Manage all your SSH servers with teleport
Рет қаралды 74,386
Күн бұрынHow to set up an SSH proxy server with gravitational teleport to manage all your SSH connections from a web interface. Supports 2FA two-factor authentication, multiple users, monitoring, and logging of SSH sessions. Install on DigitalOcean Cloud and manage via letsencrypt load balancer certs. #Teleport #Linux #SSH
DOCS: github.com/christianlempa/vid...
DigitalOcean-*: m.do.co/c/e9f31a8c7756
Follow me:
TWITTER: / christianlempa
INSTAGRAM: / christianlempa
DISCORD: / discord
GITHUB: github.com/christianlempa
PATREON: / christianlempa
MY EQUIPMENT: kit.co/christianlempa
Timestamps:
00:00 - Introduction
01:23 - What is teleport?
03:18 - How to deploy teleport
04:45 - Install teleport on our main cloud server
11:53 - How to add a load balancer or reverse proxy
14:24 - teleport web interface and how to add a user
20:09 - Add more SSH servers to teleport
27:18 - Add SSH servers behind a NAT
----
All links with "*" are affiliate links.
@goteleport 3 жыл бұрын
Great walkthrough, thank you for sharing our work with your community.
@christianlempa 3 жыл бұрын
Thanks! You're doing an awesome job with teleport, keep going! 😍
@822437 Жыл бұрын
@@christianlempa These guys lost their ways. Trying to charge me arm and a leg for Enterprise edition while competition is fraction of the cost.
@chongtszwing 2 жыл бұрын
Good sharing. I finally setup teleport to manage all my ssh and internal web services follow the video. A little tweak needed as current version is 6 already. Teleport still can't handle vnc and rdp protocol at the moment, Guacamole is a good companion to transform remote desktop to http application so teleport can indirectly manage all remote desktop too. It's hardly to find resource talking about the topic (traefik + teleport + guacamole ) in the web, hope to see more in future.
@Meta_data 3 жыл бұрын
Your content is so clear and thorough. I just finished setting up wireguard thanks to your tutorial.
@christianlempa 3 жыл бұрын
Thank you! That's great to hear 😀
@amosgiture 3 жыл бұрын
I appreciate the hard work that went into creating this. I have been procrastinating to try out teleport since last year. Very good presentation and clear explanation.
@christianlempa 3 жыл бұрын
Thank you so much! 😁
@andreaspiening5424 3 жыл бұрын
This looks like a very interesting project, and the presentation has been done very well. I can't wait to check this out on my own, based on your tutorial. I would love to see a "deep dive" into teleport showing the teleport commandline client in action, maybe including remote file transfer (scp) and port tunneling if this even is supported. Thank you so much for your video and keep up the good work!
@christianlempa 3 жыл бұрын
that's a really good suggestion! And thank you for your feedback :) I'll have a look at teleport again in a few weeks, maybe I can make a tutorial about the newest version and advanced features like scp and so on.
@lbsfilm 3 жыл бұрын
Super sweet walkthrough, I nearly abandoned playing with teleport as I had no time figuring out config!
@christianlempa 3 жыл бұрын
Thanks man! Glad it was helpful to you :)
@plixplux Жыл бұрын
Your videos are just fantastic. Also, your voice is great! Thanks for sharing!
@sirandrex 3 жыл бұрын
Just perfect. Amazing tutorial, and amazing way of explaining things. 👌 keep with the good work
@christianlempa 3 жыл бұрын
Thank you so much bro! I will do :)
@user-wc5pr5fd4z 11 ай бұрын
This video helped me set up Teleport using Docker without any issues. Thank you !!!
@wtfmrkratos 3 жыл бұрын
Phenomenal tutorial by the way! I'll be subbing and checking out your other videos. thank you for this!
@christianlempa 3 жыл бұрын
Thank you so much! :)
@RevNelson 2 жыл бұрын
Great video! I would love to see more about the tsh client as well as transferring files through teleport connections.
@christianlempa 2 жыл бұрын
Great suggestion! I'll include that in my next video about teleport ;)
@sevensolutions77 Жыл бұрын
Thanks for this video 👍 Cant wait for the weekend to try this out 😁
@christianlempa Жыл бұрын
Hope it’s going to work ;)
@bachirmehemmel 2 жыл бұрын
Great video, thank you for make it so simple and easy to understand.
@christianlempa 2 жыл бұрын
Glad it was helpful!
@artistsarescientists9115 3 жыл бұрын
This a great walkthrough!
@sebastianswc 3 жыл бұрын
awesome! i was able to setup my server using your tutorial! thank you! :D
@christianlempa 3 жыл бұрын
Thanks 😊
@cipriancimpan5538 3 жыл бұрын
Great content, really informative - thanks for sharing!
