The easiest, and most secure way to access and protect all of your infrastructure.
AGPL-3.0 License
Bot releases are visible (Hide)
Published by r0mant almost 2 years ago
This release of Teleport contains a security fix as well as multiple improvements and bug fixes.
Fixed issue where an attacker with physical access to user's computer and raw
access to the filesystem could potentially recover the seed QR code.
server_hostname
to session.*
audit events. #18832
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes
Published by r0mant almost 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
user.spec
syntax in moderated session filters. #18455
teleport discovery bootstrap
command. #18641
windows_desktops
as the correct resource for tctl
commands. #18816
tsh db ls
JSON and YAML output to include allowed users. #18543
tctl auth sign --format kubernetes
to allow merging multiple clusters in the same kubeconfig. #18525
tsh play
output in JSON and YAML formats. #18825
Download the current and previous releases of Teleport at https://goteleport.com/download/.
Published by r0mant almost 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tsh aws s3 cp
returning an error. #18432
arm
and arm64
container images. #18272
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tsh ssh -J
not being able to connect to leaf cluster nodes. #18268
tbot
's concurrently using the same output directory. #17999
tbot
failing to parse version on some kernels. #18298
arm
and arm64
Docker images for Teleport and Operator. #18222
tsh proxy ssh
to support HTTPS_PROXY
. #18295
tsh kube login
to support providing default user, group and namespace. #18185
teleport configure
command to produce v2 config when auth server is provided. #17914
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tsh proxy ssh
not respecting HTTPS_PROXY
. #18294
tbot
failing to parse certain kernel versions. #18300
tsh
performance by reducing the number of roundtrips to server. #18054
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 2 years ago
This release of Teleport contains a bug fix and a performance improvement.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 2 years ago
This release of Teleport contains a security fix as well as bug fixes and stability improvements.
Some non-interactive SSH commands could escape audit log.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
labels: security-patch=yes
Published by r0mant almost 2 years ago
This release of Teleport contains a security fix as well as multiple improvements and bug fixes.
Some non-interactive SSH commands could escape audit log.
tsh db connect
session terminating upon receiving SIGINT. #17066
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
labels: security-patch=yes
Published by r0mant almost 2 years ago
This release of Teleport contains a security fix as well as multiple improvements and bug fixes.
Under some circumstances, non-interactive SSH commands could escape audit log.
tctl auth sign
. #17559
tctl rm windows_desktop/<name>
removing all desktops. #17730
tsh db connect
session can be terminated by SIGINT. #17063
tsh ls
query filter to allow filtering by node names. #17043
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
labels: security-patch=yes
Published by r0mant almost 2 years ago
This release of Teleport contains several bug fixes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant almost 2 years ago
This release of Teleport contains a security fix and multiple bug fixes.
Teleport did not block SFTP protocol in Moderated Sessions.
tctl rm windows_desktop/<name>
removing all desktops. #17732
tctl
UX when using hardware-backed private keys. #17681
tsh mfa add
error reporting. #17580
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
labels: security-patch=yes
Published by r0mant almost 2 years ago
This release of Teleport contains a security fix, as well as multiple improvements and bug fixes.
Teleport did not block SFTP protocol in Moderated Sessions.
tsh proxy ssh -J
command not working when root proxy is unavailable. #17633
tctl rm windows_desktop/<name>
deleting all Windows desktops. #17731
tsh db ls
. #17779
tsh mfa add
not showing OTP QR code image on Windows. #17702
tctl auth sign
not working for Snowflake in trusted cluster scenario. #17327
load_all_cas
auth service option that allows to load all CAs when connecting to a node. #17398
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
labels: security-patch=yes
Published by r0mant almost 2 years ago
Teleport 11 brings the following new major features and improvements:
Teleport 11 clients (such as tsh or Connect) support storing their private key
material on Yubikey devices instead of filesystem which helps prevent
credentials exfiltration attacks.
See how to enable it in this guide:
https://goteleport.com/docs/access-controls/guides/hardware-key-support/
Hardware-backed private keys is an enterprise only feature, and is currently
supported for Server Access only.
Teleport 11 adds server-side support for SFTP protocol which many IDEs such as
VSCode or JetBrains PyCharm, GoLand and others use for browsing, copying, and
editing files on remote systems.
The following guides explain how to use IDEs to connect to a remote machine via
Teleport:
https://goteleport.com/docs/server-access/guides/vscode/
https://goteleport.com/docs/server-access/guides/jetbrains-sftp/
In addition, Teleport 11 clients will use SFTP protocol for file transfer under
the hood instead of the obsolete scp protocol. Server-side scp is still
supported so existing clients aren’t affected.
