Fork me on GitHub


Getting Started With Teleport Cloud


Here is a simple set of steps to access your cloud from the command line and easily add your first Server access.

Step 1/5 Sign up

Sign up for a cloud account here.

Step 2/5 Access Web Console

Access Web Console Access Web Console

Select Add Server and press COPY to copy the script command Add Server Script

Step 3/5 Install Teleport Agent on Server

Paste and run the script on a Linux Server:

Past Install Script

Teleport Agent Installed Completed Install

Step 4/5 Access Server

Click CLOSE. The server can now be accessed via SSH: Access Server

Interact with your SSH session: Open SSH

Exit the session with exit. You can replay the session within Session Recordings: Replay Session

Step 5/5 Access from Command Line

Install client libraries:

You can download one of the following .pkg installers for macOS:


You can also fetch an installer via the command line:

curl -O

Install on Macintosh HD

sudo installer -pkg teleport-ent-11.3.1.pkg -target /


installer: Package name is teleport-ent-11.3.1

installer: Upgrading at base path /

installer: The upgrade was successful.

which teleport


Starting with Teleport v7.2.0, most tsh features are supported for Windows 10 1607+. The tsh ssh command can be run under cmd.exe, PowerShell, and Windows Terminal.

To install tsh on Windows, run the following commands in PowerShell:

Get the expected checksum for the Windows tsh package

$Resp = Invoke-WebRequest

PowerShell will return the binary representation of the response content

by default, so you need to convert it to a string


<checksum> <filename>

curl -O
certUtil -hashfile SHA256

SHA256 hash of


CertUtil: -hashfile command completed successfully.

After you have verified that the checksums match, you can extract the archive. The executable will be available at teleport-v11.3.1-windows-amd64-bin\teleport\tsh.exe.

cd teleport-v11.3.1-windows-amd64-bin\teleport
.\tsh.exe version

Teleport v11.3.1 git:v11.3.1 go1.19

Make sure to move tsh.exe into your PATH.

curl -O

verify signature

echo "$(curl" | sha256sum --check
tar -xzf teleport-ent-v11.3.1-linux-amd64-bin.tar.gz
cd teleport-ent
sudo ./install

Login into Teleport and test the connection:

tsh logs you in and receives short-lived certificates

tsh login [email protected]
tsh ls

Node Name Address Labels

--------- ---------- ------

myserver ⟵ Tunnel

When Teleport's Auth Service receives a request to list Teleport Nodes (e.g., to display Nodes in the Web UI or via tsh ls), it only returns the Nodes that the current user is authorized to view.

For each Node in the user's Teleport cluster, the Auth Service applies the following checks in order and, if one check fails, hides the Node from the user:

  • None of the user's roles contain a deny rule that matches the Node's labels.
  • None of the user's roles contain a deny rule that matches the user's login.
  • At least one of the user's roles contains an allow rule that matches the Node's labels.
  • At least one of the user's roles contains an allow rule that matches the user's login.

If you are not seeing Nodes when expected, make sure that your user's roles include the appropriate allow and deny rules as documented in the Teleport Access Controls Reference.

Type exit to end this session. Happy Teleporting!

Next Steps