teleport
by gravitational
Teleport is a unified, secure access platform that provides certificate-based authentication, access controls, and audit logging for infrastructure across SSH, Kubernetes, databases, and internal web apps.
The easiest, and most secure way to access and protect all of your infrastructure.
Primary Use Case
Teleport is designed for organizations needing secure, identity-aware access to cloud and on-premises infrastructure without managing shared secrets. It is ideal for DevOps, security teams, and system administrators who require centralized access control, session auditing, and zero trust principles across diverse environments.
- Certificate-based authentication with short-lived certificates for SSH, Kubernetes, databases, and web apps
- Single sign-on (SSO) integration with GitHub, OpenID Connect, and SAML providers like Okta and Microsoft Entra ID
- Mutual TLS (mTLS) endpoints to protect access to cloud and on-prem services
- Role-Based Access Control (RBAC) with access request workflows enforcing least privilege
- Audit logging with session recording and replay for multiple protocols
- Tunneling system to access resources behind NATs and firewalls
- Two-factor authentication (2FA) support for all access
- Unified access proxy and certificate authority (CA) in a single Go binary
Installation
- Download the Teleport binary from https://goteleport.com/download
- Install Teleport as a Linux daemon following https://goteleport.com/docs/admin-guides/deploy-a-cluster/linux-demo
- Alternatively, deploy Teleport on Kubernetes using Helm charts per https://goteleport.com/docs/admin-guides/deploy-a-cluster/helm-deployments
- Configure Teleport with your identity provider for SSO (GitHub supported in open source)
- Enroll SSH nodes, Kubernetes clusters, databases, web apps, and Windows hosts as resources
- Start the Teleport service to begin managing access and auditing
Usage
>_ teleport startStarts the Teleport daemon to run the access proxy, certificate authority, and audit log
>_ tsh login --proxy=example.com --auth=githubAuthenticate to the Teleport proxy using GitHub SSO
>_ tsh ssh user@nodeConnect to a remote SSH node managed by Teleport
>_ tsh db loginAuthenticate and retrieve short-lived certificates for database access
>_ tsh kube loginAuthenticate to Kubernetes clusters via Teleport
>_ tsh app loginAuthenticate to internal web applications proxied by Teleport
>_ tsh sessions lsList active sessions with audit logs and recordings
- Integrate Teleport with SIEM tools to enhance audit log analysis and anomaly detection.
- Leverage Teleport's short-lived certificates to minimize risk from credential theft during red team exercises.
- Use Teleport's RBAC and access request workflows to enforce least privilege and improve compliance posture.
- Automate onboarding/offboarding processes with Teleport's access controls to reduce human error.
- Combine Teleport with vulnerability scanners to validate secure access post-remediation.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about teleport. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
vaultwarden
dani-garcia/vaultwarden
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
authelia
authelia/authelia
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
keepassxc
keepassxreboot/keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
infisical
Infisical/infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
authentik
goauthentik/authentik
The authentication glue you need.
pangolin
fosrl/pangolin
Identity-aware VPN and proxy for remote access to anything, anywhere.