Overview
The open source access platform used by DevSecOps teams for SSH, Kubernetes, databases, internal web applications and Windows. Teleport prevents phishing by relying on biometrics and machine identity, stops attacker pivots with the Zero Trust architecture, is compatible with everything you have, comes as a cloud service or a self-hosted option and doesn't get in the way of an engineer's productivity.
How Teleport Works
Teleport provides secure access to SSH or Windows servers, Windows desktops, Kubernetes clusters, databases, and web applications. Teleport is trivial to set up as a Linux daemon or in a Kubernetes pod.
Teleport is a certificate authority and identity-aware, multi-protocol access proxy which implements protocols such as SSH, RDP, HTTPS, Kubernetes API, and a variety of SQL and NoSQL databases. It is completely transparent to client-side tools and designed to work with everything in today's DevOps ecosystem.
Settings
Forwarding settings are completed as follows:
- First of all, system is running on ubuntu >= 20.04
- For this process, you must be given a static ip address and a domain for example: “remote.yourdomain.com”.
- The following commands are executed to load the teleport:
export TELEPORT_PKG=teleport
export TELEPORT_VERSION=v16
export TELEPORT_CHANNEL=stable/${TELEPORT_VERSION?}
source /etc/os-release
4. If you install some 3rd parties following commands configure:
apt install net-tools mc ngrep
5. You must add a firewall rule that opens up 22 and 443 ports from outside to this server.
6. After these process, for configure teleport at /etc/teleport.yaml the following command configure:
echo -n '
version: v3
teleport:
nodename: Logsign Remote Server
data_dir: /var/lib/teleport
log:
output: stderr
severity: ERROR
format:
output: text
ca_pin: ""
diag_addr: ""
auth_service:
enabled: "yes"
listen_addr: 0.0.0.0:3025
cluster_name: remotes.logsign.com
proxy_listener_mode: multiplex
session_recording: off
ssh_service:
enabled: "no"
proxy_service:
enabled: "yes"
web_listen_addr: 0.0.0.0:443
public_addr: remotes.logsign.com:443
https_keypairs: []
https_keypairs_reload_interval: 0s
acme:
enabled: "yes"
email: okan.turksever@logsign.net
' > /etc/teleport.yaml
7. For a start & enable teleport, the following commands configure:
systemctl start teleport
systemctl enable teleport
8. Test requesting https://remote.yourdomain.com and make sure you see the login page.
9. Add a teleport user and click the link in the output.
sudo tctl users add testuser --roles=editor,access --logins=root
10. After the configuration, you need to go to the given link and then set a password & 2FA.
11. Click Add Server button and choose automatically option and copy id from that output.
For example, https://remote.yourdomain.com/scripts/11xxxx11xx1111x1x111111x111xxx1x/install-node.sh)
12. Try to use that id to open-up remote support from any SIEM system.
Configure On Logsign
Forwarding settings are completed as follows:
- Log in to the Logsign UI.
- Click Settings > Maintenance > Remote Support.
3. Define the settings as follows:
- Support Ticket ID: Define the ID you copied from the teleport.
- Remote Server: Define your remote server.
4. Click Start to save the changes.