|
|
|
|
|
|
by old-gregg
1524 days ago
|
|
|
> Installing a 3rd party agent that in some way permits shell access to a server and (I assume) needs to run constantly is definitely going to raise a few eyebrows especially when the benefit of using is actually fairly low. You're already running sshd. Teleport is a drop-in open source replacement, which offers some interesting features like certificate-only auth (removing the need for pubic/private keys), SSO integration, RBAC over SSH, support for protocols other than SSH (Kubernetes API and major OSS databases), and syscall level authorization and audit, so quite a few security teams have appreciated it lately. Disclaimer: I work at Teleport and have been a maintainer for the first 3 years. |
|
|
Software that's a "known quantity" that a lot of people can support is a big thing when it comes to security. I've not heard of Teleport until this post.
Don't get me wrong, I'm sure Teleport is wonderful at what it does, probably more secure than SSHD etc. But it hasn't earned that trust amongst a wide base yet so people will be hesitate to use it. Hell even mosh can be hard to get as a trusted thing.