@christianlempa 3 жыл бұрын
Glad you enjoyed it!
@MultiSandrosandro 2 жыл бұрын
Great video and great tool for securing connections, one question tho, how would proxy/loadbalancing config vary when using with Nginx Proxy Manager. I understand i need to forward some ports for services but i have all my domains behind cloudflare, as i'm guessing i need to FQDN to point directly to my external IP right?
@kenmurphy4259 2 жыл бұрын
Great content, great channel, well done Christian
@christianlempa 2 жыл бұрын
Thank you! :)
@philipph9064 3 жыл бұрын
Mega, danke für das tolle Video!
@christianlempa 3 жыл бұрын
Danke! :)
@muhsinvp1493 2 жыл бұрын
Cristal Clear Content..!! Thanks Christian it helped for our 150 Remote Servers in control.!! Can you make a Vedeo about TSH Clients..!!?
@christianlempa 2 жыл бұрын
Awesome! 😁 I will do an update video about teleport but that will a few months because I have to cover so many other topics as well.
@drewfriestedt1832 2 жыл бұрын
wow - great tool and awesome video!
@christianlempa 2 жыл бұрын
Thank you! Cheers!
@denzfarid 2 жыл бұрын
thank you very much, I really appreciate it, I hope you are given health so that you can create turorial content, and good backsound👌🏼 ~new subscriber from indonesia~
@christianlempa 2 жыл бұрын
Thank you so much! :)
@MrBo3ek Жыл бұрын
Hi. I great video as usual but I have a question about the teleport instance running behind nginx reverse proxy manager. Did you manage to run teleport behind the reverse proxy like this. I would like to get hit with requests to the reverse proxy first and only this to have exposed and than teleport service. There is a very small amount information out there about possibility to run it like that.
@cloudnativelahore Жыл бұрын
thankyou for sharing!
@christianlempa Жыл бұрын
No problem 😊
@giuseppecv56 2 жыл бұрын
Hi, thanks for sharing, I have a question, do you think it is convenient to use teleport and ansible on the same host?
@JPs_ElectricGarage 3 жыл бұрын
Great stuff keep it up
@christianlempa 3 жыл бұрын
Thanks, will do!
@donamato Жыл бұрын
top class !
@maeglingondolinsbane3446 3 жыл бұрын
Hi great video thanks this software looks great, gonna test it asap. Do you have a video on how to set up a reverse proxy using docker and how to add containers to it afterwards? I've been trying to install like Nextcloud + pihole + bitwarden on a single box but I can't manage the reverse proxy side of things.
@christianlempa 3 жыл бұрын
Hey, thank you so much! There are two reverse proxy videos coming, I will start next week with a nginx tutorial (without docker), but I will also do a reverse proxy video with traefik in a couple of weeks, so stay tuned 😀
@maeglingondolinsbane3446 3 жыл бұрын
@@christianlempa Great News thanks keep up the good work.
@Glatze603 2 жыл бұрын
Hi Christian and thank you for this great secure solution-video! Is it possible to install it in a proxmox-vm behind a nginx, too? I would like to see more videos about teleport.
@christianlempa 2 жыл бұрын
I'm preparing a new update video for teleport, where I'll cover that! Stay tuned :)
@ldpriice 2 жыл бұрын
@@christianlempa Any news on that?
@gabrieldealmeida7012 Жыл бұрын
I am choosing a secret manager for my company. Do you have any material or video to compare the differences between Teleport and PAM Cyberark?
@crazyoptimist4540 3 жыл бұрын
Nice video! I'm the first. Did you checked their source code btw? Is there any guarantee not to leak credentials to any 3rd party platform?
@christianlempa 3 жыл бұрын
Hey there, thank you :) No, I didn't check the source code, but the architecture documentation. Looks pretty solid.
@trikki69 Жыл бұрын
This is a great video and I love your channel but that’s a LOT of effort to get something up and running to manage ssh connections. Also a simple network diagram showing what you plan to do with the application would help so much.
@christianlempa Жыл бұрын
Well it takes some effort, but figuring out is the fun part isn’t it?
@mzw8374 2 жыл бұрын
Great Tutorial!, it's better if you provide the design diagram of what your plan every time you want to share everything, thanks
@christianlempa 2 жыл бұрын
Thanks!
@Dellabeneta 5 ай бұрын
Hey there! Afternoon! I'm trying to figure out how to set the maximum time for inactive client sessions in an SSH session. It's currently at 1 minute by default, but when I try to change it, nothing happens. The documentation is a bit confusing, and I'm struggling to sort out this problem. Any chance you could lend a hand? Thanks!
