Getting started with Teleport 6.0

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi i'm batman teleport and today i'm going to be walking you through our getting started guide let's dive in so our getting started guide is available on goteleport.com docs getting started and it will cover you through all the steps for setting up teleport on a linux host before we dive too deep into the setup i'm just going to quick architectural overview of what's going to happen here i'm going to be setting up teleport on a digital ocean ubuntu vm this will include the teleport proxy or the node in my case uh there's no firewall rules needed but if you're using aws security groups you want to open these ports we're going to also need a domain name um i have this domain name ashford.earth but teleport.example.com and we're going to use a new feature in teleport 6 which will get tls certificates for us and then towards the end of the tutorial we're going to connect another host to our central teleport instance and connect to it um using the tsh client okay so let's dive in okay so first up we need the linux host i'm gonna create a droplet here i'm just picking the smallest instance which will be perfect for this demo i'm going to be connecting a ssh key because i'll be ssh into it to bootstrap this instance if you're interested in using terraform i have another video on that um okay so we're going to wait for this to bootstrap and install the first thing we're going to do is we're going to download teleport's public keys to this instance once it has been installed let me get my terminal let's create a new window okay so uh this has now been set up okay so i'm now in the digital host machine let me move things up make sure it's all visible for you okay so let's go back to the getting started guide so we just add the key we're going to add the app repo one of the benefits of these packages is that it also includes our systemd unit which we would recommend if you want to set up teleport to be persistent on the host and then it does things like if your system restarts teleport will automatically start with the correct file config it's going to run on update and then lastly we install terrible and you can see 602 is being installed it's just setting it up and teleport version you can see we're running 602 and then this helpful help command um in which you can learn a bit more so next up we're going to configure teleport so we have this teleport configure flag which i'm going to put into my scratch pad here um so we're going to teleport configure we're going to use this new acme flag which is going to get our tls certificates for us because it's using let's encrypt i need to add my email address and if you have any questions feel free to email me and then lastly this cluster name is important it also needs to be the same domain name that we're going to use later i have this domain name asteroid.earth but i'm going to be putting on a subdomain called carbon and then driving it out to a file so we go back to my terminal so you can see um we have the file written out and um this work out of the box but you can see that this is all being configured it's going to be running on carbon dashboard.earth and we're using acne so um next up we need to secure the endpoint because we um have it set up we need to sort of connect our digitalocean host to the fully qualified domain name so if i come into my dns settings i'm going to be adding a new record carbon a and the ip address my digitalocean host if you see here we also recommend adding a star dot um this may be sort of like new to some people setting up dns this star will mean will capture everything under that subdomain so in our case it will be let's say boo through carbon.astroid.earth and we use this to proxy applications for application access okay so that's been updated and then if i come back to my terminal we set this little tip here to check that um the dns records have been propagated and yes it looks like it has been propagated so we can start teleport now so we have um you know some useful information here about teleport booting up and getting running i'm actually going to open another window and ssh into the box again for running the next command so now we can access our instance using our example carbon dot teleport carbon dot mastery okay and you can see that this instance is up and running okay um let's see what i need to do next so we have this login form here but we don't teleport doesn't provide any default logins for security so the first thing we need to do is create a user so we're going to create the user and set up second factor so here we're going to create a new musical teleport admin it has these roles editor and access and it has some logins so in my second window you can also see that um because i have kept this window open you can see what's happening with the instance this is very helpful for debugging and then it says use being created to share this link it's valid for an hour so now i can set up teleport and i'm using google authenticator to scan the sparco we support authy um basically any second factor tool that you have will work okay so i'm now in and you'll see because i set up teleport in this mode this is both the proxy auth and a node um and so if i log in here is root um this is the same machine that i was logging in with my local terminal here uh sfo number one okay so there's um some interesting things to start off with you can see we have these principles these principles are used to match teleport users to um linux principles so if you're using uh aws often ac2 is a good default user but in my case because it's an ubuntu instance we don't have ect user available so let's keep going we've configured