The easiest, and most secure way to access and protect all of your infrastructure.
AGPL-3.0 License
Bot releases are hidden (Show)
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tsh
would shell out to ssh
. #14222
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tsh proxy ssh
command shelling out to ssh
in non TLS routing mode. #14522
tsh login
erroring out on non-existent PuTTY key file on Windows. #14572
tbot
binary in Docker images. #14462
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
--insecure-no-tls
mode. #14328
--ca-pin
flag overriding configuration. #14362
--cluster
flag for tsh db ls
command. #14391
tsh login
to hint at required --user
flag. #14254
tctl
is run before Teleport is started. #14083
tsh login
if Proxy address wasn't configured correctly. #14374
tsh db ls
performance for users with many roles. #14287
tbot
binary in Docker images. #14464
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
TeleportDegraded
events. #14314
--ca-pin
flag overriding configuration. #14361
tsh
. #14186
--user
flag to tsh login
. #14253
tctl users update --set-logins
command. #14390
--format
flag to tsh proxy aws
command. #14447
tsh login
error message when Proxy public address is not set. #14338
tsh db ls
performance for users with many roles. #14284
--insecure-no-tls
mode. #14327
tsh login
. #14383
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
Teleport 10 is a major release that brings the following new features.
Platform:
Server Access:
Database Access:
Teleport Connect:
Machine ID:
Teleport 10 introduces passwordless support to your clusters. To use passwordless users may register a security key with resident credentials or use a built-in authenticator, like Touch ID.
See https://goteleport.com/docs/access-controls/guides/passwordless/.
Teleport 10 expands just-in-time access requests to allow for requesting access to specific resources. This lets you grant users the least privileged access needed for their workflows.
Just-in-time access requests are only available in Teleport Enterprise Edition.
Proxy peering enables Teleport deployments to scale without an increase in load from the number of agent connections. This is accomplished by allowing Proxy Services to tunnel client connections to the desired agent through a neighboring proxy and decoupling the number of agent connections from the number of Proxies.
Proxy peering can be enabled with the following configurations:
auth_service:
tunnel_strategy:
type: proxy_peering
agent_connection_count: 1
proxy_service:
peer_listen_addr: 0.0.0.0:3021
Network connectivity between proxy servers to the peer_listen_addr
is required for this feature to work.
Proxy peering is only available in Teleport Enterprise Edition.
Teleport 10 introduces a new role option to pin the source IP in SSH certificates. When enabled, the source IP that was used to request certificates is embedded in the certificate, and SSH servers will reject connection attempts from other IPs. This protects against attacks where valid credentials are exfiltrated from disk and copied out into other environments.
IP-based restrictions are only available in Teleport Enterprise Edition.
Teleport 10 can be configured to automatically create Linux host users upon login without having to use Teleport's PAM integration. Users can be added to specific Linux groups and assigned appropriate “sudoer” privileges.
To learn more about configuring automatic user provisioning read the guide: https://goteleport.com/docs/server-access/guides/host-user-creation/.
Teleport 9 introduced a preview of Database Access support for Microsoft SQL Server which didn’t include audit logging of user queries. Teleport 10 captures users' queries and prepared statements and sends them to the audit log, similarly to other supported database protocols.
Teleport Database Access for SQL Server remains in Preview mode with more UX improvements coming in future releases.
Refer to the guide to set up access to a SQL Server with Active Directory authentication: https://goteleport.com/docs/database-access/guides/sql-server-ad/.
Teleport 10 brings support for Snowflake to Database Access. Administrators can set up access to Snowflake databases through Teleport for their users with standard Database Access features like role-based access control and audit logging, including query activity.
Connect your Snowflake database to Teleport following this guide: https://goteleport.com/docs/database-access/guides/snowflake/.
Teleport 9 added Redis protocol support to Database Access. Teleport 10 improves this integration by adding native support for AWS-hosted Elasticache and MemoryDB, including auto-discovery and automatic credential management in some deployment configurations.
