Teleport (open-source software)
Teleport is an open-source tool for providing zero trust access to servers and cloud applications using SSH, Kubernetes and HTTPS.[1][2] It can eliminate the need for VPNs by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy.[3]
Teleport started as an open source library used by the Gravity project to enable secure software deployments into restricted and regulated environments. Teleport was open sourced as a standalone tool by Gravitational Inc. in 2016.[4] It is currently deployed in production by Samsung, NASDAQ, IBM and others.[5] It has been publicly audited by technology security companies like Cure 53.[6] It is currently on release version 4.2.3.
Alternatives to Teleport include Bastion and strongDM.[7]
History
Teleport was built by Gravitational Inc, a company that specializes in Kubernetes-based application deployment and compliance. The security gateway protocol that became Teleport originated within a remote application management platform also built by Gravitational, called Gravity. Gravitational was a member of the 2015 Y Combinator cohort[8], and Teleport was originally released in June 2016.[9]
Teleport 3.0 was released in October 2018 and introduced Kubernetes integration.[10] Version 4.0 was released in 2019 and included support for IoT infrastructure and products.[11]
The open-source version of Teleport is known as Teleport Community and is available for download on Github. Gravitational Inc also offers a commercial version of Teleport (Teleport Enterprise) that includes features like role-based access control (RBAC).[12]
Features
Teleport provides the following features, as detailed on GitHub:[13]
Access Proxy
Teleport proxy provides SSH and HTTPs access to servers, applications, and Kubernetes clusters across multiple data centers, cloud providers, and edge devices. Teleport proxy is identity-aware, i.e. it only allows certificate-based authentication by integrating with an identity manager such as Github, Google Apps, Okta or Active Directory, and others.
Audit Log
Teleport collects system events across all servers it’s installed on and stores them in an audit log for compliance purposes. Auditable events include authentication attempts, file transfers, network connections, and file system changes made during an SSH session. The audit log can be stored on an encrypted file system, in Amazon DynamoDB and other cloud data stores.
Session Recording
Teleport records interactive user sessions for SSH and Kubernetes protocols and stores them in the audit log. Stored sessions can be replayed via a built-in session player.
IoT Access
Servers running Teleport can be accessed by clients regardless of their physical location, even when they are using a cellular connection.
Dynamic Authorization
Teleport users can request a one-time elevation of permissions to complete a privileged task. Such requests can be approved or denied via chat ops tools such as Slack, Mattermost, or a custom workflow, implemented via Teleport API.
Web UI
Teleport Proxy offers a web-based client for configuration, accessing servers via SSH and Kubernetes and for accessing the audit log.
Teleport requires at least 1GB of virtual memory to be built and compiled.
Architecture
Teleport is written in Go programming language, and runs on UNIX-compatible operating systems, including Linux, MacOS, and several BSD variants.[14] Teleport consists of two executables: `tsh` (command line client) and `teleport` (server daemon).
The `teleport` server daemon can run in the following modes:[15]
- Node. In this mode, the daemon is providing SSH and Kubernetes access to the server it’s running on.
- Proxy. In this mode, the daemon is acting as an identity-aware proxy for all protocols supported by Teleport. Currently, this includes SSH, HTTPS, and Kubernetes API.
- Auth Server. In this mode, the daemon is acting as a certificate authority that all other daemons must authenticate with. The auth server is issuing certificates for users and for servers and stores the audit log.
Commercial implementations
Commercial users of Teleport include Samsung, NASDAQ, IBM, Ticketmaster, and Epic Games.[16]
References
- gravitational/teleport, Gravitational, 2020-04-02, retrieved 2020-04-04
- "Teleport Reviews and Pricing - 2020". www.capterra.com. Retrieved 2020-04-05.
- "Gravitational Draws Kubernetes Into Its Secure Credential Sphere". SDX Central.
- "Teleport 1.0 Released". gravitational.com. Retrieved 2020-04-04.
- Stewart, Ashley. "This ex-Rackspace director's startup Gravitational just raised $25 million to 'liberate' customers from Amazon Web Services and Microsoft". Business Insider. Retrieved 2020-04-04.
- "Pentest-Report Teleport 2.6.0 05.2018" (PDF). Cure 53.
- "Gravitational Teleport Alternatives - strongDM and other options". Access. Control. strongDM. 2019-07-10. Retrieved 2020-04-11.
- "Gravitational nabs $25M Series A to ease cloud deployment with Kubernetes". TechCrunch. Retrieved 2020-04-05.
- "Show HN: Teleport – SSH for Clusters and Teams | Hacker News". news.ycombinator.com. Retrieved 2020-04-05.
- "Teleport 3.0 provides ITOps with method for managing privileged access to their infrastructure". ITOps Times. 2018-10-02. Retrieved 2020-04-04.
- Inc, Tamas Cser Digital Smart Technologies. "Gravitational Updates Its Open Source Management To Deliver IoT-Centric Security". www.idevnews.com. Retrieved 2020-04-04.
- "Gravitational Teleport Alternatives - strongDM and other options". Access. Control. strongDM. 2019-07-10. Retrieved 2020-04-05.
- gravitational/teleport, Gravitational, 2020-04-02, retrieved 2020-04-04
- "Package teleport". godoc.org. Retrieved 2020-04-05.
- "CHANGELOG.md - gravitational/teleport - Sourcegraph". sourcegraph.com. Retrieved 2020-04-05.
- Gravitational (2019-04-03). "Gravitational Has Record Year with Doubled Revenue and Tripled Enterprise Customers". GlobeNewswire News Room. Retrieved 2020-04-05.