# Teleport

Forwards ssh to instances

## Creates these:

```
teleport.xdrtest.accenturefederalcyber.com # ALB for the web interface
teleport-nlb.xdrtest.accenturefederalcyber.com # the NLB
teleport.pvt.xdrtest.accenturefederalcyber.com # the instance
teleport-alb.pvt.accenturefederalcyber.com # the internal alb
```

S3 bucket: `teleport-test` (how was this not taken?)
Dynamodb tables: `teleport`, `teleport-events`, `teleport-locks`

And appropriate IAM roles and supporting KMS key.

## Connectivity

There are two connection models.

For nodes (endpoints) with direct connecivity back to the teleport node, their /etc/teleport.yaml contains:
```
  auth_servers:
  - teleport.pvt.xdrtest.accenturefederalcyber.com:3025
```

The node makes a connection back to the teleport server on tcp/3025. Connections then go from the teleport server to the node on port 3022.

i.e.:
```
Node -> Teleport Instance:3025 (registration)
Teleport -> Node:3022 (ssh tunnel)
```

The other model is the IoT model, for use behind NAT. For those, the node will have:
```
  auth_servers:
  - teleport.xdrtest.accenturefederalcyber.com:443 # or 3080
```

The teleport server will then send it the tunnel address:
```
tunnel_public_addr: teleport-nlb.xdrtest.accenturefederalcyber.com:3024
```
which will then be used for a reverse ssh tunnel. 

i.e.
```
Node -> Teleport ALB:443 (registration)
Node -> Teleport NLB:3024 (Reverse SSH Tunnel)
```