Fork me on GitHub
Teleport

Installation

Improve
Installing Teleport: Overview

Installing Teleport: Overview

Length: 03:03

First time trying Teleport?

If you are new to Teleport, we recommend following our getting started guides.

Operating system support

Teleport is officially supported on the platforms listed below. It is worth noting that the open-source community has been successful in building and running Teleport on UNIX variants other than Linux [1].

Operating Systemteleport Daemontctl Admin Tooltsh User ClientWeb UI (via the browser)tbot Daemon
Linux v2.6.23+ [2]yesyesyesyesyes
macOS v10.12+yesyesyesyesyes
Windows [3]nonoyesyesno

[1] Teleport is written in Go and it's possible to build it on any OS supported by the Golang toolchain.

[2] Enhanced Session Recording requires Linux kernel v5.8+.

[3] Teleport server does not run on Windows yet, but tsh (the Teleport client) supports most features on Windows 10 and later.

Linux

All installations include teleport, tsh, tctl, and tbot.

When running Teleport in production, we recommend that you follow the practices below to avoid security incidents. These practices may differ from the examples used in this guide, which are intended for demo environments:

  • Avoid using sudo in production environments unless it's necessary.
  • Create new, non-root, users and use test instances for experimenting with Teleport.
  • Run Teleport's services as a non-root user unless required. Only the SSH Service requires root access. Note that you will need root permissions (or the CAP_NET_BIND_SERVICE capability) to make Teleport listen on a port numbered < 1024 (e.g. 443).
  • Follow the "Principle of Least Privilege" (PoLP). Don't give users permissive roles when giving them more restrictive roles will do instead. For example, assign users the built-in access,editor roles.
  • When joining a Teleport agent to a cluster, save the invitation token to a file. Otherwise, the token will be visible when examining the teleport command that started the agent, e.g., via the history command on a compromised system.

Download Teleport's PGP public key

sudo curl https://deb.releases.teleport.dev/teleport-pubkey.asc \ -o /usr/share/keyrings/teleport-archive-keyring.asc

Add the Teleport APT repository

echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://deb.releases.teleport.dev/ stable main" \| sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null
sudo apt-get update
sudo apt-get install teleport
sudo yum-config-manager --add-repo https://rpm.releases.teleport.dev/teleport.repo
sudo yum install teleport

Optional: Using DNF on newer distributions

$ sudo dnf config-manager --add-repo https://rpm.releases.teleport.dev/teleport.repo

$ sudo dnf install teleport

curl https://get.gravitational.com/teleport-v9.3.7-linux-amd64-bin.tar.gz.sha256

<checksum> <filename>

curl -O https://get.gravitational.com/teleport-v9.3.7-linux-amd64-bin.tar.gz
shasum -a 256 teleport-v9.3.7-linux-amd64-bin.tar.gz

Verify that the checksums match

tar -xzf teleport-v9.3.7-linux-amd64-bin.tar.gz
cd teleport
sudo ./install
curl https://get.gravitational.com/teleport-v9.3.7-linux-arm-bin.tar.gz.sha256

<checksum> <filename>

curl -O https://get.gravitational.com/teleport-v9.3.7-linux-arm-bin.tar.gz
shasum -a 256 teleport-v9.3.7-linux-arm-bin.tar.gz

Verify that the checksums match

tar -xzf teleport-v9.3.7-linux-arm-bin.tar.gz
cd teleport
sudo ./install
curl https://get.gravitational.com/teleport-v9.3.7-linux-arm64-bin.tar.gz.sha256

<checksum> <filename>

curl -O https://get.gravitational.com/teleport-v9.3.7-linux-arm64-bin.tar.gz
shasum -a 256 teleport-v9.3.7-linux-arm64-bin.tar.gz

Verify that the checksums match

tar -xzf teleport-v9.3.7-linux-arm64-bin.tar.gz
cd teleport
sudo ./install

Check the Downloads page for the most up-to-date information.

Docker

We provide pre-built Docker images for every version of Teleport.

These images are hosted on quay.io. All tags under quay.io/gravitational/teleport are Teleport Open Source images.

The table below gives an idea of how our image naming scheme works. We offer images that point to a static version of Teleport as well as images that are automatically rebuilt every night. These nightly images point to the latest version of Teleport from the three most recent release branches. They are stable, and we recommend their use to keep your Teleport installation up to date.

Image nameTeleport versionImage automatically updated?Image base
quay.io/gravitational/teleport:9.3.7The latest version of Teleport Open SourceYesUbuntu 20.04
quay.io/gravitational/teleport:9.3.7The version specified in the image's tag (i.e. 9.3.7)NoUbuntu 20.04

For testing, we always recommend that you use the latest released version of Teleport, which is currently quay.io/gravitational/teleport:9.3.7.

For instructions on running containers with these images, see Getting started with Teleport using Docker.

We provide pre-built Docker images for every version of Teleport.

This table gives an idea of how our image naming scheme works. We offer images which point to a static version of Teleport Enterprise, as well as images which are automatically rebuilt every night.

Nightly images point to the latest version of Teleport Enterprise from the three most recent release branches. They are stable, and we recommend their use to easily keep your Teleport Enterprise installation up to date.

