teleport

Description

Teleport 2.0.6 contains a variety of security fixes. We strongly encourage anyone running Teleport 2.0.0 and above to upgrade to 2.0.6.

The most pressing issues (a phishing attack which can potentially be used to extract plaintext credentials and an attack where an already authenticated user can escalate privileges) can be resolved by upgrading the web proxy. However, however all nodes need to be upgraded to mitigate all vulnerabilities.

Fixes

• Patch for TLP-01-001 and TLP-01-003: Check redirect.
• Patch for TLP-01-004: Always check is namespace is valid.
• Patch for TLP-01-005: Check user principal when joining session.
• Patch for TLP-01-006 and TLP-01-007: Validate Session ID.
• Patch for TLP-01-008: Use a fake hash for password authentication if user does not exist.
• Patch for TLP-01-009: Command injection in scp.

Description

Teleport 2.0.5 contains a variety of security fixes. We strongly encourage anyone running Teleport 2.0.0 and above to upgrade to 2.0.5.

The most pressing issues (a phishing attack which can potentially be used to extract plaintext credentials and an attack where an already authenticated user can escalate privileges) can be resolved by upgrading the web proxy. However, however all nodes need to be upgraded to mitigate all vulnerabilities.

Fixes

• Patch for TLP-01-001 and TLP-01-003: Check redirect.
• Patch for TLP-01-004: Always check is namespace is valid.
• Patch for TLP-01-005: Check user principal when joining session.
• Patch for TLP-01-006 and TLP-01-007: Validate Session ID.
• Patch for TLP-01-008: Use a fake hash for password authentication if user does not exist.
• Patch for TLP-01-009: Command injection in scp.

Description

v2.0.4 is a maintenance release which contains a variety of bugfixes.

Fixes

Roles created the the Web UI now have node resource. #949

Description

v2.0.3 is a maintenance release which contains a variety of bugfixes.

Fixes

• Execute commands using user's shell. #943
• Allow users to read their own roles. #941
• Fix User CA import. #919
• Role template defaults. #916
• Skip UserInfo if not provided. #915

Description

v2.0.2 is a maintenance release which fixes SSH agent forwarding permissions issues.

Fixes

https://github.com/gravitational/teleport/pull/936

Description

Teleport 2.0.1 is a major new release of Teleport.

Teleport is a modern SSH server for remotely accessing clusters of Linux servers via SSH or HTTPS. It is intended to be used instead of sshd. Teleport enables teams to easily adopt SSH best practices like: certificate-based access, two-factor authentication, session recording and audit, external identity providers, and much more.

New Features

• Role-based access control (RBAC) (available in Teleport Enterprise).
• Dynamic configuration: manage resources like Roles and Trusted Clusters at runtime (available in Teleport Enterprise).
• Native support for DynamoDB back-end for storing cluster state.
• It is now possible to disable Two-Factor Authentication (2FA).
• Support for Time-based One-time Password Algorithm (TOTP) for Two-Factor Authentication.
• New and easy to use framework for implementing secret storage plug-ins.
• Audit log format has been finalized and documented.
• Experimental simple file-based secret storage back-end.
• SSH agent forwarding (available in Teleport Enterprise).
• Dynamic Roles for external identity providers (available in Teleport Enterprise).
• Added the ability to map claims to roles for external identity providers (available in Teleport Enterprise).

Improvements

• Friendlier CLI error messages.
• Improvements to OpenSSH interoperability including:
  • Host Certificates now contain DNS names as well as Teleport IDs.
  • Corrected export formats for Certificate Authorities.
  • tsh login and tsh agent now support loading keys into external SSH agents.
  • Improvements and fixes for Ansible integration.
• Server-side enforceable authentication.
• Enhanced OIDC functionality to support parsing UserInfo for claims information.

Full list of Github Issues

• https://github.com/gravitational/teleport/milestone/8?closed=1
• https://github.com/gravitational/teleport/milestone/12?closed=1

Description

v1.3.2 is a maintenance release which fixes a Web UI issue when in some cases static web assets like custom fonts would not load properly.

Fixes

• Issue #687

Description

v1.3.1 is a maintenance release which fixes a few issues found in 1.3

Issues

• Teleport session recorder can skip characters.
• U2F was enabled by default in "demo mode" if teleport.yaml file was missing.

Improvements

• U2F documentation has been improved.

This release includes several major new features and it's recommended for production use.

New Features:

• Support for hardware U2F keys for 2nd factor authentication.
• CLI client profiles: tsh can now remember its --proxy setting.
• tctl auth sign command to allow administrators to generate user session keys
• Web UI is now served directly from the executable (no more need for web assets in /usr/local/share/teleport)

Bug Fixes:

• Multiple auth servers in config doesn't work if the last on is not reachable. #593
• tsh scp -r does not handle directory upload properly #606

This is a maintenance release and it's a drop-in replacement for previous versions.

Changes:

• Usability bugfixes as can be seen here
• Updated documentation
• Added examples directory with sample configuration and systemd unit file.

This release is a drop-in upgrade of previous versions.

Changes

• User experience improvements: nicer error messages
• Better compatibility with ssh command: -t flag can be used to force allocation of TTY
• Bugfixes

This release was recommended for production with one reservation: time-limited certificates did not work correctly in this release due to this bug

Changes

• Improvements in performance and usability of the Web UI
• Smaller binary sizes thanks to Golang v1.7
• Bugfixes: https://github.com/gravitational/teleport/milestone/6?closed=1