ConfigsApr 13, 2026·3 min read

Teleport — Secure Infrastructure Access Platform

Teleport provides identity-based, zero-trust access to servers, Kubernetes clusters, databases, and web applications. It replaces VPNs and shared credentials with certificate-based authentication, session recording, and unified access controls.

AI
AI Open Source · Community
Quick Use

Use it first, then decide how deep to go

This block should tell both the user and the agent what to copy, install, and apply first.

# Install Teleport
curl https://goteleport.com/static/install.sh | bash

# Start a single-node cluster
sudo teleport configure --cluster-name=example.teleport.sh --output=file
sudo teleport start

# Access web UI at https://localhost:3080

# SSH via Teleport (no SSH keys needed)
tsh login --proxy=example.teleport.sh
tsh ssh user@hostname

# List available servers
tsh ls

Introduction

Teleport replaces traditional infrastructure access tools (VPNs, SSH keys, database passwords) with a unified, identity-based access platform. Instead of distributing and managing credentials, Teleport issues short-lived certificates tied to user identity. Every session is recorded, audited, and governed by role-based access policies.

With over 20,000 GitHub stars, Teleport is used by companies like Nasdaq, IBM, Samsung, and Snowflake to secure access to their infrastructure. It provides a single gateway for SSH, Kubernetes, databases, Windows desktops, and web applications — with built-in compliance features.

What Teleport Does

Teleport acts as an identity-aware access proxy. Users authenticate once (via SSO, MFA, or hardware keys), and Teleport issues short-lived X.509 certificates for accessing resources. All sessions are recorded, all access is logged, and policies are enforced in real-time. No standing credentials exist — reducing the attack surface.

Architecture Overview

[Users]
SSO + MFA + Hardware Keys
        |
   [Teleport Proxy]
   Public-facing gateway
   TLS termination
   Web UI
        |
   [Teleport Auth]
   Certificate authority
   RBAC engine
   Session recording
   Audit log
        |
+-------+-------+-------+-------+
|       |       |       |       |
[SSH    [K8s    [DB     [App    [Windows]
Access] Access] Access] Access] Access]
Servers Clusters Postgres Web apps RDP
Nodes   kubectl  MySQL   Internal Desktop
                 MongoDB dashboards

Self-Hosting & Configuration

# teleport.yaml — configuration
teleport:
  nodename: teleport.example.com
  data_dir: /var/lib/teleport

auth_service:
  enabled: true
  cluster_name: example.teleport.sh
  authentication:
    type: local
    second_factor: "on"
    webauthn:
      rp_id: example.teleport.sh

proxy_service:
  enabled: true
  web_listen_addr: 0.0.0.0:443
  public_addr: teleport.example.com:443
  acme:
    enabled: true
    email: admin@example.com

ssh_service:
  enabled: true
  labels:
    env: production
    team: engineering
# Add a server to the cluster
sudo teleport node configure \
  --token=invite-token \
  --auth-server=teleport.example.com:443 \
  --output=file
sudo teleport start

# Role-based access example
tctl create <<EOF
kind: role
metadata:
  name: developer
spec:
  allow:
    logins: [ubuntu, ec2-user]
    node_labels:
      env: [staging, development]
    kubernetes_groups: [developers]
    db_names: ["*"]
    db_users: [readonly]
EOF

Key Features

  • Identity-Based Access — short-lived certificates, no standing credentials
  • SSH Access — passwordless SSH with session recording
  • Kubernetes Access — secure kubectl access with RBAC
  • Database Access — proxy for PostgreSQL, MySQL, MongoDB, and more
  • Application Access — secure access to internal web apps without VPN
  • Session Recording — complete audit trail of all interactive sessions
  • Access Requests — just-in-time access with approval workflows
  • Compliance — SOC 2, FedRAMP, HIPAA-ready audit logging

Comparison with Similar Tools

Feature Teleport HashiCorp Boundary Tailscale StrongDM Bastion hosts
Access Type Identity-based Identity-based Network mesh Identity-based Network
SSH Yes Via boundary Via Tailscale Yes Yes
Kubernetes Yes Limited Via Tailscale Yes Manual
Databases Yes Yes No Yes Manual
Session Recording Yes No No Yes Manual
Self-Hosted Yes Yes Partial No Yes
Open Source Yes (Community) Yes Partial No N/A

FAQ

Q: Teleport vs VPN — why should I switch? A: VPNs grant broad network access. Teleport provides fine-grained, identity-based access to specific resources. You get session recording, audit trails, and just-in-time access — none of which VPNs provide.

Q: Is Teleport free? A: Teleport Community Edition is free and open source. Enterprise and Cloud editions add features like FedRAMP compliance, hardware key enforcement, and premium support.

Q: How does Teleport replace SSH keys? A: Instead of distributing and rotating SSH keys, users authenticate via SSO/MFA and receive a short-lived SSH certificate (valid for hours, not years). When it expires, they re-authenticate. No key management needed.

Q: Can I use Teleport with my existing SSO? A: Yes. Teleport integrates with Okta, Azure AD, Google Workspace, GitHub, GitLab, and any SAML/OIDC identity provider for single sign-on.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

PostgreSQL — The Most Advanced Open Source Relational Database

PostgreSQL is the most powerful open-source relational database system. It combines SQL compliance, extensibility, and reliability with advanced features like JSONB, full-text search, vector embeddings (pgvector), and PostGIS — making it the database of choice for modern applications.

AI Open Source

age — Simple Modern Encryption Tool

age is a simple, modern, and secure file encryption tool. It replaces GPG for everyday encryption with a clean CLI, small explicit keys, no configuration options, and UNIX-style composability. Designed by Filippo Valsorda, a Go security lead.

AI Open Source

Git — The Distributed Version Control System

Git is the most widely used version control system in the world. Created by Linus Torvalds for Linux kernel development, it tracks changes in source code with distributed repositories, branching, merging, and a complete history of every file modification.

AI Open Source
Home🔍Search👤Me