Secretless SSH

The easiest, most secure way to SSH

Prevent phishing attacks, meet compliance requirements, maintain a live catalog of all trusted devices, and have complete visibility into live and past sessions.

Get Started

Prevent phishing attacks

Move away from private keys and passwords towards automatically rotating SSH certificates for hosts and clients.

Automatic access provisioning

Integrate SSH with a single sign-on (SSO) provider of your choice for automatic provisioning and deprovisioning of access.

Meet compliance requirements

Continuously maintain compliance and pass audits with minimal effort. The supported standards include SOC 2, FedRAMP, HIPAA, ISO 27001, PCI and more.

Complete visibility into access and behavior

See what’s happening and who is responsible with the live session view, recorded sessions, and the audit for filesystem changes, data transfers, and command executions.

Free yourself from network boundaries

You can SSH into devices running anywhere in the field: on 3rd party private networks behind NAT and firewalls.

Access that doesn't get in the way

Login once and easily switch between environments. No need to juggle private keys, or hop between VPNs and multiple access points.

Break access silos

Reduce overhead by consolidating SSH access permissions and audit in one place. Easily enforce policy for engineers and service accounts across all environments.

Features

SSO for SSH

Teleport can integrate with your SSO provider, or be an SSO provider itself.

Linux User Management

Teleport automatically creates users on Linux hosts and sets their permissions according to a central policy.

Device Trust

Restrict SSH access only to trusted laptops.

Session recording

Record interactive SSH sessions and watch them in YouTube-like interface

Session sharing

Moderated sessions require more than one person to join for highly privileged tasks.

RBAC for SSH

Restrict SSH access based on roles.

Machine to machine access

Issue and rotate SSH certificates for CI/CD automation with the Machine ID feature.

Access requests

Move away from privileged accounts with just-in-time temporary privilege escalation.

Session controls

Moderated sessions, concurrent session restrictions, proactive session termination and identity locking.

Trusted devices catalog

Automatic live catalog of trusted servers, trusted laptops and workstations.

SSH via browser

Automatic live catalog of trusted servers, trusted laptops and workstations.

Works with everything you have

Teleport Server Access is open source and it relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single-binary, it seamlessly integrates with the rest of your stack.

Amazon

Google Cloud

Azure

Linux

Windows

Chef

Okta

Active Directory

Puppet

OneLogin

Kubernetes

Ansible

...and many more

How it works

Teleport is a certificate authority and identity-aware, multi-protocol access proxy which implements protocols such as SSH, RDP, HTTPS, Kubernetes API, and a variety of SQL and NoSQL databases. It is completely transparent to client-side tools and designed to work with everything in today's DevSecOps ecosystem.

Teleport Components

  • Teleport Auth Service: The certificate authority of the cluster. It issues certificates to clients and maintains the audit log.
  • Teleport Proxy Service: The proxy allows access to cluster resources from the outside. Typically it is the only service available from the public network.
  • Teleport Agents: A Teleport agent runs in the same network as a target resource and speaks its native protocol, such as the SSH, Kubernetes API, HTTPS, PostgreSQL, and MySQL wire protocols. Think of a "smart sidecar" that routes user requests to its target resource.

SSH Demo

  • Teleport allows us to comply with the regulatory hurdles that come with running an international stock exchange. The use of bastion hosts, integration with our identity service and auditing capabilities give us a compliant way to access our internal infrastructure.

    Brendan Germain

    Systems Reliability Engineer, Nasdaq

  • Audit and recorded sessions in Teleport give us an understanding of exactly what was happening at any given moment. This is incredibly critical from a security and compliance perspective.

    Mario Loria

    Senior Site Reliability Engineer II, Carta

  • Teleport Access Requests changed the game in simplifying our infrastructure access for various compliances. It's led to more freedom and innovation by allowing us to move away from pre-defined root accounts. We have been extremely happy with the product.

    Erik Redding

    Director, Site Reliability Engineering, Elastic

  • Teleport has made obtaining a FedRAMP-Moderate ATO that much more achievable via their FIPS 140-2 endpoints, ease in integration with our SSO and MFA , and the view into audit logs of remote connection sessions provide the appropriate insight for Continuous Monitoring.

    Jeff Gill

    Senior Director of Engineering, SumoLogic

  • Speed is key to our business. But so is security. The Teleport Access Platform allows our engineers to securely access the infrastructure they need to do their jobs without getting in the way of productivity. Everybody wins.

    Luke Christopherson

    Software Engineer, DoorDash

Try Teleport today

In the cloud, self-hosted, or open source.
View developer docs

Get Started
pam