The easiest, and most secure way to access and protect all of your infrastructure.
AGPL-3.0 License
Published by russjones over 3 years ago
This release of Teleport contains a bug fix.
Download the current and previous releases of Teleport at https://goteleport.com/teleport/download.
Published by webvictim over 3 years ago
This release of Teleport contains a new feature.
Download the current and previous releases of Teleport at https://goteleport.com/teleport/download.
Published by webvictim over 3 years ago
This release of Teleport contains a bug fix.
Download the current and previous releases of Teleport at https://goteleport.com/teleport/download.
Published by r0mant over 3 years ago
Teleport 6.1 contains multiple new features, improvements, and bug fixes.
Added support for U2F authentication on every SSH and Kubernetes "connection" (a single tsh ssh
or kubectl
call). This is an advanced security feature that protects users against compromises of their on-disk Teleport certificates. Per-session MFA can be enforced cluster-wide or only for some specific roles.
For more details see Per-Session MFA documentation or RFD 14 and RFD 15 for technical details.
Added ability to request multiple users to review and approve access requests.
See #5071 for technical details.
gpg-agent
. RFD 18
tsh play
. #1580
utmp
regressions that caused issues in LXC containers. #6256
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones over 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones over 3 years ago
This release of Teleport contains a bug fix.
Download the current and previous releases of Teleport at https://goteleport.com/teleport/download.
Published by russjones over 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim over 3 years ago
This release of Teleport contains a bug fix.
session.upload
event to Audit Log. #5636
Download the current and previous releases of Teleport at https://goteleport.com/teleport/download.
Published by russjones over 3 years ago
This release of Teleport contains multiple bug fixes.
--insecure-no-tls
flag. #5923
auditor
, editor
and access
. #5968
google_service_account
field into Google Workspace OIDC connector. #5563
Download the current and previous releases of Teleport at https://goteleport.com/teleport/download.
Published by russjones over 3 years ago
This release of Teleport contains multiple bug fixes.
TLS-ALPN-01
challenge. #5839
Download the current and previous releases of Teleport at https://goteleport.com/teleport/download.
Published by webvictim over 3 years ago
Teleport 6.0 is a major release with new features, functionality, and bug fixes.
We have implemented Database Access, open sourced role-based access control (RBAC), and added official API and a Go client library.
Users can review the 6.0 milestone on Github for more details.
Review the Database Access design in RFD #11.
With Database Access users can connect to PostgreSQL and MySQL databases using short-lived certificates, configure SSO authentication and role-based access controls for databases, and capture SQL query activity in the audit log.
Configure Database Access following the Getting Started guide.
To learn more about configuring role-based access control for Database Access, check out the RBAC section.
Architecture provides a more in-depth look at Database Access internals such as networking and security.
See Reference for an overview of Database Access related configuration and CLI commands.
Finally, check out Frequently Asked Questions.
Open source RBAC support was introduced in RFD #7.
RBAC support gives OSS administrators more granular access controls to servers and other resources with a cluster (like session recording access). An example of an RBAC policy could be: "admins can do anything, developers must never touch production servers and interns can only SSH into staging servers as guests"
In addition, some Access Workflow Plugins will now become available to open source users.
API and Client Libraries support was introduced in RFD #10.
The new API and client library reduces the dependencies needed to use the Teleport API as well as making it easier to use. An example of using the new API is below.
// Create a client connected to the Auth server with an exported identity file.
clt, err := client.NewClient(client.Config{
Addrs: []string{"auth.example.com:3025"},
Credentials: []client.Credentials{
client.LoadIdentityFile("identity.pem"),
},
})
if err != nil {
log.Fatalf("Failed to create client: %v.", err)
}
defer clt.Close()
// Create a Access Request.
accessRequest, err := types.NewAccessRequest(uuid.New(), "access-admin", "admin")
if err != nil {
log.Fatalf("Failed to build access request: %v.", err)
}
if err = clt.CreateAccessRequest(ctx, accessRequest); err != nil {
log.Fatalf("Failed to create access request: %v.", err)
}
utmp
/wtmp
support for SSH in #5491.tsh scp
in #2889..tsh
directory in #5323.tsh login
failure when --proxy
differs from actual proxy public address in #5380.Please follow our standard upgrade procedure to upgrade your cluster.
Note, for clusters using GitHub SSO and Trusted Clusters, when upgrading SSO users will lose connectivity to leaf clusters. Local users will not be affected.
To restore connectivity to leaf clusters for SSO users, leaf admins should update the trusted_cluster
role mapping resource like below.
kind: trusted_cluster
version: v2
metadata:
name: "zztop-oss"
spec:
enabled: true
token: "bar"
web_proxy_addr: 172.10.1.1:3080
tunnel_addr: 172.10.1.1:3024
role_map:
- remote: "admin"
local: ['admin']
- remote: "^(github-.*)$"
local: ['admin']
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim over 3 years ago
This release of Teleport contains a number of bug fixes.
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim over 3 years ago
This release of Teleport contains multiple security fixes.
As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 5.0, 4.4, and 4.3. We strongly suggest upgrading to the latest release.
Below we highlight the most serious issues found, as well as the components of Teleport they affect.