@santiagopenaloza1190 Жыл бұрын
Thank you KZbin for this video. After how long the terminal ssh session died if i am not using it?
@naimarshad 3 жыл бұрын
Interesting tutorial.. what terminal font are you using.
@christianlempa 3 жыл бұрын
I'm currently using FiraCode Nerd Font
@FredySandoval_123 2 жыл бұрын
Sounds good
@christianlempa 2 жыл бұрын
Thx!
@LearnProgramsCJ 2 жыл бұрын
Greate tutorial
@christianlempa 2 жыл бұрын
Thanks!
@michaeldisieno3465 11 ай бұрын
Is there a chance you can revisit this through cloudflare tunnel? I'm struggling with getting the FQDN to work right through CF Tunnel, as well as connecting to other nodes.
@christianlempa 11 ай бұрын
No, I probably won't use it in combination with CFT
@pauljennings 2 жыл бұрын
Hey, love your glasses. What make and model are they? TIA
@christianlempa 2 жыл бұрын
Just a basic no-name model :D I even don't know the name haha! But I'll get some new ones soon, in similar style :)
@pauljennings 2 жыл бұрын
@@christianlempa LOL, no worries :) BTW, teleport 7.2.0 is out now with lots of extra goodies! Any change of a newer video showing how to add Apps? It also includes k8s and databases, but these could be follow on vids? TIA and loving the content!
@qiuyue4082 3 жыл бұрын
Interesting... I wanted to try the Apache guacamole project, now I need to check which one is better, guacamole or teleport?
@christianlempa 3 жыл бұрын
I haven't tested guacamole, but that's still on my list 😊
@diogoferrario 2 жыл бұрын
Hello Christian, Is it possible to just save a username and a password which is used for multiple devices and connect this with place in the ip of the cpe? For bether understandig i troubleshoot some routers which has no option to install the teleport client. However to login to this routers i can activate the ssh with TR69 and then login to the host with the definied credantionals which i send with tr69. Today i use mobaxterm for ssh but this project sounds really nice if i can use this explained scenario.
@StevenRayVaughan 10 ай бұрын
Is there an updated version, seems like the config is a little different and I'm having issues getting it up and running.
@michaelventarola7100 9 ай бұрын
I am hosting this locally. Can this be done without a load balancer and using Nginx proxy manager?
@Maik.iptoux 2 жыл бұрын
Hast du zufällig auch ein Video zu der vscode Container config? Zumindest sieht es so aus als würde des vscode auch auf einem Server laufen.
@christianlempa 2 жыл бұрын
Ich muss mal schauen, ob ich noch die configs habe, aktuell habe ich Teleport in der Cloud als managed Service laufen.
@sumitmamoria 3 жыл бұрын
Great video. Teleport looks good, but do you think it's too much trouble for Just remote ssh? I found guacamole to be much easier to setup, configure and use. Does teleport offers something more that I missed?
@christianlempa 3 жыл бұрын
Thank you! I didn't look at guacamole yet, but that's still on my list. I probably will do a comparison video at some point but I don't know when.
@adenaziz3600 Жыл бұрын
this is better than termius? i'm using termius to connect to SSH server, and i save hundreds of ssh credentials here.
@CptWashu Жыл бұрын
Any chance you could show us a setup using Traefik as the load balancer?
@christianlempa Жыл бұрын
Probably not, I’m not doing that myself btw because it adds to much complexity I would prefer using no rev proxy for teleport
@joaopaulosapidepaula1706 2 жыл бұрын
I'm testing the solution, but I can't get out of the authentication screen!! I installed the Authy app on my cell phone to scan the qr code, but it's not coming in. It is giving the error, as shown in the message: invalid one time token, please check if the token has expired and try again. I tried several times and nothing. Thanks for your job!!!
@raul230285 Жыл бұрын
Hello, could you please make a video about the latest version of teleport with docker. And don't use load balancing. thanks for your time.
@christianlempa Жыл бұрын
I'm doing another update video on Teleport, however this will be with Docker and Traefik.
@raul230285 Жыл бұрын
@@christianlempa Thank you very much for your answer, I will be very attentive to the video or to all the videos that appear on your channel. Thank you very much teacher. :D
@vrl. 2 жыл бұрын
I think it's time for a video about adding Applications for Teleport, adding grafana, setting up kubernetes connections etc..
@christianlempa 2 жыл бұрын
I've already planned an update video soon ;)
@vrl. 2 жыл бұрын
@@christianlempa Amazing! Not all kings wear capes! Thanks a lot!
@TypeOneGuy03 2 жыл бұрын
Hello, I am really struggling with the loadbalancer/proxy manager part. I have NGINIX Proxy manager running. How can i configure this with it?
