I wanted simple and secure shell access to my home lab, which runs many containers. I have physical u2f key from Yubico, so I wanted to have second factor with it. Also, recording of SSH session would be nice. All of that I discovered in the Teleport service from Gravitational. See here: https://gravitational.com/teleport/
Usage
From the user perspective, you can access the Teleport service via web or the command line:
User manual is easy to follow and it is here: https://gravitational.com/teleport/docs/user-manual/
After successful login process, you can see all machines. In the “Login as” there is a list of usernames. E.g. you might have access to “tjarosik” username, but if that username doesn’t exist on a machine, you will not be able to log in.
You will see shell in your browser, when you click on user in “Login as” column. You can also join existing session or view and replay previous sessions in the sessions list:
From smartphone
It is also possible to use your smartphone to login securely with U2F:
Configuration
In my case, I have Teleport Proxy Web interface behind load balancer. One thing to remember is that ports, even default 443, must be specified explicitly in the config files. Setup is really simple. Here are sample configs:
Auth server and proxy config:
Single node config (in my case it’s a container running Ubuntu):