Attachment #237562 for bug #267052




PORTNAME=	teleport
DISTVERSIONPREFIX=	v
DISTVERSION=	4.4.12
PORTREVISION=	6
CATEGORIES=	security

MAINTAINER=	swills@FreeBSD.org
COMMENT=	Centralized access gateway using the SSH protocol
WWW=		https://goteleport.com/teleport

LICENSE=	APACHE20



BUILD_DEPENDS=	zip:archivers/zip

# If you need the auth service to work, you need to compile this port with
# Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine.
USES=		compiler gmake go

USE_GITHUB=		yes
GH_ACCOUNT=		gravitational
GH_TUPLE=		gravitational:webassets:2ee76aa:webassets/webassets
GH_COMMIT_SHORT=	fabee242d
GH_TAG_COMMIT=		${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}


Lines 1-5 Link Here

(-)b/security/teleport/distinfo (-5 / +5 lines)
1	TIMESTAMP = 1609025109	1	TIMESTAMP = 1665730213
2	SHA256 (gravitational-teleport-v4.3.9_GH0.tar.gz) = 6b095366cfe788ca72ef7dc2bb052ff258b0e48de82b05b34f935f928b1aa776	2	SHA256 (gravitational-teleport-v4.4.12_GH0.tar.gz) = 097537273bd0579b3b833870cab74ce1da5432357a14c5501db7a2c525fbcb15
3	SIZE (gravitational-teleport-v4.3.9_GH0.tar.gz) = 54786284	3	SIZE (gravitational-teleport-v4.4.12_GH0.tar.gz) = 37824023
4	SHA256 (gravitational-webassets-eac734b_GH0.tar.gz) = 3f78270f137d690adafd3ec918e51cebc0c2f18c6b3879a57eaa19a267bfc64c	4	SHA256 (gravitational-webassets-2ee76aa_GH0.tar.gz) = 16c5fbdc43723c392d46163073053c850cae7d355fb97b5ba8fd298246be85c4
5	SIZE (gravitational-webassets-eac734b_GH0.tar.gz) = 4683803	5	SIZE (gravitational-webassets-2ee76aa_GH0.tar.gz) = 4684443




--- build.assets/pkg/etc/teleport.yaml.orig	2020-07-08 18:08:40 UTC
+++ build.assets/pkg/etc/teleport.yaml
@@ -9,7 +9,7 @@ teleport:
 
     # Data directory where Teleport daemon keeps its data.
     # See "Filesystem Layout" section above for more details.
-    # data_dir: /var/lib/teleport
+    # data_dir: /var/db/teleport
 
     # Invitation token used to join a cluster. it is not used on
     # subsequent starts
@@ -54,8 +54,8 @@ teleport:
         type: dir
 
         # Array of locations where the audit log events will be stored. by
-        # default they are stored in `/var/lib/teleport/log`
-        # audit_events_uri: ['file:///var/lib/teleport/log', 'dynamodb://events_table_name', 'stdout://']
+        # default they are stored in `/var/db/teleport/log`
+        # audit_events_uri: ['file:///var/db/teleport/log', 'dynamodb://events_table_name', 'stdout://']
 
         # Use this setting to configure teleport to store the recorded sessions in
         # an AWS S3 bucket. see "Using Amazon S3" chapter for more information.
@@ -111,7 +111,7 @@ auth_service:
     # By default an automatically generated name is used (not recommended)
     #
     # IMPORTANT: if you change cluster_name, it will invalidate all generated
-    # certificates and keys (may need to wipe out /var/lib/teleport directory)
+    # certificates and keys (may need to wipe out /var/db/teleport directory)
     # cluster_name: "main"
 
     authentication:
@@ -185,7 +185,7 @@ auth_service:
     #
     # If not set, by default Teleport will look for the `license.pem` file in
     # the configured `data_dir`.
-    # license_file: /var/lib/teleport/license.pem
+    # license_file: /var/db/teleport/license.pem
 
     # DEPRECATED in Teleport 3.2 (moved to proxy_service section)
     # kubeconfig_file: /path/to/kubeconfig
@@ -258,8 +258,8 @@ proxy_service:
 
     # TLS certificate for the HTTPS connection. Configuring these properly is
     # critical for Teleport security.
-    # https_key_file: /var/lib/teleport/webproxy_key.pem
-    # https_cert_file: /var/lib/teleport/webproxy_cert.pem
+    # https_key_file: /var/db/teleport/webproxy_key.pem
+    # https_cert_file: /var/db/teleport/webproxy_cert.pem
 