this we have a little bit more information about um os user mapping um next thing we're going to do is install teleport locally if you're on mac we recommend downloading this package um we have windows i'm on linux machine here um i already have it downloaded and set up but uh so you can see i'm using uh this district called popos um so i can do a tsh version and tsh is this tool which is sort of similar to ssh and we use this for collecting and gatherings tickets you can see i'm actually on a slightly older version so i'm going to go ahead and download the newer version so we just download it cd teleport okay so now um we should have yeah vegas six zero one okay so the next thing i'm gonna do is we're gonna access the teleport cluster that i have here but from my local machine so in the example here we have tsh login says it's tsh login proxy equals carbon. and then we're going to pick the port we set them up on https 443 and then user is going to be teleport admin okay let's give it a second okay now it's just asking for the password i'm going to add the token in here as well [Music] okay maybe my password was incorrect um you can actually see it's in validity's name because i've already had these logs over on my machine [Music] double check things and the token again okay so now i have access to this cluster you can see there's a few that i've already configured here but my current profile is on carbon dashboard.earth and i'm logged in as teleport admin i have these roles um enabled and it's been configured for 12 hours so what this means is out of the box teleport will issue users a certificate that's valid for 12 hours after that 12 hour period they'll need to log in again to be able to access machines and so this is a change from let's say ssh public private keys which you can always use you always need to reissue either through your second factor or through an identity provided to get yourself okay so let's do a few things with tshd as we've done um let's do uh tsh ls and so you can see here we have the same instance we saw on the ui we can do things like tshssh root at this host and you know we can run htop and what's pretty cool about teleport is i have this running on my local machine but if i log into the teleport you can see that this session is active and this is the one from a few seconds ago and if i join um i'm joining through the teleport ui but i'm also you can see what's happening on my local host um so that's um and then i exited so like echo if i just put this down a bit you can see uh i'm like typing and what you can do is you can like invite multiple people to sort of pair and use teleports which is a very powerful hello world okay and then let's exit so now disconnect it okay so next up we're going to add a node to the cluster start by creating a new droplet another smaller instance and just call this teleport node and we're going to do is we're going to use um this admin tool which is sort of the third tool in teleport's command line tools called t cuddle t cuddle can be ran on the or server and if you have certain permissions it can also be run locally so i'm on this host where i created the teleport user i'm also going to create a token so what we've done here is we've created a invite token and this invite token can be used within a 60 minute period for nodes to join the cluster here we have the auth server private ip address in some setups this could be if you have a teleport cluster within like a vbc and that ip address is only available during that ice network isolation in my case this private ip isn't accessible so i'm going to change this to the address of the proxy then it's going to dive through the public proxy to the auth server so let's go back to my scratch pad here and i'm going to just change this to and then port 443 see if this host has been set up yep okay it's being set up and open another window here okay and so we need to do the same uh install procedure again so we're gonna do the same thing we're gonna um add the repo configure instead of teleport now let's say if you're using aws you might want to make your ami that has teleport pre-installed or have some other automation that installs teleport um out of the box but as we're just getting through the getting started it's good to know some of the details of how teleport works okay so now on our teleport node you can see that it's been set up and if we go back to my command here it starts and you can this is an example of starting teleport with command line flags it can also be started with file configuration as we did for our main cluster so if i come back to teleport cluster itself you can see that we now have the teleport node and i can log into the teleport node and do everything else that i would want to do otherwise okay so we have configured it let's come back down here um the instructions are the same if you want to add a application to your cluster i'm going to skip this and add this into another video but this is sort of a good place to end our getting started guide from here i would recommend checking out our github sso integration which is included in our community edition also inviting team members teleport 6 we have the ability to also use our ui for creating new users add them to roles make setup kind of easier for you and lastly our admin guide has good in-depth details into teleport's difficult authority teleport cluster everything else that you'd need to use to set up a configured teleport if you have any questions please leave comments below thank you for watching

Info

Channel: Teleport

Views: 1,303

Rating: 4.1999998 out of 5

Keywords:

Id: jvaCmQyHghY

Channel Id: undefined

Length: 17min 32sec (1052 seconds)

Published: Thu Mar 18 2021