teleport

package module
v0.2.0-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 10, 2016 License: Apache-2.0 Imports: 4 Imported by: 0

README

Gravitational Teleport

Project Links
Teleport Website
Documentation

Introduction

Gravitational Teleport ("Teleport") is a tool for remotely accessing isolated clusters of Linux servers via SSH or HTTPS.

Unlike traditional key-based access, Teleport enables teams to easily adopt the following practices:

  • Avoid key distribution and trust on first use issues by using auto-expiring keys signed by a cluster certificate authority (CA).
  • Enforce 2nd factor authentication.
  • Connect to clusters located behind firewalls without direct Internet access via SSH bastions.
  • Record and replay SSH sessions for knowledge sharing and auditing purposes.
  • Collaboratively troubleshoot issues through session sharing.
  • Discover online servers and Docker containers within a cluster with dynamic node labels.

Teleport is built on top of the high-quality Golang SSH implementation and it is fully compatible with OpenSSH.

Installing and Running

Download the latest binary release, unpack the .tar.gz and run sudo make install. This will copy Teleport binaries into /usr/local/bin and the web assets to /usr/local/share/teleport.

Then you can run Teleport as a single-node cluster:

teleport start 

Why Build Teleport?

Mature tech companies with significant infrastructure footprints tend to implement most of these patterns internally. Teleport allows smaller companies without significant in-house SSH expertise to easily adopt them, as well. Teleport comes with an accesible Web UI and a very permissive Apache 2.0 license to facilitate adoption and use.

Being a complete standalone tool, Teleport can be used as a software library enabling trust management in complex multi-cluster, multi-region scenarios across many teams within multiple organizations.

More Information

Contributing

The best way to contribute is to create issues or pull requests right here on Github. You can also reach the Gravitational team through their website

Building

Teleport is written in Go. If you have Golang 1.5 and newer, simply clone this repository and run make. You'll have to create /var/lib/teleport directory and then you can start Teleport as a single-node cluster in development mode: build/teleport start -d

NOTE: The Go compiler is somewhat sensitive to amount of memory: you will need at least 1GB of virtual memory to compile Teleport. 512MB instance without swap will not work.

Status

Teleport is not ready to be used in production yet. Teleport is undergoing a comprehensive independent security audit.

Who Built Teleport?

Teleport was created by Gravitational Inc. We have built Teleport by borrowing from our previous experiences at Rackspace. It has been extracted from Gravity, our system for helping our clients to deploy and remotely manage their SaaS applications on many cloud regions or even on-premise.

Documentation

Index

Constants

View Source
const (
	// BoltBackendType is a BoltDB backend
	BoltBackendType = "bolt"

	// ETCDBackendType is etcd backend
	ETCDBackendType = "etcd"

	// Component indicates a component of teleport, used for logging
	Component = "component"

	// ComponentFields stores component-specific fields
	ComponentFields = "fields"

	// ComponentReverseTunnel is reverse tunnel agent and server
	// that together establish a bi-directional SSH revers tunnel
	// to bypass firewall restrictions
	ComponentReverseTunnel = "reversetunnel"

	// ComponentNode is SSH node (SSH server serving requests)
	ComponentNode = "node"

	// ComponentProxy is SSH proxy (SSH server forwarding connections)
	ComponentProxy = "proxy"

	// ComponentTunClient is a tunnel client
	ComponentTunClient = "tunclient"

	// DefaultTimeout sets read and wrie timeouts for SSH server ops
	DefaultTimeout time.Duration = 30 * time.Second

	// DebugOutputEnvVar tells tests to use verbose debug output
	DebugOutputEnvVar = "TELEPORT_DEBUG_TESTS"
)
View Source
const ForeverTTL time.Duration = 0

ForeverTTL means that object TTL will not expire unless deleted

Variables

This section is empty.

Functions

This section is empty.

