Teleport (open-source Software)
   HOME

TheInfoList



Click Here for Items Related To - Teleport (open-source Software)
OR:
Teleport (open-source Software) on:   [Wikipedia]   [Google]   [Amazon]

Teleport is an open-source tool that provides
zero trust Zero trust architecture (ZTA) or perimeterless security is a design and implementation strategy of IT systems. The principle is that users and devices should not be trusted by default, even if they are connected to a privileged network such as a ...
access to servers and cloud applications using
SSH The Secure Shell Protocol (SSH Protocol) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH was designed for Un ...
,
Kubernetes Kubernetes (), also known as K8s is an open-source software, open-source OS-level virtualization, container orchestration (computing), orchestration system for automating software deployment, scaling, and management. Originally designed by Googl ...
,
Database In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and a ...
,
Remote Desktop Protocol Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this pu ...
and
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
. It can eliminate the need for
VPNs Virtual private network (VPN) is a network architecture for virtually extending a private network (i.e. any computer network which is not the public Internet) across one or multiple other networks which are either untrusted (as they are not con ...
by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy. Teleport started as an open source library used by th
Gravity project
to enable secure software deployments into restricted and regulated environments. Teleport was open sourced as a standalone tool by Gravitational Inc. in 2016. It is currently deployed in production by
Samsung Samsung Group (; stylised as SΛMSUNG) is a South Korean Multinational corporation, multinational manufacturing Conglomerate (company), conglomerate headquartered in the Samsung Town office complex in Seoul. The group consists of numerous a ...
,
NASDAQ The Nasdaq Stock Market (; National Association of Securities Dealers Automated Quotations) is an American stock exchange based in New York City. It is the most active stock trading venue in the U.S. by volume, and ranked second on the list ...
,
IBM International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American Multinational corporation, multinational technology company headquartered in Armonk, New York, and present in over 175 countries. It is ...
, Ticketmaster,
Epic Games Epic Games, Inc. is an American Video game developer, video game and software development, software developer and video game publisher, publisher based in Cary, North Carolina. The company was founded by Tim Sweeney (game developer), Tim Sween ...
and others. It has been publicly audited by technology security companies like Cure 53 and Doyensec.


History

Teleport was built by Gravitational Inc, a company that specializes in Kubernetes-based application deployment and compliance. The security gateway protocol that became Teleport originated within a remote application management platform also built by Gravitational, called Gravity. Gravitational was a member of the 2015 Y Combinator cohort, and Teleport was originally released in June 2016. Teleport 3.0 was released in October 2018 and introduced Kubernetes integration. Version 4.0 was released in 2019 and included support for IoT infrastructure and products. In December 2023, Teleport announced a change in the license of their source code from the previously used Apache 2.0 License to the AGPLv3 license. The open-source version of Teleport is known as Teleport Community and is available for download on GitHub. Gravitational Inc also offers a commercial version of Teleport (Teleport Enterprise) that includes features like role-based access control (RBAC).


Features

Teleport provides the following features, as detailed on
GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
:


Access Proxy

Teleport proxy provides SSH and HTTPs access to servers, applications, and Kubernetes clusters across multiple data centers, cloud providers, and edge devices. Teleport proxy is identity-aware, i.e. it only allows certificate-based authentication by integrating with an identity manager such as GitHub, Google Apps, Okta or Active Directory, and others.


Audit Log

Teleport collects system events across all servers it is installed on and stores them in an audit log for compliance purposes. Auditable events include authentication attempts, file transfers, network connections, and file system changes made during an SSH session. The audit log can be stored on an encrypted file system, in Amazon DynamoDB and other cloud data stores.


Session Recording

Teleport records interactive user sessions for SSH and Kubernetes protocols and stores them in the audit log. Stored sessions can be replayed via a built-in session player. Teleport uses
eBPF eBPF is a technology that can run programs in a privileged context such as the operating system kernel. It is the successor to the Berkeley Packet Filter (BPF, with the "e" originally meaning "extended") filtering mechanism in Linux and is al ...
for the low latency kernel level session recording.


IoT Access

Servers running Teleport can be accessed by clients regardless of their physical location, even when they are using a cellular connection.


Dynamic Authorization

Teleport users can request a one-time elevation of permissions to complete a privileged task. Such requests can be approved or denied via chat ops tools such as Slack, Mattermost, or a custom workflow, implemented via Teleport API.


Web UI

Teleport Proxy offers a web-based client for configuration, accessing servers via SSH and Kubernetes and for accessing the audit log. Teleport requires at least 1GB of virtual memory to be built and compiled.


Architecture

Teleport is written in Go programming language, and runs on
UNIX Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
-compatible operating systems, including Linux,
macOS macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
, and several
BSD The Berkeley Software Distribution (BSD), also known as Berkeley Unix or BSD Unix, is a discontinued Unix operating system developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berkeley, beginni ...
variants. Teleport consists of two
executable In computer science, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instruction (computer science), in ...
s: tsh (command line client) and teleport (server daemon). The teleport server daemon can run in the following modes: * Node. In this mode, the daemon is providing SSH and Kubernetes access to the server it is running on. * Proxy. In this mode, the daemon is acting as an identity-aware proxy for all protocols supported by Teleport. Currently, this includes SSH, HTTPS, and Kubernetes API. * Auth Server. In this mode, the daemon is acting as a certificate authority that all other daemons must authenticate with. The auth server is issuing certificates for users and for servers and stores the audit log.


References

{{reflist Free and open-source software Cross-platform free software Free network-related software Free security software
SSH The Secure Shell Protocol (SSH Protocol) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH was designed for Un ...
Secure Shell Software using the GNU Affero General Public License Free software programmed in Go