Learn more about it in this guide: https://goteleport.com/docs/database-access/guides/redis-aws/.
Teleport Connect is a graphical macOS application that simplifies access to your Teleport resources. Teleport Connect 10 supports Server Access and Database Access. Other protocols and Windows support are coming in a future release.
Get Teleport Connect installer from the macOS tab on the downloads page: https://goteleport.com/download/.
In Teleport 10 we’ve added Database Access support to Machine ID. Applications can use Machine ID to access databases protected by Teleport.
You can find Machine ID guide for database access in the documentation: https://goteleport.com/docs/machine-id/guides/databases/.
Please familiarize yourself with the following potentially disruptive changes in Teleport 10 before upgrading.
Teleport 10 agents will now refuse to start if they detect that the Auth Service is more than one major version behind them. You can use the --skip-version-check
flag to bypass the version check.
Take a look at component compatibility guarantees in the documentation: https://goteleport.com/docs/setup/operations/upgrading/#component-compatibility.
Reverse tunnel connections will now respect HTTP_PROXY
environment variables. This may result in reverse tunnel agents not being able to re-establish connections if the HTTP proxy is set in their environment and does not allow connections to the Teleport Proxy Service.
Refer to the following documentation section for more details: https://goteleport.com/docs/setup/reference/networking/#http-connect-proxies.
With Teleport 10 we’ve migrated to new APT repositories that now support multiple release channels, Teleport versions and OS distributions. The new repositories have been backfilled with Teleport versions starting from 6.2.31 and we recommend upgrading to them. The old repositories will be maintained for the foreseeable future.
See updated installation instructions: https://goteleport.com/docs/server-access/getting-started/#step-14-install-teleport-on-your-linux-host.
The tctl access ls
command that returned information about user server access within the cluster was removed. Please use a previous tctl
version if you’d like to keep using it.
In previous versions of Teleport users needed full access to a Node/Kubernetes pod in order to join a session. Teleport 10 relaxes this requirement. Joining sessions remains deny-by-default but now only join_policy
statements are checked for session join RBAC.
See the Moderated Sessions guide for more details: https://goteleport.com/docs/access-controls/guides/moderated-sessions/.
The GitHub authentication connector’s teams_to_logins
field is deprecated in favor of the new teams_to_roles
field. The old field will be removed in a future release.
Teleport 10 will now automatically use FIPS endpoints for AWS S3 and DynamoDB when started with the --fips
flag. You can use the use_fips_endpoint=false
connection endpoint option to use regular endpoints for Teleport in FIPS mode, for example:
s3://bucket/path?region=us-east-1&use_fips_endpoint=false
See the S3/DynamoDB backends documentation for more information: https://goteleport.com/docs/setup/reference/backends/#s3.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains a security fix, as well as multiple improvements and bug fixes.
When checking a user’s roles prior to starting a session, Teleport may have incorrectly allowed a session to proceed without moderation depending on the order roles are received from the backend.
If you're using Moderated Sessions, we recommend upgrading Auth, Proxy, SSH and Kubernetes agents.
tsh db ls -R
now showing allowed users. #13626
tsh
relogin. #13747
use_fips_endpoint
connection option. #13703
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tsh ls -R
that displays resources across all clusters and profiles. #13313
tsh
not correctly reporting "address in use" error during port forwarding. #13679
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tsh proxy ssh -J
to improve interoperability with OpenSSH clients. #13311
kubectl exec
auditing by logging access denied attempts. #12831, #13400
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple security, bug fixes and improvements.
When setting up agent forwarding on the node, Teleport did not handle unix socket creation in a secure manner.
This could have given a potential attacker an opportunity to get Teleport to change arbitrary file permissions to the attacker’s user.
When handling websocket requests, Teleport did not verify that the provided Bearer token was generated for the correct user.
