Here is a simple set of steps to access your cloud from the command line and easily add your first Server access.
Step 1/5 Sign up
Sign up for a cloud account here.
Step 2/5 Access Web Console
Access Web Console
Select Add Server and press COPY to copy the script command
Step 3/5 Install Teleport Agent on Server
Paste and run the script on a Linux Server:
Teleport Agent Installed
Step 4/5 Access Server
Click CLOSE. The server can now be accessed via SSH:
Interact with your SSH session:
Exit the session with exit. You can replay the session within Session Recordings:
Step 5/5 Access from Command Line
Install client libraries:
You can download one of the following .pkg installers for macOS:
| Link | Binaries |
|---|---|
teleport-ent-11.3.1.pkg | teleporttctltshtbot |
tsh-11.3.1.pkg | tsh |
You can also fetch an installer via the command line:
curl -O https://cdn.teleport.dev/teleport-ent-11.3.1.pkgInstall on Macintosh HD
sudo installer -pkg teleport-ent-11.3.1.pkg -target /Password:
installer: Package name is teleport-ent-11.3.1
installer: Upgrading at base path /
installer: The upgrade was successful.
which teleport/usr/local/bin/teleport
Starting with Teleport v7.2.0, most tsh features are supported for Windows 10
1607+. The tsh ssh command can be run under cmd.exe, PowerShell, and Windows
Terminal.
To install tsh on Windows, run the following commands in PowerShell:
Get the expected checksum for the Windows tsh package
$Resp = Invoke-WebRequest https://get.gravitational.com/teleport-v11.3.1-windows-amd64-bin.zip.sha256PowerShell will return the binary representation of the response content
by default, so you need to convert it to a string
[System.Text.Encoding]::UTF8.getstring($Resp.Content)<checksum> <filename>
curl -O teleport-v11.3.1-windows-amd64-bin.zip https://get.gravitational.com/teleport-v11.3.1-windows-amd64-bin.zipcertUtil -hashfile teleport-v11.3.1-windows-amd64-bin.zip SHA256SHA256 hash of teleport-v11.3.1-windows-amd64-bin.zip:
<checksum>
CertUtil: -hashfile command completed successfully.
After you have verified that the checksums match, you can extract the archive.
The executable will be available at
teleport-v11.3.1-windows-amd64-bin\teleport\tsh.exe.
Expand-Archive teleport-v11.3.1-windows-amd64-bin.zipcd teleport-v11.3.1-windows-amd64-bin\teleport.\tsh.exe versionTeleport v11.3.1 git:v11.3.1 go1.19
Make sure to move tsh.exe into your PATH.
curl -O https://cdn.teleport.dev/teleport-ent-v11.3.1-linux-amd64-bin.tar.gzverify signature
echo "$(curl https://get.gravitational.com/teleport-ent-v11.3.1-linux-amd64-bin.tar.gz.sha256)" | sha256sum --checktar -xzf teleport-ent-v11.3.1-linux-amd64-bin.tar.gzcd teleport-entsudo ./install
Login into Teleport and test the connection:
tsh logs you in and receives short-lived certificates
tsh login --proxy=myinstance.teleport.sh [email protected]tsh lsNode Name Address Labels
--------- ---------- ------
myserver ⟵ Tunnel
tsh ssh [email protected]
When Teleport's Auth Service receives a request to list Teleport Nodes (e.g., to
display Nodes in the Web UI or via tsh ls), it only returns the Nodes that the
current user is authorized to view.
For each Node in the user's Teleport cluster, the Auth Service applies the following checks in order and, if one check fails, hides the Node from the user:
- None of the user's roles contain a
denyrule that matches the Node's labels. - None of the user's roles contain a
denyrule that matches the user's login. - At least one of the user's roles contains an
allowrule that matches the Node's labels. - At least one of the user's roles contains an
allowrule that matches the user's login.
If you are not seeing Nodes when expected, make sure that your user's roles
include the appropriate allow and deny rules as documented in the
Teleport Access Controls Reference.
Type exit to end this session. Happy Teleporting!
Next Steps
- Consider using our desktop app - Teleport Connect to access your resources.
- Explore cloud architecture.
- Check out FAQ.
- Join the Teleport Discussions and ask a question.
- Join the Slack channel.