teleport

package module

v1.3.2 Latest Latest Go to latest Published: Jan 4, 2017 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Gravitational Teleport

Project Links	Description
Teleport Website	The official website of the project
Documentation	Admin guide, user manual and more
Demo Video	3-minute video overview of the UI.
Teleconsole	The free service to "invite" SSH clients behind NAT, built on top of Teleport
Blog	Our blog where we publish Teleport news

Introduction

Gravitational Teleport is a modern SSH server for remotely accessing clusters of Linux servers via SSH or HTTPS. It is intended to be used instead of sshd. Teleport enables teams to easily adopt the best SSH practices like:

No need to distribute keys: Teleport uses certificate-based access with automatic expiration time.
Enforcement of 2nd factor authentication.
Cluster introspection: every Teleport node becomes a part of a cluster and is visible on the Web UI.
Record and replay SSH sessions for knowledge sharing and auditing purposes.
Collaboratively troubleshoot issues through session sharing.
Connect to clusters located behind firewalls without direct Internet access via SSH bastions.
Ability to integrate SSH credentials with your organization identities via OAuth (Google Apps, Github).

Teleport is built on top of the high-quality Golang SSH implementation and it is fully compatible with OpenSSH.

Installing and Running

Download the latest binary release, unpack the .tar.gz and run sudo make install. This will copy Teleport binaries into /usr/local/bin.

Then you can run Teleport as a single-node cluster:

teleport start

Building Teleport

Teleport source code consists of the actual Teleport daemon binary written in Golang, and also it has a web UI (located in /web directory) written in Javascript. The WebUI is not changed often and we keep it checked into Git under /dist, so you only need to build Golang:

Make sure you have Golang v1.7 or newer, then run:

go get github.com/gravitational/teleport
cd $GOPATH/src/github.com/gravitational/teleport
CGO_ENABLED=true make

If the build was successful the binaries are here: $GOPATH/src/github.com/gravitational/teleport/build

You'll have to create /var/lib/teleport directory and then you can start Teleport as a single-node cluster in development mode: build/teleport start -d

If you want to release your own Teleport version, edit this Makefile, update VERSION and SUFFIX constants, then run make setver to update version.go

If you want to cut another binary release tarball, run make release.

NOTE: The Go compiler is somewhat sensitive to amount of memory: you will need at least 1GB of virtual memory to compile Teleport. 512MB instance without swap will not work.

Rebuilding Web UI

If you want to make changes to the web UI, you have to re-build the content of /dist directory See web/README.md for instructions on how to update the Web UI.

Why did We Build Teleport?

Mature tech companies with significant infrastructure footprints tend to implement most of these patterns internally. Teleport allows smaller companies without significant in-house SSH expertise to easily adopt them, as well. Teleport comes with an accessible Web UI and a very permissive Apache 2.0 license to facilitate adoption and use.

Being a complete standalone tool, Teleport can be used as a software library enabling trust management in complex multi-cluster, multi-region scenarios across many teams within multiple organizations.

More Information

Contributing

The best way to contribute is to create issues or pull requests right here on Github. You can also reach the Gravitational team through their website

It is possible to make changes to the Web UI without having to rebuild and restart teleport. Simply launch it with DEBUG environment variable set from $GOPATH:

$ DEBUG=1 $GOPATH/gravitational/teleport/build/teleport start

Status

Teleport has completed a security audit from a nationally recognized technology security company. So we are comfortable with the use of Teleport from a security perspective.

However, Teleport is still a relatively young product so you may experience usability issues. We are actively supporting Teleport and addressing any issues that are submitted to this repo. Ask questions, send pull requests, report issues and don't be shy! :)

The latest stable Teleport build can be found in Releases

Known Issues

Teleport does not officially support IPv6 yet.

Who Built Teleport?

Teleport was created by Gravitational Inc. We have built Teleport by borrowing from our previous experiences at Rackspace. It has been extracted from Gravity, our system for helping our clients to deploy and remotely manage their SaaS applications on many cloud regions or even on-premise.