In Teleport 11 users no longer need to use persistent storage when deploying
Helm charts. When running on Kubernetes, Teleport services will now store their
identities in Kubernetes Secrets which removes the need for using persistent
storage or static join tokens.
For existing deployments, this change involves migration from Deployment to
StatefulSet which is performed automatically during Helm upgrade to Teleport 11.
Teleport 11 adds support for automatic discovery and enrollment of AWS Elastic
Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) clusters.
Teleport 11 improves Azure support in multiple areas.
Teleport agents running on Azure VMs will now automatically import Azure tags to
label resources.
Teleport Database Access now supports auto-discovery for Azure-hosted PostgreSQL
and MySQL databases. See the updated Azure guide for more details:
https://goteleport.com/docs/ver/11.0/database-access/guides/azure-postgres-mysql/.
In addition, Teleport Database Access will now use Azure AD managed identity
authentication for Azure-hosted SQL Server databases.
Teleport 11 adds support for Cassandra and ScyllaDB databases in Database
Access. This includes support for AWS Keyspaces.
Teleport 11 adds support for secret-less joining of Machine ID agents in GitHub
Actions workflows. See the guide for more details:
https://goteleport.com/docs/machine-id/guides/github-actions/
We have also released a GitHub Action for setting up the Teleport binaries
within a GitHub workflow environment. More details regarding this can be found
at the Teleport GitHub Actions repository:
https://github.com/gravitational/teleport-actions
In addition, the Teleport Terraform plugin now supports the creation of Machine
ID Bots and Bot Tokens.
tsh 11 adds support for MFA and passwordless logins via Windows Hello and
FIDO2 devices.
Teleport Connect has added support for Access Requests and file upload/download.
Please familiarize yourself with the following potentially disruptive changes in
Teleport 11 before upgrading.
Beginning in Teleport 11, GitHub SAML SSO will only be available in our
Enterprise Edition. GitHub SSO without SAML will continue to work with OSS
Teleport.
To keep using GitHub SSO with the OSS Teleport, SAML SSO needs to be disabled
for your GitHub organization. OSS Teleport users can continue to use GitHub SSO
if using a Github Free or Team GitHub Plan.
In Teleport Plugins 11, redirect_url
property in OIDC connectors created via
a Terraform module expects an array:
redirect_url = [ "http://example.com" ]
Starting with Teleport 11, Quay.io as a container registry has been deprecated.
Customers should use the new AWS ECR registry to pull Teleport Docker images:
https://goteleport.com/docs/installation/#docker.
Quay.io registry support will be removed in a future release.
In Teleport 11, old deb/rpm repositories (deb.releases.teleport.dev and
rpm.releases.teleport.dev) have been deprecated. Customers should use the new
repositories (apt.releases.teleport.dev and yum.releases.teleport.dev) to
install Teleport: https://goteleport.com/docs/installation/#linux.
Support for our old deb/rpm repositories will be removed in a future release.
Teleport 11 agents will now store their identities in Kubernetes Secrets when
deployed via a Helm chart which eliminates the need for using persistent storage
or static join tokens. Due to this change, Teleport agents are now always
deployed as part of StatefulSet regardless of whether persistent storage is
enabled or not.
Existing agents that were deployed as Kubernetes Deployments (i.e. without
persistent storage) will be automatically converted to StatefulSets during
Teleport 11 Helm upgrade.
The preview PostgreSQL backend was deleted due to performance and scalability
concerns.
32-bit support for Desktop Access on ARM and 386 architectures has been removed
due to performance issues on these devices.
This also reduces the binary size for these builds, making them slightly more
convenient for smaller resource-constrained devices.
Published by r0mant almost 2 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tctl auth sign
producing "access denied" error. #17557
tsh
producing auditd errors on some systems. #17495
imagePullSecret
in teleport-kube-agent Helm chart. #16678
tsh ls --query
to allow querying SSH nodes by hostname. #17038
tsh
to default to passwordless login if Touch ID is available. #17472
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 2 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 2 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tctl get installer
. #17167
tsh db connect
connection. #16932
10.2.3
and newer clusters into older versions. #17226
username_claim
field. #17070
curl
command produced by tsh app login
to avoid TLS errors. #16975
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
labels: security-patch=yes
Published by r0mant about 2 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.