teleport

This release of Teleport fixes a regression in Teleport binaries.

Bug Fixes

• Binaries for macOS have been rebuilt to resolve "certificate signed by a unknown authority" issue.

This release of Teleport fixes a regression in Teleport binaries.

Bug Fixes

• Binaries for macOS have been rebuilt to resolve "certificate signed by a unknown authority" issue.

This is a major release of Teleport. Its goal is to make cloud-native deployments easier. Numerous AWS users have contributed feedback to this release, which includes:

New Features

• Auth servers in highly available (HA) configuration can share the same /var/lib/teleport data directory when it's hosted on NFS (or AWS EFS). #1351
• There is now an AWS reference deployment in examples/aws directory. It uses Terraform and demonstrates how to deploy large Teleport clusters on AWS using best practices like auto-scaling groups, security groups, secrets management, load balancers, etc.
• The Teleport daemon now implements built-in connection draining which allows zero-downtime upgrades See documentation.
• Dynamic join tokens for new nodes can now be explicitly set via tctl node add --token. This allows Teleport admins to use an external mechanism for generating cluster invitation tokens. #1615
• Teleport now correctly manages certificates for accessing proxies behind a load balancer with the same domain name. The new configuration parameter public_addr must be used for this. #1174

Improvements

• Switching to a new TLS-based auth server API improves performance of large clusters. #1528
• Session recordings are now compressed by default using gzip. This reduces storage requirements by up to 80% in our real-world tests. #1579
• More user-friendly authentication errors in Teleport audit log helps Teleport admins troubleshoot configuration errors when integrating with SAML/OIDC providers. #1554 #1553 #1599
• tsh client will now report if a server's API is no longer compatible.

Bug Fixes

• tsh logout will now correctly log out from all active Teleport sessions. This is useful for users who're connected to multiple Teleport clusters at the same time. #1541
• When parsing YAML, Teleport now supports -- list item separator to create multiple resources with a single tctl create command. #1663
• Fixed a panic in the Web UI backend #1558

Behavior Changes

Certain components of Teleport behave differently in version 2.5. It is important to note that these changes are not breaking Teleport functionality. They improve Teleport behavior on large clusters deployed on highly dynamic cloud environments such as AWS. This includes:

• Session list in the Web UI is now limited to 1,000 sessions.
• The audit log and recorded session storage has been moved from /var/lib/teleport/log to /var/lib/teleport/log/<auth-server-id>. This is related to #1351 described above.
• When connecting a trusted cluster users can no longer pick an arbitrary name for them. Their own (local) names will be used, i.e. the cluster_name setting now defines how the cluster is seen from the outside. #1543

This release of Teleport focuses on bugfixes.

Bug Fixes

• Resolved tsh logout regression. #1541
• Binaries for supported platforms all built with Go 1.9.2.

This release of Teleport focuses on bugfixes.

Bug Fixes

• Resolved "access denied" regression in Trusted Clusters. #1733
• Resolved toggling regression in Trusted Clusters. #1751
• Key written with wrong username to ~/.tsh. #1749

WARNING Use at your own risk. Pre-releases are not production ready.

• incorporate fixes from 2.4.2 release

This release of Teleport focuses on bugfixes.

Bug Fixes

• Wait for copy to complete before propagating exit-status. #1646
• Don't discard initial bytes in HTTP CONNECT tunnel. #1659
• Pass caching key generator to services and use cache in recording proxy. #1639
• Only display "Change Password" in UI for local users. #1669
• Update Singup URL. #1643
• Improved Teleport version reporting. #1538
• Fixed regressions in terminal size handling and Trusted Clusters introduced in 2.4.1. #1674 #1692

WARNING Pre-releases are not production ready. Use at your own risk.

• Improve and tweak signal handling
• Fixes in migrations for trusted clusters
• Improve memory usage for gzip writers

WARNING Beta releases are not production ready. Use at your own risk.

• Add ability to live reload Teleport binaries without downtime

This release is focused on fixing a few regressions in Teleport as well as adding a new feature.

New Features

• Exposed the --compat flag to Web UI users. #1542

Bug Fixes

• Wrap lines correctly on initial login. #1087
• Accept port numbers larger than 32767: #1576
• Don't show the Join button when using the recording proxy. #1421
• Don't double record sessions when using the recording proxy and Teleport nodes. #1582
• Fixed regressions in tsh login and tsh logout. #1611 #1541

Improve cache performance, add metrics and logging.

This is a pre-release, use at your own risk: some migrations are data format can change from beta.

IMPORTANT:: This is alpha pre-release. On disk format an migrations can change. Use at own risk.

Fix issue with multiple Auth servers returning events out of order.

Alpha pre-release, use at your own risk. Data migrations may be not reversible.

• Removed extra error messages caused by LB health checks
• Switched to boltdb for local caching
• Remove newlines in token files

Added ability to supply custom tokens for tctl nodes add

Use at your own risk.

Teleport 2.4.0 adds two major new features and a few improvements and bugfixes.

New Features

• New Commercial Teleport Editions: "Pro" and "Business" allow users to
  purchase a Teleport subscription without signing contracts.
• Teleport now supports SSH session recording even for nodes running OpenSSH. #1327
  This feature is called "recording proxy mode".
• Users of open source edition of Teleport can now authenticate against Github. #1445
• The Web UI now supports persistent URLs to Teleport nodes which can be
  integrated into 3rd party web apps. #1511
• Session recording can now be turned off #1430

Deprecated Features

• Teleport client tsh no longer supports being an SSH agent. We recommend
  using build-in SSH agents for MacOS and Linux, like ssh-agent from
  openssh-client package.

Bug Fixes

There have been numerous small usability and performance improvements, but some
notable fixed bugs are listed below:

• Resource (file descriptor) leak. #1433
• Correct handling of the terminal type. #1402
• Crash on startup. #1395

Description

Teleport 2.4.0-rc.4 is the fourth release candidate for Teleport 2.4.0.

Description

Teleport 2.3.7 fixes a security vulnerability that allowed an attacker with direct network access to the Auth Server to write a client for the Auth Server that could by-pass second factor authentication.

We strongly encourage anyone running Teleport 2.3 to upgrade their Auth Server to 2.3.7 to mitigate this issue.

Bug Fixes

• Don't allow second factor by-pass. #1550

Description

Teleport 2.2.8 fixes a security vulnerability that allowed an attacker with direct network access to the Auth Server to write a client for the Auth Server that could by-pass second factor authentication.

We strongly encourage anyone running Teleport 2.2 to upgrade their Auth Server to 2.2.8 to mitigate this issue.

Bug Fixes

• Don't allow second factor by-pass. #1550

Minor fix in the webapi server. Release 2.5.0-alpha.2.