     # This section configures the Kubernetes proxy service
     # kubernetes:




--- docs/pages/config-reference.mdx.orig	2022-02-23 04:58:43 UTC
+++ docs/pages/config-reference.mdx
@@ -21,7 +21,7 @@ teleport:

     # Data directory where Teleport daemon keeps its data.
     # See "Filesystem Layout" section above for more details.
-    data_dir: /var/lib/teleport
+    data_dir: /var/db/teleport

     # Invitation token used to join a cluster. it is not used on
     # subsequent starts
@@ -52,11 +52,11 @@ teleport:
         max_connections: 1000
         max_users: 250

-    # Logging configuration. Possible output values to disk via '/var/lib/teleport/teleport.log',
+    # Logging configuration. Possible output values to disk via '/var/db/teleport/teleport.log',
     # 'stdout', 'stderr' and 'syslog'. Possible severity values are INFO, WARN
     # and ERROR (default). Possible format values include: timestamp, component, caller, and level.
     log:
-        output: /var/lib/teleport/teleport.log
+        output: /var/db/teleport/teleport.log
         severity: ERROR
         format: [level, timestamp, component, caller]
     # Configuration for the storage back-end used for the cluster state and the
@@ -68,11 +68,11 @@ teleport:
         type: dir

         # List of locations where the audit log events will be stored. By default,
-        # they are stored in `/var/lib/teleport/log`
+        # they are stored in `/var/db/teleport/log`
         # When specifying multiple destinations like this, make sure that any highly-available
         # storage methods (like DynamoDB or Firestore) are specified first, as this is what the
         # Teleport web UI uses as its source of events to display.
-        audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/lib/teleport/log', 'stdout://']
+        audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/db/teleport/log', 'stdout://']

         # Use this setting to configure teleport to store the recorded sessions in
         # an AWS S3 bucket or use GCP Storage with 'gs://'. See "Using Amazon S3"
@@ -131,7 +131,7 @@ auth_service:
     # By default an automatically generated name is used (not recommended)
     #
     # IMPORTANT: if you change cluster_name, it will invalidate all generated
-    # certificates and keys (may need to wipe out /var/lib/teleport directory)
+    # certificates and keys (may need to wipe out /var/db/teleport directory)
     cluster_name: "main"

     authentication:
@@ -223,7 +223,7 @@ auth_service:
     #
     # If not set, by default Teleport will look for the `license.pem` file in
     # the configured `data_dir` .
-    license_file: /var/lib/teleport/license.pem
+    license_file: /var/db/teleport/license.pem

 # This section configures the 'node service':
 ssh_service:
@@ -320,8 +320,8 @@ proxy_service:

     # TLS certificate for the HTTPS connection. Configuring these properly is
     # critical for Teleport security.
-    https_key_file: /var/lib/teleport/webproxy_key.pem
-    https_cert_file: /var/lib/teleport/webproxy_cert.pem
+    https_key_file: /var/db/teleport/webproxy_key.pem
+    https_cert_file: /var/db/teleport/webproxy_cert.pem

     # This section configures the Kubernetes proxy service
     kubernetes:

Removed Link Here

(-)a/security/teleport/files/patch-lib_config_fileconf.go (-11 lines)
1	--- lib/config/fileconf.go.orig 2020-07-08 18:08:40 UTC
2	+++ lib/config/fileconf.go
3	@@ -281,7 +281,7 @@ func MakeSampleFileConfig() (fc *FileConfig, err error
4	s.Commands = []CommandLabel{
5	{
6	Name: "hostname",
7	- Command: []string{"/usr/bin/hostname"},
8	+ Command: []string{"/bin/hostname"},
9	Period: time.Minute,
10	},
11	{

Lines 1-6 Link Here

(-)b/security/teleport/files/patch-lib_defaults_defaults.go (-2 / +2 lines)
1	--- lib/defaults/defaults.go.orig 2020-07-08 18:08:40 UTC	1	--- lib/defaults/defaults.go.orig 2022-02-23 04:58:43 UTC
2	+++ lib/defaults/defaults.go	2	+++ lib/defaults/defaults.go
3	@@ -436,7 +436,7 @@ var (	3	@@ -466,7 +466,7 @@ var (
4		4
5	// DataDir is where all mutable data is stored (user keys, recorded sessions,	5	// DataDir is where all mutable data is stored (user keys, recorded sessions,
6	// registered SSH servers, etc):	6	// registered SSH servers, etc):

