Teleport is the easiest, most secure way to access all your infrastructure servers, clusters, and applications. It is designed to provide role-based access control, audit logs, and session recording, making it ideal for organizations that need to provide secure access to their resources.
1. Install Teleport (CE Edition)
Teleport can be installed using various methods such as using a package manager, downloading binaries, or building from source. The easiest way to install Teleport is by using a package manager. You can refer to the Teleport documentation for installation instructions for your specific operating system, for ubuntu/debian here or follow the documentation here
curl https://deb.releases.teleport.dev/teleport-pubkey.asc | sudo apt-key add - add-apt-repository 'deb https://deb.releases.teleport.dev/ stable main' apt-get update apt install teleport
The default authentication is based on an internal repository of the login/password type to which it is possible to add a second factor, either to the TOTP standard (like Google Authenticator) or U2F (like many USB hardware keys). This is one of the great strengths of this solution. There doesn't seem to be a documented way to use this internal repository in other solutions.
An authentication by GitHub is also part of the open source version. For other mechanisms, it will be necessary to turn to the commercial version of Teleport, which also provides a much finer rights model.
There are commands (via the tctl command line tool) for administrators to manage (enroll, revoke, change rights) users.
Access the Web UI
Run the following command to create a user that can access the Teleport Web UI same like exemple here :
sudo tctl users add tele-admin --roles=editor,access --logins=root,ubuntu,ec2-user
And connect from your URL admin https://YOURIP:3080
From the Add server button you can choose automatic configuration with a 4h token or manual.
Authentication with Teleport from the server like example :
tsh -–insecure login –proxy=YOURIPSERVER:3080 –auth=local –user=youruser
And your server is added automatically.
ADD PERMANENT TOKEN
Creation of a file on the bastion to store the token :
tctl -insecure tokens add -type=node | grep -oP '(<=token:\s).*' > token.file
Added a server with the store token on the bastion :
teleport start –roles=node –token=token.file –auth-server=YOURIPSERVER:3080
create a systemD service like /etc/systemd/system/teleportscript.service :
Description=Teleport SSH daemon After=network.target [Service] ExecStart=/usr/bin/tsh start --roles=node --token-file=/path/to/token.file --auth-server=YOURIPSERVER:3080 Restart=always User=root [Install] WantedBy=multi-user.target
And enable script :
# Start Teleport systemctl start teleport.service # Stop Teleport systemctl stop teleport.service # Restart Teleport systemctl restart teleport.service
Teleport provides a scalable and secure way to provide remote access to resources in organizations. Its role-based access control, audit logs, and session recording features make it a popular choice among organizations that need to provide secure access to their resources. With Teleport, you can ensure that your organization’s resources are secure and accessible to the right people.
Your comment will be posted after it is approved.
Leave a Reply.