@christianlempa 2 жыл бұрын
You could expose the webinterface with a revproxy, other ports would need to be passed through with tcp, udp streams
@MrRalf2201 2 жыл бұрын
Hi, i have the same problem. Did you already find a way to get it work.
@yagnasivasai 2 жыл бұрын
Do you know any code editor for remote ssh connection Vscode only allows one Ec2 server Please reply I am more used to extensions in vscode I am unable to move out of vscode If possible tell me in vscode Otherwise I will switch
@wtfmrkratos 3 жыл бұрын
does the corporate version support ldap based authentication?
@christianlempa 3 жыл бұрын
I don't know for sure, they mention Active Directory, but not LDAP specifically
@dandocmando Жыл бұрын
Can we do this without using an online server? I want to do this but have everything hosted on the homelab, thanks!
@christianlempa Жыл бұрын
Sure you can host it locally as well.
@dandocmando Жыл бұрын
@@christianlempa ok thanks for the reply I tried to do it from this video and couldn't get it setup, I've got Traefik also running and I think it was catching it and didn't know what to do.
@indrar359 Жыл бұрын
hi there, great tutorial btw, but somehow the latest version now is 9.3.4 and when i change the teleport version, youre configuration is not working anymore, can you atleast update in youre website for the latest version ? thanks
@christianlempa Жыл бұрын
There will be an update video soon!
@milleniumenterprise3254 3 жыл бұрын
if you have an error going to the initial invite link, try remove the :3080 in the url
@christianlempa 3 жыл бұрын
thanks for sharing!
@mspeter97 8 ай бұрын
It looks like a very interesting thing. I just cannot set this up for the life of me & their documentation is really not clear.
@valterschmaltz 3 жыл бұрын
Thanks for this. I use Nginx Proxy manager in my setup, I spent hours trying tho sort the NAT setup, since it was not working for me. I found that I had to enable Websockets on the Nginz panel for this to work. It needs to be enabled even for the web ssh to work. Also, removing the /var/lib/teleport folder is good if you need to recreate the server.
@christianlempa 3 жыл бұрын
Glad you liked the video ;) thanks for sharing your experience
@TypeOneGuy03 2 жыл бұрын
Hey, I have NGINIX Proxy Manager and cant seem to figure this out. Can you help or maybe write a small writeup for it?
@MrRalf2201 2 жыл бұрын
@@TypeOneGuy03 i have the same problem behind Nginx Proxy Manager. Did you sort this out already?
@TypeOneGuy03 2 жыл бұрын
@@MrRalf2201 i was able to get it to work. I will check it when i get home and get back to you
@MrRalf2201 2 жыл бұрын
@@TypeOneGuy03 Any news on that?
@christiangalea3459 2 жыл бұрын
Hi, is it possible to use traefik with teleport? thanks
@christianlempa 2 жыл бұрын
You could do it, but I think it will be better to just use teleport with trusted certs managed by cert-manager f.e..
@christiangalea3459 2 жыл бұрын
@@christianlempa Thanks a lot for your reply and you videos because they're amazing but I managed to do it with traefik and it's working fine :) . Thanks again, Christian
@yukanolive4727 3 жыл бұрын
very nice guide, but try guacamole :)
@christianlempa 3 жыл бұрын
I will do ;) Thank's for the good suggestion!
@cryptolicious3738 2 жыл бұрын
cool video, but has teleport been legit pen tested ?
@christianlempa 2 жыл бұрын
Good question to ask the devs ;)
@marcoraap733 Жыл бұрын
du bist deutsch oder?
@christianlempa Жыл бұрын
Ja ;)
@marcoraap733 Жыл бұрын
@@christianlempa nice :) hast Du eine Ahnung wie ich einen Server mit einem Pi für Pis aufsetzen kann von dem die anderen Pis booten? Quasi mit einer Fernverwaltung?
@janis3844 3 жыл бұрын
Wieso nicht einfach auf deutsch? :)
@christianlempa 3 жыл бұрын
Warum? :D
@janis3844 3 жыл бұрын
@@christianlempa Englisch top Notch :D
@ronaldagorsah7954 23 күн бұрын
Dear Christian, We at Alpenhost love your Videos. As you properly already know. We would love to support you and your Channel or work with you together. Please let us know if this would be something you would be open to. Best Regards Ronald
@Theborg72 2 жыл бұрын
I tried to follow your instructions but now version 9 is available. How much I try to follow, it's just ERR_EMPTY_RESPONSE when I try to enter the page. Has anything changed since you did the tutorials
@christianlempa 2 жыл бұрын
I will do an updated version probably soon because they changed many things in the newest versions ;)
Christian Lempa
Рет қаралды 49 М.