Lines 1-4 Link Here

(-)b/security/teleport/files/patch-lib_events_auditlog.go (-2 / +2 lines)
1	--- lib/events/auditlog.go.orig 2020-07-08 18:08:40 UTC	1	--- lib/events/auditlog.go.orig 2022-02-23 04:58:43 UTC
2	+++ lib/events/auditlog.go	2	+++ lib/events/auditlog.go
3	@@ -45,7 +45,7 @@ import (	3	@@ -45,7 +45,7 @@ import (
4	const (	4	const (
Lines 8-11 Link Here
8	+ // in /var/db/teleport/logs/sessions	8	+ // in /var/db/teleport/logs/sessions
9	SessionLogsDir = "sessions"	9	SessionLogsDir = "sessions"
10		10
11	// PlaybacksDir is a directory for playbacks	11	// StreamingLogsDir is a subdirectory of sessions /var/lib/teleport/logs/streaming

Lines 1-4 Link Here

(-)b/security/teleport/files/patch-lib_events_doc.go (-1 / +1 lines)
1	--- lib/events/doc.go.orig 2020-07-08 18:08:40 UTC	1	--- lib/events/doc.go.orig 2022-02-23 04:58:43 UTC
2	+++ lib/events/doc.go	2	+++ lib/events/doc.go
3	@@ -85,7 +85,7 @@ Main Audit Log Format	3	@@ -85,7 +85,7 @@ Main Audit Log Format
4		4

Lines 1-6 Link Here

(-)b/security/teleport/files/patch-lib_services_server.go (-2 / +2 lines)
1	--- lib/services/server.go.orig 2020-07-08 18:08:40 UTC	1	--- lib/services/server.go.orig 2022-02-23 04:58:43 UTC
2	+++ lib/services/server.go	2	+++ lib/services/server.go
3	@@ -546,7 +546,7 @@ type CommandLabelV1 struct {	3	@@ -578,7 +578,7 @@ type CommandLabelV1 struct {
4	// Period is a time between command runs	4	// Period is a time between command runs
5	Period time.Duration `json:"period"`	5	Period time.Duration `json:"period"`
6	// Command is a command to run	6	// Command is a command to run

Lines 1-4 Link Here

(-)b/security/teleport/files/patch-tool_teleport_common_teleport__test.go (-1 / +1 lines)
1	--- tool/teleport/common/teleport_test.go.orig 2020-07-08 18:08:40 UTC	1	--- tool/teleport/common/teleport_test.go.orig 2022-02-23 04:58:43 UTC
2	+++ tool/teleport/common/teleport_test.go	2	+++ tool/teleport/common/teleport_test.go
3	@@ -62,7 +62,7 @@ func (s MainTestSuite) SetUpSuite(c check.C) {	3	@@ -62,7 +62,7 @@ func (s MainTestSuite) SetUpSuite(c check.C) {
4		4

Lines 1-4 Link Here

(-)b/security/teleport/files/patch-vendor_github.com_kr_pty_ztypes__freebsd__arm64.go (-1 / +1 lines)
1	--- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2020-07-24 04:36:27 UTC	1	--- vendor/github.com/kr/pty/ztypes_freebsd_arm64.go.orig 2022-10-14 07:07:07 UTC
2	+++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go	2	+++ vendor/github.com/kr/pty/ztypes_freebsd_arm64.go
3	@@ -0,0 +1,13 @@	3	@@ -0,0 +1,13 @@
4	+// Created by cgo -godefs - DO NOT EDIT	4	+// Created by cgo -godefs - DO NOT EDIT

Lines 1-4 Link Here

(-)b/security/teleport/files/patch-version.mk (-1 / +1 lines)
1	--- version.mk.orig 2020-07-08 18:08:40 UTC	1	--- version.mk.orig 2022-02-23 04:58:43 UTC
2	+++ version.mk	2	+++ version.mk
3	@@ -1,4 +1,4 @@	3	@@ -1,4 +1,4 @@
4	-GITREF=`git describe --dirty --long --tags`	4	-GITREF=`git describe --dirty --long --tags`

