how to install teleport cluster on debian 11

How to Install a Teleport Cluster on Debian 11

Looking for a tutorial on how to install a Teleport Cluster on Debian 11? This guide will show you the step-by-step method of installing and setting up Teleport on your Debian device the easy way.

Teleport is a secure access solution for developers to access their necessary resources like SSH servers, Kubernetes clusters, applications, databases, and Windows desktops & servers. Security teams can implement best practices like per-session MFA, SSO, RBAC, and more, thanks to Teleport. Teleport is open source. You can find the source code on their GitHub.

Prerequisites

Before we jump into the installation process, let’s first see what you need before installing Teleport on Debian.

  • Debian 11 installed
  • Root privileges or sudo
  • Some command-line tools
  • Authenticator app
  • Domain name with a trusted certificate

How to Install a Teleport Cluster on Debian 11

The first thing you need to do is install the necessary command-line tools and dependencies you need to fetch Teleport files. Install all the tools with this single command:

$ sudo apt install curl wget apt-transport-https gnupg2

Output:

install curl wget in debian

The next step is to download Teleport’s PGP public key. And you can do that simply using the following command:

$ sudo curl https://apt.releases.teleport.dev/gpg \-o /usr/share/keyrings/teleport-archive-keyring.asc

Output:

How to Install a Teleport Cluster on Debian 11

Now use the source command to get the source variables in ‘/etc/os-release‘. For that, run this command:

$ source /etc/os-release

Output:

source os release

When that is done, you need to add the Teleport APT repository to your source list. To do so, use this command:

$ echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v12" \
| sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null

Output:

How to Install a Teleport Cluster on Debian 11

Note that every time Teleport releases a major update, you will need to update this file as well. For this tutorial, we are installing Version 12. 

After doing that, update the software repository list using this command:

$ sudo apt-get update

Output:

sudo apt get update

As you can see from the above screenshot, we have successfully fetched the Teleport packages. Now it’s time to install it. Install Teleport in your Debian system by running this command below:

$ sudo apt-get install teleport

Output:

How to Install a Teleport Cluster on Debian 11

That’s it. You now have Teleport installed on Debian. It’s time to see how you can configure it and create Teleport clusters.

How to Configure the Teleport Server on Debian 11

After the installation is over, let’s start configuring Teleport. We will first create a Teleport configuration with this command:

$ sudo teleport configure -o file \
--cluster-name=tele.distroid.com \

--public-addr=tele.distroid.com:443 \

--cert-file=/etc/letsencrypt/live/tele.distroid.com/fullchain.pem \

--key-file=/etc/letsencrypt/live/tele.distroid.com/privkey.pem

This is just a demo, so you need to put in your own domain name, address, and path.

Next, open the Teleport config file in nano with this command:

$ sudo nano /etc/teleport.yaml

Append these lines at the end of the file:

app_service:
  enabled: yes
  apps:
  - name: "teleport"
    url: "http://localhost:9000"
    public_addr: "tele.distroid.com"

Remember to change the name and address to your own. Save the file with ‘Ctrl + O’ and exit with ‘Ctlr + X’.

Now you should check if Teleport works as expected. Start teleport by issuing this command:

$ teleport start

Output:

start teleport in debian 11

Teleport has started. Now open a web browser, e.g., Chrome or Firefox. In the search bar, enter ‘https://localhost/3080’. You should get a warning page like this:

running server on Teleport

This is because we have an invalid security certificate. For your system, you could use a secure Let’s Encrypt SSL certificate domain.

Now press ‘Advanced’ and then ‘Accept the Risk and Continue’. 

invalid security certificate

You should see the Teleport web login page that looks like this:

teleport login page

But we haven’t created any users. So let’s do that now.

Creating and Adding Users to Teleport Server

Go back to your Terminal and create a user. Use this command for that:

$ tctl users add ali --roles=editor --logins=root

Output:

Creating and Adding Users to Teleport Server debian

So we created a user named ‘ali’ and gave it the role of an editor with root privileges. Use any name you prefer and add the role you need.

If you want to check the list of users, you can do that by running this command:

$ tctl users ls

Output:

tctl users ls

You can also update user roles. Use this command:

$ tctl users update ali --set-roles=auditor

Alright, so back in your terminal, you were given a URL after adding a user. Right-click on that URL and press ‘Open Link’.

teleport login

This will automatically open the link in your default browser. You should either arrive at a Teleport web page asking you to create an account or another warning page. If you see the warning page, do as we did previously to go to the desired web page. You should see this web page:

create account on teleport

Click ‘Get Started’. Now enter a strong password. Re-type it in the ‘Confirm Password’ box. Then press ‘Next’.

create password on teleport

In this step, you need to set up a two-factor authenticator. Since Teleport suggests Authy, we will use that. Get Authy on your mobile device and configure it. After that, tap ‘Scan QR code’. 

Scan the QR code you see on the web page. You should see a code on your phone. Type that code into the ‘Authentication Code’ field. Now hit ‘Submit’.

teleport set two-factor device

You should see a ‘Registration Succesful’ message, like this:

teleport registration successful

Press ‘Go to Dashboard’. You will get a prompt to add your first resource to Teleport.

add first resource to teleport

If you’d like to do that right away, press ‘Add My First Resource’. Otherwise, press ‘I’ll do that later’. 

Now you add servers, applications, or the other clusters you can see on the left side menu. Let’s add a server in this tutorial.

To add a server, press ‘Add Server’ from the ‘Servers’ menu.

add a server to teleport

Go to ‘Next’. You should see a command listed in the next window. In your case, it looks like this:

$ sudo bash -c “$(curl -fsSL https://debian:3080/scripts/3784186e71c29dc1d4294c9875410ee/install-node.sh)”

Run this command in the server you’d like to add to Teleport. You must make sure you have a trusted SSL certificate else it won’t work.

When this process finishes, you should receive a message in the dashboard that the server successfully joined the Teleport cluster.

Now you need to set up access. Add the OS users you would like to give access to the server and then hit ‘next’.

In the last step, you can test the connection to see if everything is in place. Pick the OS user to test, verify whether the server is accessible, and finally connect to the server by pressing ‘Start Session’. Lastly, click ‘Finish’.

Final Thoughts

This guide shows you the process of installing Teleport on Debian 11 and setting up Teleport clusters. It’s a bit technical, so if you face errors and other issues while following this tutorial, let us know in the comments below. And you can always refer to the Teleport docs to learn more.

If this guide helped you, please share it.

Related Posts