[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-4807":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":45,"readmeContent":46,"aiSummary":47,"trendingCount":16,"starSnapshotCount":16,"syncStatus":48,"lastSyncTime":49,"discoverSource":50},4807,"teleport","gravitational\u002Fteleport","gravitational","The easiest, and most secure way to access and protect all of your infrastructure.","https:\u002F\u002Fgoteleport.com",null,"Go",20475,2085,231,2705,0,4,19,206,17,44.96,"GNU Affero General Public License v3.0",false,"master",[26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,5,44],"audit","bastion","certificate","cluster","database-access","firewall","firewalls","go","golang","jumpserver","kubernetes","kubernetes-access","pam","postgres","rbac","rdp","security","ssh","teleport-binaries","2026-06-12 02:01:04","Teleport provides connectivity, authentication, access controls and audit for\ninfrastructure.\n\nYou might use Teleport to:\n\n* Set up single sign-on (SSO) for all of your cloud and on-prem\n infrastructure.\n* Protect access to servers, Kubernetes clusters, databases, Windows\n desktops, web applications, and cloud APIs without long-lived keys or\n passwords.\n* Establish secure tunnels to reach resources behind NATs and firewalls\n without VPNs or bastion hosts.\n* Record and audit activity across SSH, Kubernetes, database, RDP, and web\n sessions.\n* Apply consistent Role-Based and Attribute-Based Access Control (RBAC\u002FABAC)\n across users, machines, workloads, and resource types.\n* Enforce least privilege and Just-in-Time (JIT) access requests for\n elevated roles or sensitive systems.\n* Maintain a single identity and access layer for both human users and\n workloads.\n\nTeleport works with SSH, Kubernetes, databases, RDP, cloud consoles,\ninternal web services, Git repositories, and Model Context Protocol (MCP)\nservers.\n\n\u003Cdiv align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgoteleport.com\u002Fdownload\">\n \u003Cimg src=\".\u002Fassets\u002Fimg\u002Fhero-teleport-platform.png\" width=750\u002F>\n \u003C\u002Fa>\n \u003Cdiv align=\"center\" style=\"padding: 25px\">\n \u003Ca href=\"https:\u002F\u002Fgoteleport.com\u002Fdownload\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fgravitational\u002Fteleport?sort=semver&label=Release&color=651FFF\" \u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgolang.org\u002F\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fgo-mod\u002Fgo-version\u002Fgravitational\u002Fteleport?color=7fd5ea\" \u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgravitational\u002Fteleport\u002Fblob\u002Fmaster\u002FCODE_OF_CONDUCT.md\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FContribute-🙌-green.svg\" \u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fagpl-3.0.en.html\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAGPL-3.0-red.svg\" \u002F>\n \u003C\u002Fa>\n \u003C\u002Fdiv>\n\u003C\u002Fdiv>\n\u003C\u002Fbr>\n\n## More Information\n[Teleport Getting Started](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fget-started\u002F) \n[Teleport Architecture](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Freference\u002Farchitecture\u002F) \n[Reference Guides](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Freference\u002F) \n[FAQ](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Ffaq)\n\n\n## Table of Contents\n\n1. [Introduction](#introduction)\n1. [Why We Built Teleport](#why-we-built-teleport)\n1. [Supporting and Contributing](#supporting-and-contributing)\n1. [Installing and Running](#installing-and-running)\n1. [Docker](#docker)\n1. [Building Teleport](#building-teleport)\n1. [License](#license)\n1. [FAQ](#faq)\n\n## Introduction\n\nTeleport includes an identity-aware access proxy, a CA that issues short-lived\ncertificates, a unified access control system, and a tunneling system to access\nresources behind the firewall.\n\nTeleport is a single Go binary that integrates with multiple protocols and\ncloud services, including\n\n* [SSH nodes](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources\u002Fserver-access\u002Fintroduction\u002F)\n* [Kubernetes clusters](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources\u002Fkubernetes-access\u002Fintroduction\u002F)\n* [PostgreSQL, MongoDB, CockroachDB and MySQL\n databases](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources\u002Fdatabase-access\u002F)\n* [Model Context Protocol](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fconnect-your-client\u002Fmodel-context-protocol\u002F)\n* [Internal Web apps](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources\u002Fapplication-access\u002Fintroduction\u002F)\n* [Windows Hosts](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources\u002Fdesktop-access\u002Fintroduction\u002F)\n* [Networked servers](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources\u002Fserver-access\u002Fintroduction\u002F)\n\nYou can set up Teleport as a [Linux\ndaemon](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fadmin-guides\u002Fdeploy-a-cluster\u002Flinux-demo)\nor a [Kubernetes\ndeployment](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fadmin-guides\u002Fdeploy-a-cluster\u002Fhelm-deployments\u002F).