Teleport - The Open Infrastructure Access Platform

What is Teleport?

Teleport is the easiest, most secure way to access all your infrastructure. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols, plus many others.

Teleport provides secure access to SSH or Windows servers, Windows desktops, Kubernetes clusters, databases, and web applications. Teleport is trivial to set up as a Linux daemon or in a Kubernetes pod. Teleport can integrate with Single Sign-On providers and enables you to apply access policies using infrastructure-as-code and GitOps tools.

This procedure shows you how to spin up a single-instance Teleport cluster on a Linux server using Teleport Community Edition. Once you deploy the cluster, you can configure Role-based access control(RBAC) and then register resources.

Teleport Architecture

The key concept of Teleport's architecture is the cluster.

A Teleport cluster consists of the Teleport Auth Service, Teleport Proxy Service, Teleport agents, and resources that you want to connect to such as Linux or Windows servers, databases, Kubernetes clusters, Windows desktops, and internal web apps.

To create a minimal Teleport cluster, you must launch three services:

• Teleport Auth Service: The certificate authority for your cluster. It issues certificates, maintains the audit log and aslo conducts authentication challenges. The Auth Service is typically inaccessible outside your private network.
• Teleport Proxy Service: The cluster frontend, which handles user requests, forwards user credentials to the Auth Service, and communicates with Teleport instances that enable access to specific resources in your infrastructure. The proxy allows access to cluster resources from the outside. Typically it is the only service available from the public network.

• Teleport SSH Service: An SSH server implementation that takes advantage of Teleport's short-lived certificates, sophisticated RBAC, session recording, and other features.

  How a Teleport Cluster Works

The concept of a cluster is the foundation of the Teleport security model.

Users and servers must all join the same cluster before access can be granted.

To join a cluster, both users and servers must authenticate and receive certificates.

The Teleport Auth Service is the CA of the cluster, which issues certificates for both users and servers with all

supported protocols.

Teleport Installation: Prerequisites

• A Linux host with only port 443 open to ingress traffic.
• A two-factor authenticator app such as Authy, Google Authenticator,

You must also have one of the following:

• A registered domain name.
• An authoritative DNS nameserver managed by your organization, plus an existing certificate authority.