Show HN: Teleport – SSH for Clusters and Teams

This looks like a really cool project. I&#x27;m excited to see it develop.<p>How would authentication work with configuration management? I see that new nodes are authenticated with a one-time token generated from the auth server, but that seems like it could be tricky to implement in a dynamic cluster (like an AWS auto scaling group).

Hello everyone, the Teleport team is here to answer any questions.<p>Internally we use Teleport as a library to connect multiple clusters into a structured system of doing ops with solid identity management, but we figured it deserves to be its own tool, especially because so many larger companies in the Valley have built something similar internally.

Also <a href="https:&#x2F;&#x2F;www.lvh.io&#x2F;posts&#x2F;introducing-teleport.html" rel="nofollow">https:&#x2F;&#x2F;www.lvh.io&#x2F;posts&#x2F;introducing-teleport.html</a> via <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11356008" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11356008</a>.

This solves a problem we were looking at my last job: recording and replaying sessions. Identity management and bastion setup are solved problems, but it is nice to have an all in one package.<p>Of course, this raises a few security questions:<p>1. Do I have to run this as a server on every host I intend to ssh into? Or can it use existing installations of openssh for that? 2. Is this re-inventing any authentication mechanism? If yes, how robust is it and how thoroughly has it been tested? (I&#x27;m guess not much right now, since this isn&#x27;t production ready yet, but the question will remain for a while.) 3. Do I have to use a different client? Or are existing ssh clients fully sufficient? The article does mention compatibility with OpenSSH, but does not detail. It also mentions using HTTPS as a transport instead of SSH, which is concerning in the case of compatibility.

This looks great. How feasible would it be to have server and tag data synchronized between Teleport and AWS?

One thing of note: though they do say it&#x27;s &quot;fully compatible with OpenSSH&quot;, it is not compatible with ed25519 keyed SSH, as Golang SSH does not support it.<p>Otherwise looks like a cleverly designed system. Being able to use a standard terminal emulator to connect would be nice though.

Can teleport run the same command on a group of servers, then collect the output and prefix it with the name of the server it came from? For example we could run a &quot;df&quot; on a batch of servers and see if they have enough free space, all in one line.

Awesome project! This is a step in the right direction for better access management.

How is this any different from the very common LDAP + Kerberos + RADIUS solution that is usually deployed in large companies. This seems like it&#x27;s re-inventing things that already exist and have been used successfully for years. It seems to me that a tool that makes deployment of LDAP&#x2F;RADIUS&#x2F;Kerberos easier would be more practical.

Look like an amazing tool to have.<p>With it one would be able to connect only through wweb console ? (couldn&#x27;t find it on the docs)

It would be nice if it made backups of small files uploaded&#x2F;deleted&#x2F;modified through SFTP. That, along with the session history, would allow recovery from accidental deletion or overwrite (time machine for small files edited by hand).

Is this compatible with deployment automation systems like Ansible? Do you have any plans to write an Ansible Galaxy role for installation?

This name (&quot;teleport&quot;) is really close to this other piece of software, which looks to be very much in the same space: <a href="https:&#x2F;&#x2F;github.com&#x2F;petar&#x2F;goteleport" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;petar&#x2F;goteleport</a>

Looks awesome! does it support mosh by any chance?

So, they implemented Active Directory&#x2F;RADIUS, a terminal proxy, screen, and a web gui? Does this not seem to anyone else like a weird mix of features for one tool?