Lines 1-13 Link Here

(-)b/security/teleport/files/pkg-message.in (-8 / +15 lines)
1	[	1	[
2	{ type: install	2	{ type: install
3	message: <<EOM	3	message: <<EOM
		4	ATTENTION! This version of Teleport is very old and likely to contain unfixed
		5	ATTENTION! vulnerabilities. It's only provided to allow for a working upgrade
		6	ATTENTION! path from 4.3. Watch for an upgrade to teleport5 next.
		7	ATTENTION! New installations are STRONGLY discouraged (wait for version 7).
		8
4	Quick getting started guide:	9	Quick getting started guide:
5		10
6	1. Read through the Quick Start Guide (see below).	11	1. Read through the Quick Start Guide (see below).
7	2. Start teleport: su -c 'sysrc teleport_enable=YES'	12	2. Start teleport: su -c 'sysrc teleport_enable=YES'
8	3. Start teleport: su -c 'service teleport start'	13	3. If not just setting up a node: su -c 'sysrc teleport_roles=auth,proxy,node'
9	3. Add yourself as a user: su -c "tctl users add $USER"	14	4. Review and edit /usr/local/etc/teleport.yaml
10	4. Create a password and 2FA code using the URL emitted during	15	5. Start teleport: su -c 'service teleport start'
		16	6. Add yourself as a user on the auth server: su -c "tctl users add $USER"
		17	7. Create a password and 2FA code using the URL emitted during
11	the previous step.	18	the previous step.
12		19
13	To add a new node to the cluster, on the auth server:	20	To add a new node to the cluster, on the auth server:
Lines 16-26 To add a new node to the cluster, on the auth server: Link Here
16		23
17	See the docs for additional details:	24	See the docs for additional details:
18		25
19	Quick start: https://gravitational.com/teleport/docs/quickstart/	26	Quick start: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/quickstart.mdx
20	Admin Manual: https://gravitational.com/teleport/docs/admin-guide/	27	Admin Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/admin-guide.mdx
21	User Manual: https://gravitational.com/teleport/docs/user-manual/	28	User Manual: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/user-manual.mdx
22	Architecture: https://gravitational.com/teleport/docs/architecture/	29	Architecture: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/architecture/overview.mdx
23	FAQ: https://gravitational.com/teleport/docs/faq/	30	FAQ: https://github.com/gravitational/teleport/blob/branch/4.4/docs/pages/faq.mdx
24	EOM	31	EOM
25	}	32	}
26	]	33	]




What is Teleport?
=================
Teleport is a gateway for managing access to clusters of *nix servers via
SSH or the Kubernetes API. While it does also support connecting to
servers running traditional OpenSSH, its own node deamon is intended to be
used instead for additional functionality.

With Teleport it is simple to adopt SSH best practices like using
certificate-based access and enabling 2FA via TOTP (e.g. Google
Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via
a CLI (tsh) or a Web UI which both allow for session sharing. Teleport
provides centralized user management as well as full session recordings
that can be played back for knowledge sharing or auditing purposes.
through session sharing. Connect to clusters located behind firewalls without
direct Internet access via SSH bastions. Teleport is built on top of the
high-quality Golang SSH implementation and it is compatible with OpenSSH.
- 

Return to bug 267052

Lines 1-12 Link Here

(-)b/security/teleport/Makefile (-5 / +6 lines)
1	PORTNAME= teleport	1	PORTNAME= teleport
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 4.3.9	3	DISTVERSION= 4.4.12
4	PORTREVISION= 6
5	CATEGORIES= security	4	CATEGORIES= security
6		5
7	MAINTAINER= swills@FreeBSD.org	6	MAINTAINER= swills@FreeBSD.org
8	COMMENT= Gravitational Teleport SSH	7	COMMENT= Centralized access gateway using the SSH protocol
9	WWW= https://gravitational.com/teleport/	8	WWW= https://goteleport.com/teleport
10		9
11	LICENSE= APACHE20	10	LICENSE= APACHE20
12		11
Lines 15-25 NOT_FOR_ARCHS_REASON= Uses 64bit types Link Here
15		14
16	BUILD_DEPENDS= zip:archivers/zip	15	BUILD_DEPENDS= zip:archivers/zip
17		16
		17	# If you need the auth service to work, you need to compile this port with
		18	# Go 1.17 or older. In case tsh is what you're after, Go 1.19 is fine.
18	USES= compiler gmake go	19	USES= compiler gmake go
19		20
20	USE_GITHUB= yes	21	USE_GITHUB= yes
21	GH_ACCOUNT= gravitational	22	GH_ACCOUNT= gravitational
22	GH_TUPLE= gravitational:webassets:eac734b:webassets/webassets	23	GH_TUPLE= gravitational:webassets:2ee76aa:webassets/webassets
23	GH_COMMIT_SHORT= fabee242d	24	GH_COMMIT_SHORT= fabee242d
24	GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}	25	GH_TAG_COMMIT= ${DISTVERSIONPREFIX}${DISTVERSION}-0-g${GH_COMMIT_SHORT}
25		26