Types

type Role added in v1.0.0

type Role string

Role identifies the role of SSH server connection

const (
	// RoleAuth is for teleport auth server (authority, authentication and authorization)
	RoleAuth Role = "Auth"
	// RoleUser is a role for teleport SSH user
	RoleUser Role = "User"
	// RoleWeb is for web access users
	RoleWeb Role = "Web"
	// RoleNode is a role for SSH node in the cluster
	RoleNode Role = "Node"
	// RoleProxy is a role for SSH proxy in the cluster
	RoleProxy Role = "Proxy"
	// RoleAdmin is admin role
	RoleAdmin Role = "Admin"
	// RoleProvisionToken is a role for nodes authenticated using provisioning tokens
	RoleProvisionToken Role = "ProvisionToken"
	// RoleSignup is for first time signing up users
	RoleSignup Role = "Signup"
)

func (*Role) Check added in v1.0.0

func (r *Role) Check() error

Check checks if this a a valid role value, returns nil if it's ok, false otherwise

func (*Role) Set added in v1.0.0

func (r *Role) Set(v string) error

Set sets the value of the role from string, used to integrate with CLI tools

func (*Role) String added in v1.0.0

func (r *Role) String() string

String returns debug-friendly representation of this role

type Roles added in v1.0.0

type Roles []Role

func (Roles) Include added in v1.0.0

func (roles Roles) Include(role Role) bool

Includes returns 'true' if a given list of roles includes a given role

Directories

Path Synopsis
integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them
integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them
lib
auth
Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper
Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper
backend
Package backend represents interface for accessing local or remote storage Copyright 2015 Gravitational, Inc.
Package backend represents interface for accessing local or remote storage Copyright 2015 Gravitational, Inc.
backend/boltbk
Package boltbk implements BoltDB backed backend for standalone instances and test mode, you should use Etcd in production Copyright 2015 Gravitational, Inc.
Package boltbk implements BoltDB backed backend for standalone instances and test mode, you should use Etcd in production Copyright 2015 Gravitational, Inc.
backend/etcdbk
Package etcdbk implements Etcd powered backend
Package etcdbk implements Etcd powered backend
backend/test
Package test contains a backend acceptance test suite that is backend implementation independant each backend will use the suite to test itself
Package test contains a backend acceptance test suite that is backend implementation independant each backend will use the suite to test itself
defaults
Package defaults contains default constants set in various parts of teleport codebase
Package defaults contains default constants set in various parts of teleport codebase
events
Package events currently implements the audit log using a simple filesystem backend.
Package events currently implements the audit log using a simple filesystem backend.
httplib
Package httplib implements common utility functions for writing classic HTTP handlers
Package httplib implements common utility functions for writing classic HTTP handlers
limiter
Package limiter implements connection and rate limiters for teleport
Package limiter implements connection and rate limiters for teleport
reversetunnel
Package reversetunnel sets up persistent reverse tunnel between remote site and teleport proxy, when site agents dial to teleport proxy's socket and teleport proxy can connect to any server through this tunnel.
Package reversetunnel sets up persistent reverse tunnel between remote site and teleport proxy, when site agents dial to teleport proxy's socket and teleport proxy can connect to any server through this tunnel.
service
Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures Copyright 2015 Gravitational, Inc.
Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures Copyright 2015 Gravitational, Inc.
services
Package services implements statefule services provided by teleport, like certificate authority management, user and web sessions, events and logs.
Package services implements statefule services provided by teleport, like certificate authority management, user and web sessions, events and logs.
services/local
Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd
Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd
session
Package session is used for bookeeping of SSH interactive sessions that happen in realtime across the teleport cluster
Package session is used for bookeeping of SSH interactive sessions that happen in realtime across the teleport cluster
srv
sshutils/scp
Package scp handles file uploads and downloads via scp command
Package scp handles file uploads and downloads via scp command
web
Package web implements web proxy handler that provides web interface to view and connect to teleport nodes
Package web implements web proxy handler that provides web interface to view and connect to teleport nodes
tool
tsh

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL