teleport
Stable release
16.4.6[1] Edit this on Wikidata / 23 October 2024
Repositoryhttps://github.com/gravitational/teleport
Written inGo
LicenseGNU Affero General Public License
Websitegoteleport.com Edit this on Wikidata

Teleport started as an open source library used by the Gravity project [5] to enable secure software deployments into restricted and regulated environments. Teleport was open sourced as a standalone tool by Gravitational Inc. in 2016.[6] It is currently deployed in production by Samsung, NASDAQ, IBM, Ticketmaster, Epic Games and others.[7][8] It has been publicly audited by technology security companies like Cure 53[9] and Doyensec.[10][11]

Alternatives to Teleport include a bastion host and strongDM.[12]

History

edit

Teleport was built by Gravitational Inc, a company that specializes in Kubernetes-based application deployment and compliance. The security gateway protocol that became Teleport originated within a remote application management platform also built by Gravitational, called Gravity. Gravitational was a member of the 2015 Y Combinator cohort,[13] and Teleport was originally released in June 2016.[14]

Teleport 3.0 was released in October 2018 and introduced Kubernetes integration.[15] Version 4.0 was released in 2019 and included support for IoT infrastructure and products.[16]

In December 2023, Teleport announced a change in the license of their source code from the previously used Apache 2.0 License to the AGPLv3 license.[17]

The open-source version of Teleport is known as Teleport Community and is available for download on GitHub. Gravitational Inc also offers a commercial version of Teleport (Teleport Enterprise) that includes features like role-based access control (RBAC).[18]

Features

edit

Teleport provides the following features, as detailed on GitHub:[2]

Access Proxy

edit

Teleport proxy provides SSH and HTTPs access to servers, applications, and Kubernetes clusters across multiple data centers, cloud providers, and edge devices. Teleport proxy is identity-aware, i.e. it only allows certificate-based authentication by integrating with an identity manager such as GitHub, Google Apps, Okta or Active Directory, and others.

Audit Log

edit

Teleport collects system events across all servers it is installed on and stores them in an audit log for compliance purposes. Auditable events include authentication attempts, file transfers, network connections, and file system changes made during an SSH session. The audit log can be stored on an encrypted file system, in Amazon DynamoDB and other cloud data stores.

Session Recording

edit

Teleport records interactive user sessions for SSH and Kubernetes protocols and stores them in the audit log. Stored sessions can be replayed via a built-in session player.

IoT Access

edit

Servers running Teleport can be accessed by clients regardless of their physical location, even when they are using a cellular connection.

Dynamic Authorization

edit

Teleport users can request a one-time elevation of permissions to complete a privileged task. Such requests can be approved or denied via chat ops tools such as Slack, Mattermost, or a custom workflow, implemented via Teleport API.

Web UI

edit

Teleport Proxy offers a web-based client for configuration, accessing servers via SSH and Kubernetes and for accessing the audit log.

Teleport requires at least 1GB of virtual memory to be built and compiled.

Architecture

edit

Teleport is written in Go programming language, and runs on UNIX-compatible operating systems, including Linux, macOS, and several BSD variants.[19] Teleport consists of two executables: tsh (command line client) and teleport (server daemon).

The teleport server daemon can run in the following modes:[20]

  • Node. In this mode, the daemon is providing SSH and Kubernetes access to the server it is running on.
  • Proxy. In this mode, the daemon is acting as an identity-aware proxy for all protocols supported by Teleport. Currently, this includes SSH, HTTPS, and Kubernetes API.
  • Auth Server. In this mode, the daemon is acting as a certificate authority that all other daemons must authenticate with. The auth server is issuing certificates for users and for servers and stores the audit log.

References

edit
  1. ^ "Release 16.4.6". 23 October 2024. Retrieved 27 October 2024.
  2. ^ a b gravitational/teleport, Gravitational, 2020-04-02, retrieved 2020-04-04
  3. ^ "Teleport Reviews and Pricing - 2020". www.capterra.com. Retrieved 2020-04-05.
  4. ^ "Gravitational Draws Kubernetes Into Its Secure Credential Sphere". SDX Central.
  5. ^ "gravity/docs/4.x/manage.md at master · gravitational/gravity". GitHub. Retrieved 2024-06-05.
  6. ^ "Teleport 1.0 Released". gravitational.com. Retrieved 2020-04-04.
  7. ^ Stewart, Ashley. "This ex-Rackspace director's startup Gravitational just raised $25 million to 'liberate' customers from Amazon Web Services and Microsoft". Business Insider. Retrieved 2020-04-04.
  8. ^ Gravitational (2019-04-03). "Gravitational Has Record Year with Doubled Revenue and Tripled Enterprise Customers". GlobeNewswire News Room (Press release). Retrieved 2020-04-05.
  9. ^ "Pentest-Report Teleport 2.6.0 05.2018" (PDF). Cure 53.
  10. ^ "Doyensec Gravitational Teleport Report Q22019 with retesting" (PDF). Doyensec.
  11. ^ "Doyensec Gravitational Gravity Report Q22019 with retesting" (PDF). Doyensec.
  12. ^ "Alternatives to Teleport | strongDM". Access. Control. strongDM. 2019-07-10. Retrieved 2020-04-11.
  13. ^ "Gravitational nabs $25M Series A to ease cloud deployment with Kubernetes". TechCrunch. Retrieved 2020-04-05.
  14. ^ "Show HN: Teleport – SSH for Clusters and Teams | Hacker News". news.ycombinator.com. Retrieved 2020-04-05.
  15. ^ "Teleport 3.0 provides ITOps with method for managing privileged access to their infrastructure". ITOps Times. 2018-10-02. Retrieved 2020-04-04.
  16. ^ Inc, Tamas Cser Digital Smart Technologies. "Gravitational Updates Its Open Source Management To Deliver IoT-Centric Security". www.idevnews.com. Retrieved 2020-04-04. {{cite web}}: |last= has generic name (help)
  17. ^ "Teleport OSS will relicense to AGPLv3". Retrieved 2024-03-26.
  18. ^ "Gravitational Teleport Alternatives - strongDM and other options". Access. Control. strongDM. 2019-07-10. Retrieved 2020-04-05.
  19. ^ "Package teleport". godoc.org. Retrieved 2020-04-05.
  20. ^ "CHANGELOG.md - gravitational/teleport - Sourcegraph". sourcegraph.com. Retrieved 2020-04-05.