Secretless SSH
The easiest, most secure way to SSH
Prevent phishing attacks, meet compliance requirements, maintain a live catalog of all trusted devices, and have complete visibility into live and past sessions.
Get Started
Prevent phishing attacks
Move away from private keys and passwords towards automatically rotating SSH certificates for hosts and clients.
Automatic access provisioning
Integrate SSH with a single sign-on (SSO) provider of your choice for automatic provisioning and deprovisioning of access.
Meet compliance requirements
Continuously maintain compliance and pass audits with minimal effort. The supported standards include SOC 2, FedRAMP, HIPAA, ISO 27001, PCI and more.
Complete visibility into access and behavior
See what’s happening and who is responsible with the live session view, recorded sessions, and the audit for filesystem changes, data transfers, and command executions.
Free yourself from network boundaries
You can SSH into devices running anywhere in the field: on 3rd party private networks behind NAT and firewalls.
Access that doesn't get in the way
Login once and easily switch between environments. No need to juggle private keys, or hop between VPNs and multiple access points.
Break access silos
Reduce overhead by consolidating SSH access permissions and audit in one place. Easily enforce policy for engineers and service accounts across all environments.
Features
SSO for SSH
Teleport can integrate with your SSO provider, or be an SSO provider itself.
Linux User Management
Teleport automatically creates users on Linux hosts and sets their permissions according to a central policy.
Device Trust
Restrict SSH access only to trusted laptops.
Session recording
Record interactive SSH sessions and watch them in YouTube-like interface
Session sharing
Moderated sessions require more than one person to join for highly privileged tasks.
RBAC for SSH
Restrict SSH access based on roles.
Machine to machine access
Issue and rotate SSH certificates for CI/CD automation with the Machine ID feature.
Access requests
Move away from privileged accounts with just-in-time temporary privilege escalation.
+ more
Works with everything you have
Amazon
Google Cloud
Azure
Linux
Windows
Chef
Okta
Active Directory
Puppet
OneLogin
Kubernetes
Ansible
...and many more
How it works
Teleport is a certificate authority and identity-aware, multi-protocol access proxy which implements protocols such as SSH, RDP, HTTPS, Kubernetes API, and a variety of SQL and NoSQL databases. It is completely transparent to client-side tools and designed to work with everything in today's DevSecOps ecosystem.
Teleport Components
- Teleport Auth Service: The certificate authority of the cluster. It issues certificates to clients and maintains the audit log.
- Teleport Proxy Service: The proxy allows access to cluster resources from the outside. Typically it is the only service available from the public network.
- Teleport Agents: A Teleport agent runs in the same network as a target resource and speaks its native protocol, such as the SSH, Kubernetes API, HTTPS, PostgreSQL, and MySQL wire protocols. Think of a "smart sidecar" that routes user requests to its target resource.
SSH Demo
