Teleport Notes.md 1.9 KB
Teleport Notes
FOR MORE INFORMATION SEE msoc-infrastructure Teleport wiki
Also more notes at /xdr-terraform-live/test/aws-us-gov/mdr-test-c2/090-instance-teleport/README.md (Same readme in test and prod)
Client Installation
brew install teleport
Log location
/var/log/teleport-pam.log grep teleport /var/log/messages
Agent Config file location
/etc/teleport.yaml
Usage
tsh --proxy=teleport.xdr.accenturefederalcyber.com login
tsh ls
tsh --proxy=teleport.xdr.accenturefederalcyber.com ls
tsh --proxy=teleport.xdrtest.accenturefederalcyber.com ssh caasp-phantom
# These work for SCP, depending on if you are logged in to teleport yet.
tshd scp brad.poulton@sensu.pvt.xdrtest.accenturefederalcyber.com:sensu_support.tgz .
tsh scp SecurityCenter-5.21.0-el7.x86_64.rpm brad.poulton@reposerver.pvt.xdrtest.accenturefederalcyber.com:~
tsh --proxy=teleport.xdrtest.accenturefederalcyber.com scp SC-202204.3-5.x-rh7-64.tgz brad.poulton@security-center-0.pvt.xdrtest.accenturefederalcyber.com:~
Troubleshooting
rm -rf ~/.tsh/
Compliance Notes
- FedRAMP compliance for SSH and Kubernetes Access
- SOC2 Compliance for SSH and Kubernetes Access
- Teleport Configuration Reference
Client Notes
For cli use, you need to specify the certificate
SSL_CERT_FILE=/var/lib/teleport/xdr_wildcard_chain.pem /usr/local/bin/tctl
Session Management
Session management is per role. see Teleport Configuration Reference client_idle_timeout max_session_ttl max_connections max_sessions see teleport/roles/role-xdr_admins.yaml