Teleport (software)

Teleport

Stable release	17.4.1^[1] / 29 March 2025

Repository	https://github.com/gravitational/teleport
Written in	Go
License	GNU Affero General Public License
Website	goteleport.com

Teleport

Stable release

17.4.1^[1] / 29 March 2025

Repository

https://github.com/gravitational/teleport

Written in

License

GNU Affero General Public License

Website

goteleport.com

History

Teleport was built by Gravitational Inc, a company that specializes in Kubernetes-based application deployment and compliance. The security gateway protocol that became Teleport originated within a remote application management platform also built by Gravitational, called Gravity. Gravitational was a member of the 2015 Y Combinator cohort,^[12] and Teleport was originally released in June 2016.^[13]

Teleport 3.0 was released in October 2018 and introduced Kubernetes integration.^[14] Version 4.0 was released in 2019 and included support for IoT infrastructure and products.^[15]

In December 2023, Teleport announced a change in the license of their source code from the previously used Apache 2.0 License to the AGPLv3 license.^[16]

The open-source version of Teleport is known as Teleport Community and is available for download on GitHub. Gravitational Inc also offers a commercial version of Teleport (Teleport Enterprise) that includes features like role-based access control (RBAC).^[17]

Features

Summarize

Perspective

Teleport provides the following features, as detailed on GitHub:^[2]

Access Proxy

Teleport proxy provides SSH and HTTPs access to servers, applications, and Kubernetes clusters across multiple data centers, cloud providers, and edge devices. Teleport proxy is identity-aware, i.e. it only allows certificate-based authentication by integrating with an identity manager such as GitHub, Google Apps, Okta or Active Directory, and others.

Audit Log

Teleport collects system events across all servers it is installed on and stores them in an audit log for compliance purposes. Auditable events include authentication attempts, file transfers, network connections, and file system changes made during an SSH session. The audit log can be stored on an encrypted file system, in Amazon DynamoDB and other cloud data stores.

Session Recording

Teleport records interactive user sessions for SSH and Kubernetes protocols and stores them in the audit log. Stored sessions can be replayed via a built-in session player. Teleport uses eBPF for the low latency kernel level session recording. ^[18]

IoT Access

Servers running Teleport can be accessed by clients regardless of their physical location, even when they are using a cellular connection.

Dynamic Authorization

Teleport users can request a one-time elevation of permissions to complete a privileged task. Such requests can be approved or denied via chat ops tools such as Slack, Mattermost, or a custom workflow, implemented via Teleport API.

Web UI

Teleport Proxy offers a web-based client for configuration, accessing servers via SSH and Kubernetes and for accessing the audit log.

Teleport requires at least 1GB of virtual memory to be built and compiled.

Architecture

Teleport is written in Go programming language, and runs on UNIX-compatible operating systems, including Linux, macOS, and several BSD variants.^[19] Teleport consists of two executables: tsh (command line client) and teleport (server daemon).

The teleport server daemon can run in the following modes:^[20]

Node. In this mode, the daemon is providing SSH and Kubernetes access to the server it is running on.
Proxy. In this mode, the daemon is acting as an identity-aware proxy for all protocols supported by Teleport. Currently, this includes SSH, HTTPS, and Kubernetes API.
Auth Server. In this mode, the daemon is acting as a certificate authority that all other daemons must authenticate with. The auth server is issuing certificates for users and for servers and stores the audit log.