\n\nTeleport focuses on best practices for infrastructure security, including:\n\n- No shared secrets such as SSH keys or Kubernetes tokens; Teleport uses\n certificate-based auth with automatic expiration for all protocols.\n- Multi-factor authentication (MFA) for everything.\n- Single sign-on (SSO) for everything via GitHub Auth, OpenID Connect, or\n SAML with endpoints like Okta or Microsoft Entra ID.\n- Session sharing for collaborative troubleshooting for issues.\n- Infrastructure introspection to view the status of every SSH node, database\n instance, Kubernetes cluster, or internal web app through the Teleport CLI\n or Web UI.\n\nTeleport uses [Go crypto](https:\u002F\u002Fgodoc.org\u002Fgolang.org\u002Fx\u002Fcrypto). It is\n_fully compatible with OpenSSH_, `sshd` servers, and `ssh` clients,\nKubernetes clusters and more.\n\n| Project Links | Description |\n|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|\n| [Teleport Website](https:\u002F\u002Fgoteleport.com\u002F) | The official website of the project. |\n| [Documentation](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002F) | Admin guide, user manual and more. |\n| [Features](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Ffeature-matrix\u002F) | Explore the complete list of Teleport capabilities. |\n| [Blog](https:\u002F\u002Fgoteleport.com\u002Fblog\u002F) | Our blog where we publish Teleport news and helpful articles. |\n| [Forum](https:\u002F\u002Fgithub.com\u002Fgravitational\u002Fteleport\u002Fdiscussions) | Ask us a setup question or post tutorials, feedback, or ideas. |\n| [Developer Tools](https:\u002F\u002Fgoteleport.com\u002Fresources\u002Ftools\u002F) | Dozens of free browser-based tools for code processing, cryptography, data transformation, and more. |\n| [Teleport Academy](https:\u002F\u002Fgoteleport.com\u002Flearn\u002F) | How-to guides, best practices, and deep dives into topics like SSH, Kubernetes, MCP, and more. |\n| [Slack](https:\u002F\u002Fgoteleport.com\u002Fslack) | Need help with your setup? Ping us in our Slack channel. |\n| [Cloud & Self-Hosted](https:\u002F\u002Fgoteleport.com\u002Fpricing\u002F) | Teleport Enterprise is a cloud-hosted option for teams that require easy and secure access to their computing environments. |\n\n## Why We Built Teleport\n\nWhile working together at Rackspace, the creators of Teleport noticed that\nmost cloud users struggle with setting up and configuring infrastructure\nsecurity. Many popular tools designed for this are complex to understand and\nexpensive to maintain across modern, distributed computing infrastructure.\n\nWe decided to build a solution that's easy to use, understand, and scale. A\nreal-time representation of all your servers in the same room as you, as if\nthey were magically **teleported**. And thus, Teleport was born! \n\nToday, Teleport is trusted by everyone from hobbyists to hyperscalers to\nsimplify security across cloud CLIs and consoles, Kubernetes clusters, SSH\nservers, databases, internal web apps, and Model Context Protocol (MCP) used\nby AI agents.\n\n[Learn more about Teleport and our history](https:\u002F\u002Fgoteleport.com\u002Fabout\u002F)\n\n## Supporting and Contributing\n\nWe aim to make Teleport easy to adopt and contribute to, starting with clear and comprehensive [documentation](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002F). \n\nIf you have questions, are exploring ideas, or want to sanity-check something, please start with a GitHub Discussion. Discussions help us answer questions, explore use cases, and decide together whether something should become a bug report or feature request.\n\n- Start a conversation in [Teleport Discussions](https:\u002F\u002Fgithub.com\u002Fgravitational\u002Fteleport\u002Fdiscussions) \n This is the best place to ask questions, share ideas, and get help. Our engineers actively participate there, and discussions can be promoted to issues when there is a clear, actionable next step.