This could have allowed a malicious low privileged Teleport user to use a social engineering attack to gain higher privileged access on the same Teleport cluster.
When accepting an access request, Teleport did not enforce the maximum request reason size.
This could allow a malicious actor to mount a DoS attack by creating an access request with a very large request reason.
When initializing a moderated session, Teleport did not discard participant’s input prior to the moderator joining.
This could prevent a moderator from being able to interrupt a malicious command executed by a participant.
We recommend upgrading Auth, Proxy, SSH and Kubernetes agents.
Users should backup the Teleport cluster, then follow the standard Teleport upgrade procedure.
tsh
on Windows. #13221
tsh ssh
printing extra error upon exit if last command was unsuccessful. #12903
v1.17.11
. #13104
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple security, bug fixes and improvements.
When setting up agent forwarding on the node, Teleport did not handle unix socket creation in a secure manner.
This could have given a potential attacker an opportunity to get Teleport to change arbitrary file permissions to the attacker’s user.
When handling websocket requests, Teleport did not verify that the provided Bearer token was generated for the correct user.
This could have allowed a malicious low privileged Teleport user to use a social engineering attack to gain higher privileged access on the same Teleport cluster.
When accepting an access request, Teleport did not enforce the maximum request reason size.
This could allow a malicious actor to mount a DoS attack by creating an access request with a very large request reason.
We recommend upgrading Auth, Proxy, SSH and Kubernetes agents.
Users should backup the Teleport cluster, then follow the standard Teleport upgrade procedure.
tsh ssh
printing extra error upon exit when last command was unsuccessful. #12904
v1.17.11
. #13107
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple security and bug fixes.
When setting up agent forwarding on the node, Teleport did not handle unix socket creation in a secure manner.
This could have given a potential attacker an opportunity to get Teleport to change arbitrary file permissions to the attacker’s user.
When handling websocket requests, Teleport did not verify that the provided Bearer token was generated for the correct user.
This could have allowed a malicious low privileged Teleport user to use a social engineering attack to gain higher privileged access on the same Teleport cluster.
We recommend upgrading Auth, Proxy, SSH and Kubernetes agents.
Users should backup the Teleport cluster, then follow the standard Teleport upgrade procedure.
tsh ssh
printing extra error upon exit when last command was unsuccessful. #12902
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains two bug fixes.
tsh
version check. #13037
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by zmb3 over 2 years ago
Teleport Connect is a developer-friendly browser for cloud infrastructure.
Traditional terminals are optimized for accessing localhost. Teleport Connect offers enhanced user experience and identity-based access for engineers who work in the cloud.
Teleport Connect requires an installation of Teleport. Download Teleport here, and download Teleport Connect below.
The preview of Teleport Connect is available for amd64 Macs only. It also works on M1 Macs with Rosetta. Support for additional platforms and architectures will be added soon.
tsh
v9.3.0Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tctl
not taking TELEPORT_HOME
environment variable into account. #12738
AUTH
command not always authenticating the user in database access. #12754
tsh db ls
not showing allowed users for leaf clusters. #12853
teleport configure
failing when given non-existent data directory. #12806
tctl
not outputting debug logs. #12920
Teleport 9.3.0 reduces the minimum GLIBC requirement to 2.18 and enforces more secure cipher suites for desktop access.
As a result of these changes, desktop access users with desktops running Windows Server 2012R2 will need to perform
additional configuration to force Windows to use commpatible cipher suites.
Windows desktops running Windows Server 2016 and newer will continue to operate normally - no additional configuration is required.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple improvements and bug fixes.
tctl
not respecting TELEPORT_HOME
environment variable. #12758
tsh db ls
not displaying allowed users for databases in leaf clusters. #12854
tctl
not outputting debug logs. #12919
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant over 2 years ago
This release of Teleport contains multiple bug fixes and stability improvements.
tctl
not outputting debug logs. #12918
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.