Access Controls FAQ

Q: What if a node has multiple labels?

A: In this case, the access will be granted only if all of the labels defined in the role are present. This effectively means Teleport uses an "AND" operator when evaluating node-level access using labels.

Q: Can I use node-level RBAC with OpenSSH servers?

A: No. OpenSSH servers running sshd can't label themselves. This is a factor in deciding to run the Teleport Node service instead.