\n\n- Issues are for confirmed bugs and well-defined feature requests \n If something has already been validated as a bug or an enhancement, feel free to open an issue. When in doubt, start a discussion and we will help guide it.\n\n- Enterprise and POC support \n If you are evaluating Teleport Enterprise or need more responsive support during a POC, we can set up a dedicated Slack channel. You can [reach out to us through our website](https:\u002F\u002Fgoteleport.com\u002Fcontact-sales\u002F) to get started.\n\n## Installing and Running\n\nTo set up a single-instance Teleport cluster, follow our [getting started\nguide](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fadmin-guides\u002Fdeploy-a-cluster\u002Flinux-demo\u002F).\nYou can then register your servers, Kubernetes clusters, and other\ninfrastructure with your Teleport cluster.\n\nYou can also get started with Teleport Enterprise Cloud, a managed Teleport\ndeployment that makes it easier to enable secure access to your\ninfrastructure.\n\n[Sign up for a free trial](https:\u002F\u002Fgoteleport.com\u002Fsignup\u002F) of Teleport\nEnterprise Cloud, and follow this guide to [register your first\nserver](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fget-started\u002F).\n\n## Docker\n\n### Deploy Teleport\n\nIf you wish to deploy Teleport inside a Docker container see the\n[installation guide](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Finstallation\u002Fdocker\u002F#running-teleport-on-docker).\n\n### For Local Testing and Development\n\nTo run a full test suite locally, see [the test dependencies\nlist](BUILD_macos.md#local-tests-dependencies)\n\n## Building Teleport\n\nThe `teleport` repository contains the Teleport daemon binary (written in Go)\nand a web UI written in TypeScript.\n\nIf your intention is to build and deploy for use in a production infrastructure\na released tag should be used. The default branch, `master`, is the current\ndevelopment branch for an upcoming major version. Get the latest release tags\nlisted at https:\u002F\u002Fgoteleport.com\u002Fdownload\u002F and then use that tag in the `git\nclone`. For example `git clone\nhttps:\u002F\u002Fgithub.com\u002Fgravitational\u002Fteleport.git -b v18.5.0` gets release\nv18.5.0.\n\n### Dockerized Build\n\nIt is often easiest to build with Docker, which ensures that all required\ntooling is available for the build. To execute a dockerized build, ensure\nthat docker is installed and running, and execute:\n\n```\nmake -C build.assets build-binaries\n```\n\nThis command will build Linux binaries matching the host architecture.\nIt is not possible to cross-compile to a different target architecture.\n\n### Local Build\n\n#### Dependencies\n\nThe following dependencies are required to build Teleport from source. For\nmaximum compatibility, install the versions of these dependencies using the\nversions listed in [`build.assets\u002Fversions.mk`](\u002Fbuild.assets\u002Fversions.mk):\n\n1. [`Go`](https:\u002F\u002Fgolang.org\u002Fdl\u002F)\n1. [`Rust`](https:\u002F\u002Fwww.rust-lang.org\u002Ftools\u002Finstall)\n1. [`Node.js`](https:\u002F\u002Fnodejs.org\u002Fen\u002Fdownload\u002F)\n1. [`libfido2`](https:\u002F\u002Fgithub.com\u002FYubico\u002Flibfido2)\n1. [`pkg-config`](https:\u002F\u002Fwww.freedesktop.org\u002Fwiki\u002FSoftware\u002Fpkg-config\u002F)\n\nFor an example of dev environment setup on macOS, see [these\ninstructions](\u002FBUILD_macos.md).\n\n#### Perform a build\n\n>**Important**\n>\n>* The Go compiler is somewhat sensitive to the amount of memory: you will\n need **at least** 1GB of virtual memory to compile Teleport. A 512MB\n instance without swap will **not** work.\n>* This will build the latest version of Teleport. \n\nGet the source\n\n```shell\ngit clone https:\u002F\u002Fgithub.com\u002Fgravitational\u002Fteleport.git\ncd teleport\n```\n\nTo perform a build\n\n```shell\nmake full\n```\n\n`tsh` dynamically links against libfido2 by default, to support development\nenvironments, as long as the library itself can be found:\n\n```shell\n$ brew install libfido2 pkg-config # Replace with your package manager of choice\n\n$ make build\u002Ftsh\n> libfido2 found, setting FIDO2=dynamic\n> (...)\n```\n\nRelease binaries are linked statically against libfido2. You may switch the\nlinking mode using the FIDO2 variable:\n\n```shell\nmake build\u002Ftsh FIDO2=dynamic # dynamic linking\nmake build\u002Ftsh FIDO2=static # static linking, for an easy setup use `make enter`\n # or `build.assets\u002Fmacos\u002Fbuild-fido2-macos.sh`.\nmake build\u002Ftsh FIDO2=off # doesn't link libfido2 in any way\n```\n\n`tsh` builds with Touch ID support require access to an Apple Developer\naccount. If you are a Teleport maintainer, ask the team for access.