Removed Link Here

(-)a/security/teleport/files/patch-build.assets_pkg_etc_teleport.yaml (-51 lines)
1	--- build.assets/pkg/etc/teleport.yaml.orig 2020-07-08 18:08:40 UTC
2	+++ build.assets/pkg/etc/teleport.yaml
3	@@ -9,7 +9,7 @@ teleport:
4
5	# Data directory where Teleport daemon keeps its data.
6	# See "Filesystem Layout" section above for more details.
7	- # data_dir: /var/lib/teleport
8	+ # data_dir: /var/db/teleport
9
10	# Invitation token used to join a cluster. it is not used on
11	# subsequent starts
12	@@ -54,8 +54,8 @@ teleport:
13	type: dir
14
15	# Array of locations where the audit log events will be stored. by
16	- # default they are stored in `/var/lib/teleport/log`
17	- # audit_events_uri: ['file:///var/lib/teleport/log', 'dynamodb://events_table_name', 'stdout://']
18	+ # default they are stored in `/var/db/teleport/log`
19	+ # audit_events_uri: ['file:///var/db/teleport/log', 'dynamodb://events_table_name', 'stdout://']
20
21	# Use this setting to configure teleport to store the recorded sessions in
22	# an AWS S3 bucket. see "Using Amazon S3" chapter for more information.
23	@@ -111,7 +111,7 @@ auth_service:
24	# By default an automatically generated name is used (not recommended)
25	#
26	# IMPORTANT: if you change cluster_name, it will invalidate all generated
27	- # certificates and keys (may need to wipe out /var/lib/teleport directory)
28	+ # certificates and keys (may need to wipe out /var/db/teleport directory)
29	# cluster_name: "main"
30
31	authentication:
32	@@ -185,7 +185,7 @@ auth_service:
33	#
34	# If not set, by default Teleport will look for the `license.pem` file in
35	# the configured `data_dir`.
36	- # license_file: /var/lib/teleport/license.pem
37	+ # license_file: /var/db/teleport/license.pem
38
39	# DEPRECATED in Teleport 3.2 (moved to proxy_service section)
40	# kubeconfig_file: /path/to/kubeconfig
41	@@ -258,8 +258,8 @@ proxy_service:
42
43	# TLS certificate for the HTTPS connection. Configuring these properly is
44	# critical for Teleport security.
45	- # https_key_file: /var/lib/teleport/webproxy_key.pem
46	- # https_cert_file: /var/lib/teleport/webproxy_cert.pem
47	+ # https_key_file: /var/db/teleport/webproxy_key.pem
48	+ # https_cert_file: /var/db/teleport/webproxy_cert.pem
49
50	# This section configures the Kubernetes proxy service
51	# kubernetes:

