Teleport 2.3.1

Description

Teleport 2.3.1 is a maintenance release which contains two bug fixes.

Bug fixes

• Added CSRF protection to login endpoint. #1356
• Proxy subsystem handling is more robust. #1336

Known Issues

• Teleport may crash parsing HTTPS certificates specified in a configuration file #1349
• Teleport will reject self-signed HTTPS certificate specified in a configuration file #1392
• If 2FA is enabled, users may get temporarily locked out even if "failed login" counter is smaller than 5 (default value)

Teleport 2.3.0

This release focus was to increase Teleport user experience in the following areas:

• Easier configuration via tctl resource commands.
• Improved documentation, with expanded 'examples' directory.
• Improved CLI interface.
• Web UI improvements.

Improvements

• Web UI: users can connect to OpenSSH servers using the Web UI.
• Web UI now supports arbitrarty SSH logins, in addition to role-defined ones, for better compatibility with OpenSSH.
• CLI: trusted clusters can now be managed on the fly without having to edit Teleport configuration. #1137
• CLI: tsh login supports exporting a user identity into a file to be used later with OpenSSH.
• tsh agent command has been deprecated: users are expected to use native SSH Agents on their platforms.

Teleport Enterprise

• More granular RBAC rules #1092
• Role definitions now support templates. #1120
• Authentication: Teleport now supports multilpe OIDC/SAML endpoints.
• Configuration: local authentication is always enabled as a fallback if a SAML/OIDC endpoints go offline.
• Configuration: SAML/OIDC endpoints can be created on the fly using tctl and without having to edit configuration file or restart Teleport.
• Web UI: it is now easier to turn a trusted cluster on/off #1199.

Bug Fixes

• Proper handling of ENV_SUPATH from login.defs #1004
• Reverse tunnels would periodically lose connectivity. #1156
• tsh now stores user identities in a format compatible with OpenSSH. 1171.

Teleport 2.3.0-rc2

Description

Teleport 2.3.0-rc2 is a pre-production release. Use at your own risk.

Teleport 2.3.0-rc1

Description

Teleport 2.3.0-rc1 is a pre-production release. Use at your own risk.

Teleport 2.2.7

Description

Teleport 2.2.7 is a maintenance release which contains a bug fix.

Bug fixes

• Updated YAML parsing library. #1226.

Teleport 2.2.4

Description

Teleport 2.2.4 is a maintenance release which contains a bug fix.

Bug fixes

• Fixed issue with remote tunnel timeouts. #1140.

Teleport 2.2.3

Description

Teleport 2.2.3 is a maintenance release which contains two bug fixes.

Bugfixes

• Fixed issue with Trusted Clusters where a clusters could lose its signing keys. #1050.
• Fixed SAML signing certificate export in Enterprise. #1109.

Teleport 2.2.2

Description

Teleport 2.2.2 is a maintenance release which fixes the issue of refusing to accept certificates with long principal names [#1102].

Bugfixes

• Issue #1102: when using trusted clusters, Teleport cluster can refuse access to it's CA if the remote CA presents a certificate with a long principal in it.

Teleport 2.2.1

Description

Teleport 2.2.1 is a maintenance release which contains a improvement and a bug fix.

Improvements

• Added --compat=oldssh to both tsh and tctl that can be used to request certificates in the legacy format (no roles in extensions). #1083

Bugfixes

• Fixed multiple regressions when using SAML with dynamic roles. #1080

Teleport 2.2.0

Description

Teleport 2.2.0 is a major new release of Teleport.

Teleport is a modern SSH server for remotely accessing clusters of Linux servers via SSH or HTTPS. It is intended to be used instead of sshd. Teleport enables teams to easily adopt SSH best practices like: certificate-based access, two-factor authentication, session recording and audit, external identity providers, and much more.

Features

• HTTP CONNECT tunneling for Trusted Clusters. #860
• Long lived certificates and identity export which can be used for automation. #1033
• New terminal for Web UI. #933
• Read user environment files. #1014
• Improvements to Auth Server resiliency and availability. #1071
• Server side configuration of support ciphers, key exchange (KEX) algorithms, and MAC algorithms. #1062
• Renaming tsh to ssh or making a symlink tsh -> ssh removes the need to type tsh ssh, making it compatible with familiar ssh user@host. #929

Enterprise Features

• SAML 2.0. #1070
• Role mapping for Trusted Clusters. #983
• ACR parsing for OIDC identity providers. #901

Improvements

• Improvements to OpenSSH interoperability.
  • Certificate export format changes to match OpenSSH. #1068
  • CA export format changes to match OpenSSH. #918
  • Improvements to scp implementation to fix incompatibility issues. #1048
  • OpenSSH keep alive messages are now processed correctly. #963
• tsh profile is now always read. #1047
• Correct signal handling when Teleport is launched using sysvinit. #981
• Role templates now automatically fill out default values when omitted. #912