Simplifying Zero Trust Security for AWS with Teleport
Jan 23
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

Using the Web UI

The Teleport Web UI is a web-based visual interface from which you can access resources, view active sessions and recordings, create and review Access Requests, manage users and roles, and more.

This page serves a reference on Web UI features and their usage.

Joining an active session

The Teleport Web UI allows you to list and join active SSH sessions using a web-based terminal.

You can view the active SSH sessions that you are allowed to list by clicking Active Sessions in the navigation sidebar. You can only see active sessions if you are assigned a role with list access for the ssh_session resource. For more information about role permissions and access to resources, see Teleport Access Controls Reference.

From the active sessions list, click Join and select a participant mode to join the session:

  • As an Observer with read-only access to the session. You can view output but cannot control the session in any way nor send any input.
  • As a Moderator with permission to watch, pause, or terminate the session. You can view output and forcefully terminate or pause the session at any time, but can't send input.
  • As a Peer to collaborate in the session. You can view output and send input.

You must have the join_sessions allow policy in a role you've been assigned to join sessions in any participant mode. For information about how to configure the join_sessions allow policy and participant modes for a role, see Configure an allow policy.

Idle timeout

After you log in, the Teleport Web UI checks every 30 seconds if your session is inactive. If so, it logs you out. A session is considered inactive if more than 10 minutes have passed since you last interacted with any Web UI browser tab, either through keyboard input or mouse movement and clicks.

To change the default idle timeout of 10 minutes, ask your cluster admin to adjust the web_idle_timeout setting in the Auth Service configuration.

Use tctl to edit the cluster_networking_config value:

tctl edit cluster_networking_config

Change the value of spec.web_idle_timeout:

kind: cluster_networking_config
metadata:
  ...
spec:
  ...
  web_idle_timeout: 10m0s
  ...
version: v2

After you save and exit the editor, tctl will update the resource:

cluster networking configuration has been updated