Teleport has tons of team-friendly features, and it showcases Google's Go language as a replacement for critical IT infrastructure Gravitational, maker of a SaaS support system built with Kubernetes, has released the latest open source iteration of a key part of that system. Teleport, an SSH server that provides support teams with simpler remote management for server clusters, is an example of using Google’s Go language to devise safer but still performant replacements for critical infrastructure. Log me in (and him and her and her too) Teleport is a replacement for sshd, the stock Linux server for SSH, and it works with existing OpenSSH clients and servers as-is. Instead of using manual key management, a common SSH headache, Teleport uses OpenSSH certificates stored on the cluster to automatically generate session keys. It also decouples SSH logins from server logins for additional safety, and it can use a separate identity store — not only the user accounts on the machine in question — to authenticate. Aside from the usual command-line interface, Teleport has a web UI that provides quick access to available nodes. The web UI also has its own terminal emulator, so joint-login SSH sessions can be shared with colleagues in real time through a specially crafted URL. All sessions can be recorded and played back through the web UI as if they were movies, with pause and scrub-through. The original vision for Teleport was about better handling of state around SSH sessions: keys, secrets, user accounts, and so on. Version 2.0 adds new features in that vein, such as a DynamoDB back end for cluster state storage and a plugins framework that provide secrets storage (including a back end for storing secrets in files), but it also fixes some issues around interoperating with OpenSSH, including managing Teleport with Ansible. Raze, rebuild, revamp Aside from providing a more convenient incarnation of SSH, Teleport is an example of recruiting Go to develop replacements for key pieces of IT infrastructure — especially long-standing bits with aging, problematic implementations. A Gravitational representative noted in email that Teleport works with Go’s implementation of SSH (also written in Go), but noted that Go brings a high degree of portability to the finished product: “[Go] also allows us to package Teleport as a single binary with minimal system dependencies which leads to easier distribution.” This shows that Teleport could be included in Linux distributions as a standard component, both as a binary and as source, since many distros (such as Red Hat’s Fedora) now ship with the Go toolchain. Go’s simplicity of design is sometimes criticized as too minimal for its own good, but it has also been praised for providing fast methods to develop software that is solid and maintainable. Eric S. Raymond looked at using both Rust and Go as possible languages to write a replacement for the Network Time Protocol. (The existing project is underfunded and riddled with flaws.) In the end, he settled on Go, in part because Go was easier to master and already has a level of maturity that he felt was better suited to core infrastructure that needs maintenance over long periods of time. Related content news Java proposals would boost resistance to quantum computing attacks OpenJDK proposals would provide Java implementations of a quantum-resistant module-latticed-based digital signature algorithm and key encapsulation mechanism. By Paul Krill Nov 08, 2024 2 mins Java Quantum Computing Application Security news ‘Package confusion’ attack against NPM used to trick developers into downloading malware Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control. By John E. Dunn Nov 06, 2024 4 mins Vulnerabilities Open Source Security news analysis What Entrust certificate distrust means for developers Secure communications between web browsers and web servers depend on digital certificates backed by certificate authorities. What if the web browsers stop trusting your CA? By Travis Van Oct 30, 2024 9 mins Browser Security Web Development Application Security analysis Why are we still confused about cloud security? We’re building too much complexity and are ill-trained to secure it. The result will be breach after breach, while enterprises wonder what happened. Get a clue now. By David Linthicum Oct 15, 2024 5 mins Cloud Security Identity and Access Management Security Infrastructure Resources Videos