Documentation ¶

Overview ¶

DO NOT EDIT THIS FILE. IT IS GENERATED BY 'make setver'

Index ¶

Constants
Variables
type Role
type Roles
- func ParseRoles(str string) (roles Roles, err error)

Constants ¶

View Source

const (
	// BoltBackendType is a BoltDB backend
	BoltBackendType = "bolt"

	// ETCDBackendType is etcd backend
	ETCDBackendType = "etcd"

	// Component indicates a component of teleport, used for logging
	Component = "component"

	// ComponentFields stores component-specific fields
	ComponentFields = "fields"

	// ComponentReverseTunnel is reverse tunnel agent and server
	// that together establish a bi-directional SSH revers tunnel
	// to bypass firewall restrictions
	ComponentReverseTunnel = "reversetunnel"

	// ComponentAuth is the cluster CA node (auth server API)
	ComponentAuth = "auth"

	// ComponentNode is SSH node (SSH server serving requests)
	ComponentNode = "node"

	// ComponentProxy is SSH proxy (SSH server forwarding connections)
	ComponentProxy = "proxy"

	// ComponentTunClient is a tunnel client
	ComponentTunClient = "tunclient"

	// DebugEnvVar tells tests to use verbose debug output
	DebugEnvVar = "DEBUG"

	// DefaultTimeout sets read and wrie timeouts for SSH server ops
	DefaultTimeout time.Duration = 30 * time.Second

	// DebugOutputEnvVar tells tests to use verbose debug output
	DebugOutputEnvVar = "TELEPORT_DEBUG"

	// DefaultTerminalWidth defines the default width of a server-side allocated
	// pseudo TTY
	DefaultTerminalWidth = 80

	// DefaultTerminalHeight defines the default height of a server-side allocated
	// pseudo TTY
	DefaultTerminalHeight = 25

	// SafeTerminalType is the fall-back TTY type to fall back to (when $TERM
	// is not defined)
	SafeTerminalType = "xterm"
)

View Source

const ForeverTTL time.Duration = 0

ForeverTTL means that object TTL will not expire unless deleted

View Source

const (
	Version = "1.3.2"
)

Variables ¶

View Source

var Gitref string

Functions ¶

This section is empty.

Types ¶

type Role ¶ added in v1.0.0

type Role string

Role identifies the role of SSH server connection

const (
	// RoleAuth is for teleport auth server (authority, authentication and authorization)
	RoleAuth Role = "Auth"
	// RoleUser is a role for teleport SSH user
	RoleUser Role = "User"
	// RoleWeb is for web access users
	RoleWeb Role = "Web"
	// RoleNode is a role for SSH node in the cluster
	RoleNode Role = "Node"
	// RoleProxy is a role for SSH proxy in the cluster
	RoleProxy Role = "Proxy"
	// RoleAdmin is admin role
	RoleAdmin Role = "Admin"
	// RoleProvisionToken is a role for nodes authenticated using provisioning tokens
	RoleProvisionToken Role = "ProvisionToken"
	// RoleSignup is for first time signing up users
	RoleSignup Role = "Signup"
	// RoleU2FSign is for partially authenticated U2F users who need to request a U2F auth challenge
	RoleU2FSign = "U2FSign"
	// RoleU2FUser is for teleport SSH user already authenticated with U2F
	RoleU2FUser = "U2FUser"
)

func (*Role) Check ¶ added in v1.0.0

func (r *Role) Check() error

Check checks if this a a valid role value, returns nil if it's ok, false otherwise

func (*Role) Set ¶ added in v1.0.0

func (r *Role) Set(v string) error

Set sets the value of the role from string, used to integrate with CLI tools

func (*Role) String ¶ added in v1.0.0

func (r *Role) String() string

String returns debug-friendly representation of this role

type Roles ¶ added in v1.0.0

type Roles []Role

func ParseRoles ¶ added in v1.0.0

func ParseRoles(str string) (roles Roles, err error)

