[cronos]

There are a few differences between an OpenSSH jump host and Teleport: - you have to actively manage authorized_keys for every person using openssh; Teleport manages a PKI and can be backed by your existing SSO - it hard to restrict any given user to a subset of hosts (e.g. only allow select few to access prod database); Teleport has RBAC - hosts with Teleport also get SSH certificates, so you don't need to trust-on-first-use (which everyone has been conditioned to ignore)