Teleport provides connectivity, authentication, access controls and audit for infrastructure.
You might use Teleport to:
Teleport works with SSH, Kubernetes, databases, RDP, cloud consoles, internal web services, Git repositories, and Model Context Protocol (MCP) servers.
<a href="https://goteleport.com/download">
<img src="https://img.shields.io/github/v/release/gravitational/teleport?sort=semver&label=Release&color=651FFF" />
</a>
<a href="https://golang.org/">
<img src="https://img.shields.io/github/go-mod/go-version/gravitational/teleport?color=7fd5ea" />
</a>
<a href="https://github.com/gravitational/teleport/blob/master/CODE_OF_CONDUCT.md">
<img src="https://img.shields.io/badge/Contribute-🙌-green.svg" />
</a>
<a href="https://www.gnu.org/licenses/agpl-3.0.en.html">
<img src="https://img.shields.io/badge/AGPL-3.0-red.svg" />
</a>
Teleport Getting Started
Teleport Architecture
Reference Guides
FAQ
Teleport includes an identity-aware access proxy, a CA that issues short-lived certificates, a unified access control system, and a tunneling system to access resources behind the firewall.
Teleport is a single Go binary that integrates with multiple protocols and cloud services, including
You can set up Teleport as a Linux daemon or a Kubernetes deployment.
Teleport focuses on best practices for infrastructure security, including:
Teleport uses Go crypto. It is
fully compatible with OpenSSH, sshd servers, and ssh clients,
Kubernetes clusters and more.
| Project Links | Description |
|---|---|
| Teleport Website | The official website of the project. |
| Documentation | Admin guide, user manual and more. |
| Features | Explore the complete list of Teleport capabilities. |
| Blog | Our blog where we publish Teleport news and helpful articles. |
| Forum | Ask us a setup question or post tutorials, feedback, or ideas. |
| Developer Tools | Dozens of free browser-based tools for code processing, cryptography, data transformation, and more. |
| Teleport Academy | How-to guides, best practices, and deep dives into topics like SSH, Kubernetes, MCP, and more. |
| Slack | Need help with your setup? Ping us in our Slack channel. |
| Cloud & Self-Hosted | Teleport Enterprise is a cloud-hosted option for teams that require easy and secure access to their computing environments. |
While working together at Rackspace, the creators of Teleport noticed that most cloud users struggle with setting up and configuring infrastructure security. Many popular tools designed for this are complex to understand and expensive to maintain across modern, distributed computing infrastructure.
We decided to build a solution that's easy to use, understand, and scale. A real-time representation of all your servers in the same room as you, as if they were magically teleported. And thus, Teleport was born!
Today, Teleport is trusted by everyone from hobbyists to hyperscalers to simplify security across cloud CLIs and consoles, Kubernetes clusters, SSH servers, databases, internal web apps, and Model Context Protocol (MCP) used by AI agents.
Learn more about Teleport and our history
We aim to make Teleport easy to adopt and contribute to, starting with clear and comprehensive documentation.
If you have questions, are exploring ideas, or want to sanity-check something, please start with a GitHub Discussion. Discussions help us answer questions, explore use cases, and decide together whether something should become a bug report or feature request.
Start a conversation in Teleport Discussions
This is the best place to ask questions, share ideas, and get help. Our engineers actively participate there, and discussions can be promoted to issues when there is a clear, actionable next step.
Issues are for confirmed bugs and well-defined feature requests
If something has already been validated as a bug or an enhancement, feel free to open an issue. When in doubt, start a discussion and we will help guide it.
Enterprise and POC support
If you are evaluating Teleport Enterprise or need more responsive support during a POC, we can set up a dedicated Slack channel. You can reach out to us through our website to get started.
To set up a single-instance Teleport cluster, follow our getting started guide. You can then register your servers, Kubernetes clusters, and other infrastructure with your Teleport cluster.
You can also get started with Teleport Enterprise Cloud, a managed Teleport deployment that makes it easier to enable secure access to your infrastructure.
Sign up for a free trial of Teleport Enterprise Cloud, and follow this guide to register your first server.
If you wish to deploy Teleport inside a Docker container see the installation guide.
To run a full test suite locally, see the test dependencies list
The teleport repository contains the Teleport daemon binary (written in Go)
and a web UI written in TypeScript.
If your intention is to build and deploy for use in a production infrastructure
a released tag should be used. The default branch, master, is the current
development branch for an upcoming major version. Get the latest release tags
listed at https://goteleport.com/download/ and then use that tag in the git
clone. For example git clone
https://github.com/gravitational/teleport.git -b v18.5.0 gets release
v18.5.0.
It is often easiest to build with Docker, which ensures that all required tooling is available for the build. To execute a dockerized build, ensure that docker is installed and running, and execute:
make -C build.assets build-binaries
This command will build Linux binaries matching the host architecture. It is not possible to cross-compile to a different target architecture.
The following dependencies are required to build Teleport from source. For
maximum compatibility, install the versions of these dependencies using the
versions listed in build.assets/versions.mk:
For an example of dev environment setup on macOS, see these instructions.
Important
- The Go compiler is somewhat sensitive to the amount of memory: you will need at least 1GB of virtual memory to compile Teleport. A 512MB instance without swap will not work.
- This will build the latest version of Teleport.
Get the source
git clone https://github.com/gravitational/teleport.git
cd teleport
To perform a build
make full
tsh dynamically links against libfido2 by default, to support development
environments, as long as the library itself can be found:
$ brew install libfido2 pkg-config # Replace with your package manager of choice
$ make build/tsh
> libfido2 found, setting FIDO2=dynamic
> (...)
Release binaries are linked statically against libfido2. You may switch the linking mode using the FIDO2 variable:
make build/tsh FIDO2=dynamic # dynamic linking
make build/tsh FIDO2=static # static linking, for an easy setup use `make enter`
# or `build.assets/macos/build-fido2-macos.sh`.
make build/tsh FIDO2=off # doesn't link libfido2 in any way
tsh builds with Touch ID support require access to an Apple Developer
account. If you are a Teleport maintainer, ask the team for access.
If the build succeeds, the installer will place the binaries in the build
directory.
Before starting, create default data directories:
sudo mkdir -p -m0700 /var/lib/teleport
sudo chown $USER /var/lib/teleport
To speed up your development process, you can run Teleport using
CompileDaemon. This will
build and run the Teleport binary, and then rebuild and restart it whenever
any Go source files change.
Install CompileDaemon:
shell
go install github.com/githubnemo/CompileDaemon@latest
Note that we use go install instead of the suggested go get, because
we don't want CompileDaemon to become a dependency of the project.
Build and run the Teleport binary:
shell
make teleport-hot-reload
By default, this runs a teleport start command. If you want to
customize the command, for example by providing a custom config file
location, you can use the TELEPORT_ARGS parameter:
shell
make teleport-hot-reload TELEPORT_ARGS='start --config=/path/to/config.yaml'
Note that you still need to run make grpc if you
modify any Protocol Buffers files to regenerate the generated Go sources;
regenerating these sources should in turn cause the CompileDaemon to reb
$ claude mcp add teleport \
-- python -m otcore.mcp_server <graph>