ParseRoles takes a comma-separated list of roles and returns a slice of roles, or an error if parsing failed

func (Roles) Check ¶ added in v1.0.0

func (roles Roles) Check() (err error)

Check returns an erorr if the role set is incorrect (contains unknown roles)

func (Roles) Equals ¶ added in v1.0.0

func (roles Roles) Equals(other Roles) bool

Equals compares two sets of roles

func (Roles) Include ¶ added in v1.0.0

func (roles Roles) Include(role Role) bool

Includes returns 'true' if a given list of roles includes a given role

func (Roles) String ¶ added in v1.0.0

func (roles Roles) String() string

Source Files ¶

View all Source files

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
integration integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them	integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them
lib
auth Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper	Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper Package auth implements certificate signing authority and access control server Authority server is composed of several parts: * Authority server itself that implements signing and acl logic * HTTP server wrapper for authority server * HTTP client wrapper
auth/mocku2f
auth/native
auth/test
auth/testauthority
backend Package backend represents interface for accessing local or remote storage Copyright 2015 Gravitational, Inc.	Package backend represents interface for accessing local or remote storage Copyright 2015 Gravitational, Inc.
backend/boltbk Package boltbk implements BoltDB backed backend for standalone instances and test mode, you should use Etcd in production Copyright 2015 Gravitational, Inc.	Package boltbk implements BoltDB backed backend for standalone instances and test mode, you should use Etcd in production Copyright 2015 Gravitational, Inc.
backend/dynamo Package dynamodbDynamoDBBackend implements DynamoDB storage backend for Teleport auth service, similar to etcd backend.	Package dynamodbDynamoDBBackend implements DynamoDB storage backend for Teleport auth service, similar to etcd backend.
backend/etcdbk Package etcdbk implements Etcd powered backend	Package etcdbk implements Etcd powered backend
backend/test Package test contains a backend acceptance test suite that is backend implementation independant each backend will use the suite to test itself	Package test contains a backend acceptance test suite that is backend implementation independant each backend will use the suite to test itself
client
config
defaults Package defaults contains default constants set in various parts of teleport codebase	Package defaults contains default constants set in various parts of teleport codebase
events Package events currently implements the audit log using a simple filesystem backend.	Package events currently implements the audit log using a simple filesystem backend.
httplib Package httplib implements common utility functions for writing classic HTTP handlers	Package httplib implements common utility functions for writing classic HTTP handlers
limiter Package limiter implements connection and rate limiters for teleport	Package limiter implements connection and rate limiters for teleport
reversetunnel Package reversetunnel sets up persistent reverse tunnel between remote site and teleport proxy, when site agents dial to teleport proxy's socket and teleport proxy can connect to any server through this tunnel.	Package reversetunnel sets up persistent reverse tunnel between remote site and teleport proxy, when site agents dial to teleport proxy's socket and teleport proxy can connect to any server through this tunnel.
service Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures Copyright 2015 Gravitational, Inc.	Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures Copyright 2015 Gravitational, Inc.
services Package services implements statefule services provided by teleport, like certificate authority management, user and web sessions, events and logs.	Package services implements statefule services provided by teleport, like certificate authority management, user and web sessions, events and logs.
services/local Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd	Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd
services/suite
session Package session is used for bookeeping of SSH interactive sessions that happen in realtime across the teleport cluster	Package session is used for bookeeping of SSH interactive sessions that happen in realtime across the teleport cluster
srv Package srv implements SSH server that supports multiplexing tunneling, SSH connections proxying and only supports Key based auth	Package srv implements SSH server that supports multiplexing tunneling, SSH connections proxying and only supports Key based auth
sshutils
sshutils/scp Package scp handles file uploads and downloads via scp command	Package scp handles file uploads and downloads via scp command
state
teleagent
utils
web Package web implements web proxy handler that provides web interface to view and connect to teleport nodes	Package web implements web proxy handler that provides web interface to view and connect to teleport nodes
tool
tctl
teleport
tsh