Teleport 2.2.4

Description

Teleport 2.2.4 is a maintenance release which contains a bug fix.

Bug fixes

• Fixed issue with remote tunnel timeouts. #1140.

Teleport 2.2.3

Description

Teleport 2.2.3 is a maintenance release which contains two bug fixes.

Bugfixes

• Fixed issue with Trusted Clusters where a clusters could lose its signing keys. #1050.
• Fixed SAML signing certificate export in Enterprise. #1109.

Teleport 2.2.2

Description

Teleport 2.2.2 is a maintenance release which fixes the issue of refusing to accept certificates with long principal names [#1102].

Bugfixes

• Issue #1102: when using trusted clusters, Teleport cluster can refuse access to it's CA if the remote CA presents a certificate with a long principal in it.

Teleport 2.2.1

Description

Teleport 2.2.1 is a maintenance release which contains a improvement and a bug fix.

Improvements

• Added --compat=oldssh to both tsh and tctl that can be used to request certificates in the legacy format (no roles in extensions). #1083

Bugfixes

• Fixed multiple regressions when using SAML with dynamic roles. #1080

Teleport 2.2.0

Description

Teleport 2.2.0 is a major new release of Teleport.

Teleport is a modern SSH server for remotely accessing clusters of Linux servers via SSH or HTTPS. It is intended to be used instead of sshd. Teleport enables teams to easily adopt SSH best practices like: certificate-based access, two-factor authentication, session recording and audit, external identity providers, and much more.

Features

• HTTP CONNECT tunneling for Trusted Clusters. #860
• Long lived certificates and identity export which can be used for automation. #1033
• New terminal for Web UI. #933
• Read user environment files. #1014
• Improvements to Auth Server resiliency and availability. #1071
• Server side configuration of support ciphers, key exchange (KEX) algorithms, and MAC algorithms. #1062
• Renaming tsh to ssh or making a symlink tsh -> ssh removes the need to type tsh ssh, making it compatible with familiar ssh user@host. #929

Enterprise Features

• SAML 2.0. #1070
• Role mapping for Trusted Clusters. #983
• ACR parsing for OIDC identity providers. #901

Improvements

• Improvements to OpenSSH interoperability.
  • Certificate export format changes to match OpenSSH. #1068
  • CA export format changes to match OpenSSH. #918
  • Improvements to scp implementation to fix incompatibility issues. #1048
  • OpenSSH keep alive messages are now processed correctly. #963
• tsh profile is now always read. #1047
• Correct signal handling when Teleport is launched using sysvinit. #981
• Role templates now automatically fill out default values when omitted. #912

Teleport 2.2.0 Beta 1

v2.2.0-beta.1

Release 2.2.0-beta.1.

Teleport 2.2.0 Alpha 8

Merge pull request #1008 from gravitational/sasha/oktadocs

docs and screenshots for Okta and SAML

Teleport 2.1.0 Alpha 6

v2.1.0-alpha.6

Release 2.1.0-alpha.6.

Teleport 2.1.0 Alpha 5

v2.1.0-alpha.5

Release 2.1.0-alpha.5.

Teleport 2.0.6

Description

Teleport 2.0.6 contains a variety of security fixes. We strongly encourage anyone running Teleport 2.0.0 and above to upgrade to 2.0.6.

The most pressing issues (a phishing attack which can potentially be used to extract plaintext credentials and an attack where an already authenticated user can escalate privileges) can be resolved by upgrading the web proxy. However, however all nodes need to be upgraded to mitigate all vulnerabilities.

Fixes

• Patch for TLP-01-001 and TLP-01-003: Check redirect.
• Patch for TLP-01-004: Always check is namespace is valid.
• Patch for TLP-01-005: Check user principal when joining session.
• Patch for TLP-01-006 and TLP-01-007: Validate Session ID.
• Patch for TLP-01-008: Use a fake hash for password authentication if user does not exist.
• Patch for TLP-01-009: Command injection in scp.