\n\n#### Build output and run locally\n\nIf the build succeeds, the installer will place the binaries in the `build`\ndirectory.\n\nBefore starting, create default data directories:\n\n```shell\nsudo mkdir -p -m0700 \u002Fvar\u002Flib\u002Fteleport\nsudo chown $USER \u002Fvar\u002Flib\u002Fteleport\n```\n\n#### Running Teleport in a hot reload mode\n\nTo speed up your development process, you can run Teleport using\n[`CompileDaemon`](https:\u002F\u002Fgithub.com\u002Fgithubnemo\u002FCompileDaemon). This will\nbuild and run the Teleport binary, and then rebuild and restart it whenever\nany Go source files change.\n\n1. Install CompileDaemon:\n\n ```shell\n go install github.com\u002Fgithubnemo\u002FCompileDaemon@latest\n ```\n\n Note that we use `go install` instead of the suggested `go get`, because\n we don't want CompileDaemon to become a dependency of the project.\n\n1. Build and run the Teleport binary:\n\n ```shell\n make teleport-hot-reload\n ```\n\n By default, this runs a `teleport start` command. If you want to\n customize the command, for example by providing a custom config file\n location, you can use the `TELEPORT_ARGS` parameter:\n\n ```shell\n make teleport-hot-reload TELEPORT_ARGS='start --config=\u002Fpath\u002Fto\u002Fconfig.yaml'\n ```\n\nNote that you still need to run [`make grpc`](api\u002Fproto\u002FREADME.md) if you\nmodify any Protocol Buffers files to regenerate the generated Go sources;\nregenerating these sources should in turn cause the CompileDaemon to rebuild\nand restart Teleport.\n\n### Web UI\n\nThe Teleport Web UI resides in the [web](web) directory.\n\n#### Rebuilding Web UI for development\n\nTo rebuild the Teleport UI package, run the following command:\n\n```bash\nmake docker-ui\n```\n\nThen you can replace Teleport Web UI files with the files from the\nnewly-generated `\u002Fdist` folder.\n\nTo enable speedy iterations on the Web UI, you can run a [local web-dev\nserver](web#web-ui).\n\nYou can also tell Teleport to load the Web UI assets from the source\ndirectory. To enable this behavior, set the environment variable `DEBUG=1`\nand rebuild with the default target:\n\n```bash\n# Run Teleport as a single-node cluster in development mode:\nDEBUG=1 .\u002Fbuild\u002Fteleport start -d\n```\n\nKeep the server running in this mode, and make your UI changes in `\u002Fdist`\ndirectory. For instructions about how to update the Web UI, read [the `web`\nREADME](web#readme).\n\n### Managing dependencies\n\nAll dependencies are managed using [Go\nmodules](https:\u002F\u002Fblog.golang.org\u002Fusing-go-modules). Here are the\ninstructions for some common tasks:\n\n#### Add a new dependency\n\nLatest version:\n\n```bash\ngo get github.com\u002Fnew\u002Fdependency\n```\n\nand update the source to use this dependency.\n\n\nTo get a specific version, use `go get\ngithub.com\u002Fnew\u002Fdependency@version` instead.\n\n#### Set dependency to a specific version\n\n```bash\ngo get github.com\u002Fnew\u002Fdependency@version\n```\n\n#### Update dependency to the latest version\n\n```bash\ngo get -u github.com\u002Fnew\u002Fdependency\n```\n\n#### Update all dependencies\n\n```bash\ngo get -u all\n```\n\n#### Debugging dependencies\n\nWhy is a specific package imported?\n\n`go mod why $pkgname`\n\nWhy is a specific module imported?\n\n`go mod why -m $modname`\n\nWhy is a specific version of a module imported?\n\n`go mod graph | grep $modname`\n\n## License\n\nTeleport is distributed in multiple forms with different licensing\nimplications.\n\nThe Teleport API module (all code in this repository under `\u002Fapi`) is\navailable under the [Apache 2.0 license](.\u002Fapi\u002FLICENSE).\n\nThe remainder of the source code in this repository is available under the\n[GNU Affero General Public License](.\u002FLICENSE). Users compiling Teleport\nfrom source must comply with the terms of this license.\n\nTeleport Community Edition builds distributed on\nhttp:\u002F\u002Fgoteleport.com\u002Fdownload are available under a [modified Apache 2.0\nlicense](.\u002Fbuild.assets\u002FLICENSE-community).\n\n## FAQ\n\n### Is Teleport production-ready?\n\nYes, Teleport is production-ready and used to protect and facilitate\naccess to the most precious and mission-critical applications at many of\ntoday's leading companies. You can learn more about the companies using\nTeleport in production [on our website](https:\u002F\u002Fgoteleport.com\u002Fcase-study\u002F).\n\n### Is Teleport secure?