# Teleport Notes

FOR MORE INFORMATION SEE [msoc-infrastructure Teleport wiki](https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki/Teleport-for-the-End-User)

Also more notes at `/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/090-instance-teleport/README.md` (Same readme in test and prod)

## Client Installation

`brew install teleport`

## Log location

/var/log/teleport-pam.log
grep teleport /var/log/messages

## Agent Config file location

/etc/teleport.yaml

## Usage

```
tsh --proxy=teleport.xdr.accenturefederalcyber.com login
tsh ls
tsh --proxy=teleport.xdr.accenturefederalcyber.com ls
tsh --proxy=teleport.xdrtest.accenturefederalcyber.com ssh caasp-phantom

# These work for SCP, depending on if you are logged in to teleport yet. 
tshd scp brad.poulton@sensu.pvt.xdrtest.accenturefederalcyber.com:sensu_support.tgz .
tsh scp SecurityCenter-5.21.0-el7.x86_64.rpm brad.poulton@reposerver.pvt.xdrtest.accenturefederalcyber.com:~
tsh --proxy=teleport.xdrtest.accenturefederalcyber.com scp SC-202204.3-5.x-rh7-64.tgz brad.poulton@security-center-0.pvt.xdrtest.accenturefederalcyber.com:~
```

## Troubleshooting

`rm -rf ~/.tsh/`

## Compliance Notes
* [FedRAMP compliance for SSH and Kubernetes Access](https://goteleport.com/teleport/how-it-works/fedramp-ssh-kubernetes/)
* [SOC2 Compliance for SSH and Kubernetes Access](https://goteleport.com/teleport/how-it-works/soc2-ssh-kubernetes/)
* [Teleport Configuration Reference](https://goteleport.com/docs/config-reference/)


## Client Notes

For cli use, you need to specify the certificate

SSL_CERT_FILE=/var/lib/teleport/xdr_wildcard_chain.pem /usr/local/bin/tctl

## Session Management
Session management is per role. see [Teleport Configuration Reference](https://goteleport.com/docs/config-reference/)
client_idle_timeout
max_session_ttl
max_connections
max_sessions
see teleport/roles/role-xdr_admins.yaml