Added Link Here

(-)b/security/teleport/files/patch-docs_pages_config-reference.mdx (+68 lines)
1	--- docs/pages/config-reference.mdx.orig 2022-02-23 04:58:43 UTC
2	+++ docs/pages/config-reference.mdx
3	@@ -21,7 +21,7 @@ teleport:
4
5	# Data directory where Teleport daemon keeps its data.
6	# See "Filesystem Layout" section above for more details.
7	- data_dir: /var/lib/teleport
8	+ data_dir: /var/db/teleport
9
10	# Invitation token used to join a cluster. it is not used on
11	# subsequent starts
12	@@ -52,11 +52,11 @@ teleport:
13	max_connections: 1000
14	max_users: 250
15
16	- # Logging configuration. Possible output values to disk via '/var/lib/teleport/teleport.log',
17	+ # Logging configuration. Possible output values to disk via '/var/db/teleport/teleport.log',
18	# 'stdout', 'stderr' and 'syslog'. Possible severity values are INFO, WARN
19	# and ERROR (default). Possible format values include: timestamp, component, caller, and level.
20	log:
21	- output: /var/lib/teleport/teleport.log
22	+ output: /var/db/teleport/teleport.log
23	severity: ERROR
24	format: [level, timestamp, component, caller]
25	# Configuration for the storage back-end used for the cluster state and the
26	@@ -68,11 +68,11 @@ teleport:
27	type: dir
28
29	# List of locations where the audit log events will be stored. By default,
30	- # they are stored in `/var/lib/teleport/log`
31	+ # they are stored in `/var/db/teleport/log`
32	# When specifying multiple destinations like this, make sure that any highly-available
33	# storage methods (like DynamoDB or Firestore) are specified first, as this is what the
34	# Teleport web UI uses as its source of events to display.
35	- audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/lib/teleport/log', 'stdout://']
36	+ audit_events_uri: ['dynamodb://events_table_name', 'firestore://events_table_name', 'file:///var/db/teleport/log', 'stdout://']
37
38	# Use this setting to configure teleport to store the recorded sessions in
39	# an AWS S3 bucket or use GCP Storage with 'gs://'. See "Using Amazon S3"
40	@@ -131,7 +131,7 @@ auth_service:
41	# By default an automatically generated name is used (not recommended)
42	#
43	# IMPORTANT: if you change cluster_name, it will invalidate all generated
44	- # certificates and keys (may need to wipe out /var/lib/teleport directory)
45	+ # certificates and keys (may need to wipe out /var/db/teleport directory)
46	cluster_name: "main"
47
48	authentication:
49	@@ -223,7 +223,7 @@ auth_service:
50	#
51	# If not set, by default Teleport will look for the `license.pem` file in
52	# the configured `data_dir` .
53	- license_file: /var/lib/teleport/license.pem
54	+ license_file: /var/db/teleport/license.pem
55
56	# This section configures the 'node service':
57	ssh_service:
58	@@ -320,8 +320,8 @@ proxy_service:
59
60	# TLS certificate for the HTTPS connection. Configuring these properly is
61	# critical for Teleport security.
62	- https_key_file: /var/lib/teleport/webproxy_key.pem
63	- https_cert_file: /var/lib/teleport/webproxy_cert.pem
64	+ https_key_file: /var/db/teleport/webproxy_key.pem
65	+ https_cert_file: /var/db/teleport/webproxy_cert.pem
66
67	# This section configures the Kubernetes proxy service
68	kubernetes:

Lines 1-16 Link Here

(-)b/security/teleport/pkg-descr (-14 / +10 lines)
1	What is Teleport?	1	What is Teleport?
2	=================	2	=================
3	Gravitational Teleport ("Teleport") is a modern SSH server for remotely	3	Teleport is a gateway for managing access to clusters of *nix servers via
4	accessing clusters of servers via SSH or HTTPS. It is intended to be used	4	SSH or the Kubernetes API. While it does also support connecting to
5	instead of sshd. Teleport enables teams to easily adopt the best SSH practices	5	servers running traditional OpenSSH, its own node deamon is intended to be
6	like:	6	used instead for additional functionality.
7		7
8	Integrated SSH credentials with your organization Google Apps identities or	8	With Teleport it is simple to adopt SSH best practices like using
9	other OAuth identitiy providers. No need to distribute keys: Teleport uses	9	certificate-based access and enabling 2FA via TOTP (e.g. Google
10	certificate-based access with automatic expiration time. Enforcement of 2nd	10	Authenticator), U2F or an SSO provider. Cluster nodes can be accessed via
11	factor authentication. Cluster introspection: every Teleport node becomes a part	11	a CLI (tsh) or a Web UI which both allow for session sharing. Teleport
12	of a cluster and is visible on the Web UI. Record and replay SSH sessions for	12	provides centralized user management as well as full session recordings
13	knowledge sharing and auditing purposes. Collaboratively troubleshoot issues	13	that can be played back for knowledge sharing or auditing purposes.
14	through session sharing. Connect to clusters located behind firewalls without
15	direct Internet access via SSH bastions. Teleport is built on top of the
16	high-quality Golang SSH implementation and it is compatible with OpenSSH.
17	-