\n\nYes, Teleport has completed several security audits from nationally and\ninternationally recognized technology security companies. We publicize\naudit results, our security philosophy, and related information on our\n[trust page](https:\u002F\u002Ftrust.goteleport.com\u002F).\n\n### What resources does Teleport support?\n\nTeleport secures access to a [broad set of infrastructure\nresources](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources), including Linux\nservers, Windows desktops, Kubernetes clusters, databases, internal web\napplications, cloud provider APIs and consoles (such as AWS, Azure, and\nGCP), and Model Context Protocol (MCP) servers used by AI agents.\n\n### How is Teleport deployed?\n\nTeleport can be [deployed to fit most\nenvironments](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Ffeature-matrix\u002F#platform-integrations-management-licensing-and-deployment),\neither as a self-hosted cluster on Linux or Kubernetes or using Teleport\nEnterprise Cloud. In all cases, Teleport agents run close to your\nresources and connect through an Auth Service and Proxy Service that\nenforces identity, access control, and audit.\n\n### Is Teleport an identity provider (IdP)?\n\nTeleport uses existing IdPs (Okta, Google Workspace, Microsoft Entra ID,\nor GitHub) to issue short-lived certificates and apply access policies.\nTeleport can also be [configured to act as a SAML\nIdP](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fidentity-governance\u002Fidps\u002F) to authenticate\nusers into applications when needed.\n\n### Does Teleport require credential handling or secrets management?\n\nTeleport eliminates long-lived passwords, SSH keys, database credentials,\ncredential rotations, and vault processes by issuing [short-lived,\nauto-expiring mTLS and SSH\ncertificates](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Freference\u002Farchitecture\u002Fauthentication\u002F#short-lived-certificates)\nbound to human or non-human identity.\n\n### Is Teleport a Privileged Access Management (PAM) solution?\n\nTeleport provides modern PAM software capabilities like strong\nauthentication, session recording, policy-based access, and JIT elevation\nwithout secrets, credential rotation, or vault dependencies. This enables\ncontrolled, audited access to servers, Kubernetes, databases, cloud\nconsoles, and other privileged environments using short-lived certificates\nand role-based policies.\n\n### Is Teleport a Just-in-Time (JIT) access solution?\n\nTeleport enables [JIT access through time-bound Access\nRequests](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fidentity-governance\u002Faccess-requests\u002F).\nUsers request the roles or resources they temporarily need, policies decide\nwhether approval is required, and privileges automatically expire. This\napproach maintains least privilege while keeping access workflows\nefficient and predictable.\n\n### Does Teleport secure access to Kubernetes?\n\nTeleport can [proxy and secure Kubernetes\naccess](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fenroll-resources\u002Fkubernetes-access\u002Fintroduction\u002F)\nwith identity-based authentication, role-based access controls, and\ndetailed auditing of kubectl activity.\n\n### Does Teleport support SPIFFE?\n\nTeleport supports [SPIFFE-compatible identities for\nworkloads](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fmachine-workload-identity\u002Fworkload-identity\u002Fspiffe\u002F),\nallowing it to participate in SPIFFE ecosystems and federation.\nTeleport issues short-lived SVIDs and can integrate with external PKI\nhierarchies.\n\n### Is Teleport an alternative for VPNs or bastion hosts?\n\nYes. Teleport is frequently used as an alternative to traditional VPNs\nand bastion hosts, enabling [direct, identity-based access to\nresources](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fcore-concepts\u002F#teleport-proxy-service)\ninstead of broad network access.\n\n### Does Teleport secure the Model Context Protocol (MCP) and AI agents?\n\nTeleport [secures MCP\nconnections](https:\u002F\u002Fgoteleport.com\u002Fdocs\u002Fconnect-your-client\u002Fmodel-context-protocol\u002F)\nby placing identity-aware policy enforcement between MCP clients and\nservers. This ensures all tool invocations are authenticated, authorized,\nand audited without custom authorization code and that sensitive systems\nare protected from overly broad access.\n","Teleport 是一个提供基础设施访问和保护的解决方案。它通过统一的身份验证、访问控制和审计功能,确保对服务器、Kubernetes 集群、数据库、Windows 桌面、Web 应用程序和云 API 的安全访问。其核心功能包括单点登录(SSO)、无长期密钥或密码的资源保护、跨 NAT 和防火墙的安全隧道建立、会话活动记录与审计、以及基于角色和属性的访问控制(RBAC\u002FABAC)。Teleport 适用于需要加强安全性和简化访问管理的企业环境,特别是在混合云或多云部署场景中,能够为人类用户和工作负载提供一致的身份和访问层。",2,"2026-06-11 03:00:35","top_language"]