Introduction
Teleport is a zero-trust access platform that provides secure connectivity, authentication, role-based access control, and audit logging for infrastructure. It aims to replace traditional Bastion Host with short-lived credentials, session recording, and centralized policy.
Teleport (Single-Node) Deployment on Proxmox VE (PVE)
- Reserve a static IP and DNS name for Teleport on the management LAN (example: 192.168.1.40/24, gateway 192.168.1.4, DNS 192.168.1.23).
- Create an LXC or VM (Debian 12 or Ubuntu 22.04), 2 vCPU / 2 GB RAM / 20 GB disk, static IP, unprivileged LXC is OK.
- Update the OS and install prerequisites:
apt update && apt upgrade -y apt install -y curl gpg - Install Teleport from the official repository:
curl -fsSL https://deb.releases.teleport.dev/teleport-pubkey.asc | gpg --dearmor -o /usr/share/keyrings/teleport-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.gpg] https://deb.releases.teleport.dev/ stable main" >/etc/apt/sources.list.d/teleport.list apt update && apt install -y teleport - Create a single-node config at `/etc/teleport.yaml`:
version: v3 teleport: nodename: teleport data_dir: /var/lib/teleport log: output: stderr severity: INFO auth_service: enabled: yes cluster_name: pve-testbed proxy_service: enabled: yes web_listen_addr: 0.0.0.0:3080 public_addr: 192.168.1.40:3080 ssh_service: enabled: yes - Start Teleport and enable on boot:
systemctl enable --now teleport - Create the first admin user and grab the login link:
tctl users add admin --roles=access --logins=root
Then copy the one-time invite URL that tctl prints to the terminal (it looks like <https://
- Log in to the web UI at https://192.168.1.40:3080 (or your DNS name) and finish the initial setup.