Image nameOpen Source or Enterprise?Teleport versionImage automatically updated?Image base
quay.io/gravitational/teleport-ent:9.3.8EnterpriseThe latest version of Teleport Enterprise 9.0YesUbuntu 20.04
quay.io/gravitational/teleport-ent:9.3.8-fipsEnterprise FIPSThe latest version of Teleport Enterprise 9.0 FIPSYesUbuntu 20.04
quay.io/gravitational/teleport-ent:9.3.7EnterpriseThe version specified in the image's tag (i.e. 9.3.7)NoUbuntu 20.04
quay.io/gravitational/teleport-ent:9.3.7-fipsEnterprise FIPSThe version specified in the image's tag (i.e. 9.3.7)NoUbuntu 20.04

For testing, we always recommend that you use the latest release version of Teleport Enterprise, which is currently quay.io/gravitational/teleport-ent:9.3.8.

For instructions on running containers with these images, see Teleport Enterprise using Docker.

Helm

We host our own Helm chart repository, which you can add with the following command:

helm repo add teleport https://charts.releases.teleport.dev

There are two charts available to install. Please see our guide for using each chart.

ChartIncluded ServicesValues Reference
teleport-clusterAuth Service
Proxy Service
Other Teleport services if using a custom configuration
Reference
teleport-kube-agentKubernetes Service
Application Service
Database Service
Reference

macOS

You can download one of the following .pkg installers for macOS:

LinkBinaries
teleport-9.3.7.pkgteleport
tctl
tsh
tbot
tsh-9.3.7.pkgtsh

You can also fetch an installer via the command line:

curl -O https://get.gravitational.com/teleport-9.3.7.pkg

Installs on Macintosh HD

sudo installer -pkg teleport-9.3.7.pkg -target /

Password:

installer: Package name is teleport-9.3.7

installer: Upgrading at base path /

installer: The upgrade was successful.

which teleport

/usr/local/bin/teleport

The Teleport package in Homebrew is not maintained by Teleport and we can't guarantee its reliability or security. We recommend the use of our official Teleport packages.

Run the following command:

brew install teleport

If you choose to use Homebrew, you must verify that the versions of tsh and tctl you run on your local machine are compatible with the versions you run on your infrastructure. Homebrew usually ships the latest release of Teleport, which may be incompatible with older versions. See our compatibility policy for details.

Log in to your cluster:

tsh login --proxy=teleport.example.com --user=myuser

Get the version of your Teleport cluster:

tctl status

tctl status

Cluster teleport.example.com

Version 9.3.7

Host CA never updated

User CA never updated

Jwt CA never updated

CA pin sha256:abdc1245efgh5678abdc1245efgh5678abdc1245efgh5678abdc1245efgh5678

Get your local tsh version:

tsh version

Teleport v9.3.7 git:v9.3.7 go1.17

Get your local tctl version:

tctl version

Teleport v9.3.7 git:v9.3.7 go1.17

Windows (tsh client only)

Starting with Teleport v7.2.0, most tsh features are supported for Windows 10 1607+. The tsh ssh command can be run under cmd.exe, PowerShell, and Windows Terminal.

To install tsh on Windows, run the following commands in PowerShell:

Get the expected checksum for the Windows tsh package

$Resp = Invoke-WebRequest https://get.gravitational.com/teleport-v9.3.7-windows-amd64-bin.zip.sha256

PowerShell will return the binary representation of the response content

by default, so you need to convert it to a string

[System.Text.Encoding]::UTF8.getstring($Resp.Content)

<checksum> <filename>

curl -O teleport-v9.3.7-windows-amd64-bin.zip https://get.gravitational.com/teleport-v9.3.7-windows-amd64-bin.zip
certUtil -hashfile teleport-v9.3.7-windows-amd64-bin.zip SHA256

SHA256 hash of teleport-v9.3.7-windows-amd64-bin.zip:

<checksum>

CertUtil: -hashfile command completed successfully.

After you have verified that the checksums match, you can extract the archive. The executable will be available at teleport-v9.3.7-windows-amd64-bin\teleport\tsh.exe.

Expand-Archive teleport-v9.3.7-windows-amd64-bin.zip
cd teleport-v9.3.7-windows-amd64-bin\teleport
.\tsh.exe version

Teleport v9.3.7 git:v9.3.7 go1.17

Make sure to move tsh.exe into your PATH.

Building from source

Teleport is written in Go, and currently requires go v1.17 or newer. Detailed instructions for building from source are available in the README.

Checksums

If you want to verify the integrity of a Teleport binary, SHA256 checksums are available for all downloads on our downloads page.

Teleport Checksum

If you download Teleport via an automated system, you can programmatically obtain the checksum by adding .sha256 to the download link. This is the method shown in the installation examples.

export version=v9.3.7

'darwin' 'linux' or 'windows'

export os=linux

'386' 'arm' on linux or 'amd64' for all distros

export arch=amd64
curl https://get.gravitational.com/teleport-$version-$os-$arch-bin.tar.gz.sha256

<checksum> <filename>

Next steps

Now that you know how to install Teleport, you can enable access to all of your infrastructure. Get started with: