Sysadmin Teleport - SSH for teams/distributed

Nice similar to

• KeyBox - Web-Based SSH Access and Key Management
• https://www.vaultproject.io/

 

I started playing with Teleport and definitely something useful

Example setting up root user with Telesport SSH access via 2FA an auto generated url will created which you access via web browser to setup root user password + 2FA

Code (Text):

tctl users add $USER
Signup token has been created and is valid for 3600 seconds. Share this URL with the user:
https://cmm-node:3080/web/newuser/296cc53ee180f0572b0ef415709a00c6

NOTE: make sure 'cmm-node' is accessible!

Code (Text):

tctl users ls
User Allowed logins
---- --------------
root root     

Once signed up you're greeted with listing of your server(s) users.



Clicking on Login as root user button will automatically SSH login you into your server via your web browser



You can lookup the history of your SSH sessions



Notice the play button. Clicking on it allows you to replay your SSH session as a video style clip



You can also login via tsh command line via Teleport which will prompt for root password you set + 2FA token.

Code (Text):

tsh --proxy=localhost ssh localhost
Enter password for Teleport user root:
Enter your OTP token:
534771

Listing Teleport clusters

Code (Text):

tsh --proxy=localhost ls
Node Name           Node ID                              Address            Labels                                                          
------------------- ------------------------------------ ------------------ ------------------------------------------------------------------
centos7.localdomain c5da-c1b0-4be0-b64e-56e25 192.168.0.155:3022 arch=x86_64,hostname=centos7.localdomain,role=master,type=teleport

From http://gravitational.com/teleport/docs/user-manual/

Teleport Ports Used

Port	Service	Description
3022	Node	SSH port. This is Teleport's equivalent of port #22 for SSH.
3023	Proxy	SSH port clients connect to. A proxy will forward this connection to port #3022 on the destination node.
3024	Proxy	SSH port used to create "reverse SSH tunnels" from behind-firewall environments into a trusted proxy server.
3025	Auth	SSH port used by the Auth Service to serve its API to other nodes in a cluster.
3080	Proxy	HTTPS connection to authenticate tsh users and web users into the cluster. The same connection is used to serve a Web UI.

 

Example of using /usr/bin/nv method of creating nginx vhosts outlined at https://centminmod.com/nginx_domain_dns_setup.html when using Teleport via web browser SSH client

 

Example of updating Centmin Mod code via git pull instead of centmin.sh menu option 23 submenu option 2.

Code (Text):

cmdir
git pull
./centmin.sh