gravitational/teleport

Teleport is an open-source infrastructure access platform that centralizes and secures how teams connect to servers, databases, Kubernetes clusters, internal web applications, and Windows desktops. The problem it solves is the operational and security complexity of managing access to infrastructure: in a typical company, different tools handle SSH keys for servers, separate credentials for databases, and yet more tokens for Kubernetes, with no unified audit trail and inconsistent security enforcement. Teleport replaces all of that with a single system. Instead of distributing long-lived SSH keys or passwords, it acts as a certificate authority that issues short-lived, time-limited certificates for every connection. When a certificate expires, access is automatically revoked, no manual key rotation required. Every session is authenticated via single sign-on (SSO) through providers like GitHub, Okta, or Active Directory, with two-factor authentication enforced across all resource types. Role-based access control determines who can reach what, and every connection is logged with full session recording that can be replayed later for compliance or troubleshooting. Teleport also solves the problem of accessing resources behind firewalls and NAT gateways: it sets up encrypted tunnels so that servers inside private networks can register with a central Teleport cluster without opening inbound firewall ports. The whole system is distributed as a single Go binary that acts as different components depending on how it is configured. It runs on Linux, can be deployed on Kubernetes, and is fully compatible with standard SSH clients and tools. It is primarily used by engineering and DevOps teams at companies that need auditable, policy-enforced access to their production infrastructure.