If an attacker can convince a user to click on a malicious link, the attacker can steal the victim’s session cookie or force them to log into an attacker controlled Application Access account.
Under certain circumstances, an already privileged user within a root cluster could potentially elevate their privileges further by gaining the exact same roles in the leaf as they have in the root cluster (instead of the mapped roles).
An unauthenticated attacker that has network access to the Teleport Web Proxy could stage a DOS attack causing it to crash.
Trusted clusters now correctly handle role mapping for Kubernetes. If you had identically-named roles in root and leaf clusters for granting Kubernetes access, leaf clusters now use kubernetes_users
and kubernetes_groups
from the leaf role instead of the root role.
For all users, we recommend upgrading the Teleport Proxy process.
For Application Access users, we also recommend upgrading the Application Access processes.
For Trusted Cluster users, we also recommend upgrading the Teleport Auth process within both leaf and root clusters.
For Kubernetes Access users who rely on Trusted Clusters, we recommend reviewing the leaf cluster roles and making sure that they grant the correct kubernetes_users
and kubernetes_groups
.
Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.
Download one of the following releases to mitigate the issue:
* For Enterprise customers, 5.2.1 is identical to 5.2.0. A new release had to be made due to an issue with the build process.
All current and previous releases of Enterprise can be downloaded from https://dashboard.goteleport.com.
Published by webvictim over 3 years ago
This release of Teleport contains multiple security fixes.
As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 5.0, 4.4, and 4.3. We strongly suggest upgrading to the latest release.
Below we highlight the most serious issues found, as well as the components of Teleport they affect.
If an attacker can convince a user to click on a malicious link, the attacker can steal the victim’s session cookie or force them to log into an attacker controlled Application Access account.
Under certain circumstances, an already privileged user within a root cluster could potentially elevate their privileges further by gaining the exact same roles in the leaf as they have in the root cluster (instead of the mapped roles).
An unauthenticated attacker that has network access to the Teleport Web Proxy could stage a DOS attack causing it to crash.
Trusted clusters now correctly handle role mapping for Kubernetes. If you had identically-named roles in root and leaf clusters for granting Kubernetes access, leaf clusters now use kubernetes_users
and kubernetes_groups
from the leaf role instead of the root role.
For all users, we recommend upgrading the Teleport Proxy process.
For Application Access users, we also recommend upgrading the Application Access processes.
For Trusted Cluster users, we also recommend upgrading the Teleport Auth process within both leaf and root clusters.
For Kubernetes Access users who rely on Trusted Clusters, we recommend reviewing the leaf cluster roles and making sure that they grant the correct kubernetes_users
and kubernetes_groups
.
Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.
Download one of the following releases to mitigate the issue:
All current and previous releases of Enterprise can be downloaded from https://dashboard.goteleport.com.
Published by webvictim over 3 years ago
This release of Teleport contains multiple security fixes.
As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 5.0, 4.4, and 4.3. We strongly suggest upgrading to the latest release.
Below we highlight the most serious issues found, as well as the components of Teleport they affect.
If an attacker can convince a user to click on a malicious link, the attacker can steal the victim’s session cookie or force them to log into an attacker controlled Application Access account.
Under certain circumstances, an already privileged user within a root cluster could potentially elevate their privileges further by gaining the exact same roles in the leaf as they have in the root cluster (instead of the mapped roles).
An unauthenticated attacker that has network access to the Teleport Web Proxy could stage a DOS attack causing it to crash.
Trusted clusters now correctly handle role mapping for Kubernetes. If you had identically-named roles in root and leaf clusters for granting Kubernetes access, leaf clusters now use kubernetes_users
and kubernetes_groups
from the leaf role instead of the root role.
For all users, we recommend upgrading the Teleport Proxy process.
For Application Access users, we also recommend upgrading the Application Access processes.
For Trusted Cluster users, we also recommend upgrading the Teleport Auth process within both leaf and root clusters.
For Kubernetes Access users who rely on Trusted Clusters, we recommend reviewing the leaf cluster roles and making sure that they grant the correct kubernetes_users
and kubernetes_groups
.
Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.
Download one of the following releases to mitigate the issue:
All current and previous releases of Enterprise can be downloaded from https://dashboard.goteleport.com.
Published by webvictim over 3 years ago
This release of Teleport contains a number of improvements and bug fixes.
tsh env
command: #5395
kube_public_addr
config field to proxy_service
:#5611
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by webvictim over 3 years ago
This release of Teleport contains multiple bug fixes.
tsh
#5323
tsh
#5172
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 3 years ago
This release of Teleport contains a number of improvements and bug fixes.
tsh db ls
command to include connection information and add tsh db config
command: #5319..tsh
directory: #5323.database
role to db
: #5359.tsh login
failure when --proxy
differs from actual proxy public address: #5380.Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by fspmarshall almost 4 years ago
This release of Teleport contains multiple bug fixes.
Fixed an issue where the request_access: reason
role option was triggering
the reason dialogue when opening new tabs/windows in Firefox.
Ensure tsh
always registers access requests against root cluster: #5226
Ensure that tsh
uses the correct username after login with an external identity provider: #5323
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 4 years ago
This release of Teleport introduces Database Access with PostgreSQL support.
See Database Access Preview docs for more information.
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.