urlscan.io logo urlscan.io
SecurityTrails logo

goteleport.com Open in urlscan Pro
2606:4700::6812:717  Public Scan

Back to summary
Submitted URL: https://em.goteleport.com/ODE5LVdIVC00ODMAAAGOn4zqOqbGSCsABQ58dcuJMZ3ZubKg_6cBFLWLfEPxO9SDUk52Qpjczjys9dbHu-TmezN2OxM=
Effective URL: https://goteleport.com/security/?mkt_tok=ODE5LVdIVC00ODMAAAGOn4zqOupe1oKbvPB9Pl5KxOfep5AKrkPeO7mlno8B6-VF2DfV3AEZAluDFS...
Submission: On October 06 via api from IL — Scanned from DE

Form analysis 2 forms found in the DOM

<form id="mktoForm_1027" class="sc-12c5e681-0 bKDcNo mktoForm mktoHasWidth mktoLayoutLeft" __bizdiag="196351654" __biza="W___" novalidate="novalidate" data-styles-ready="true">
  <style type="text/css"></style>
  <div class="mktoFormRow">
    <div class="mktoFieldDescriptor mktoFormCol">
      <div class="mktoOffset"></div>
      <div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth">
          <div class="mktoAsterix">*</div>Email:
        </label>
        <div class="mktoGutter mktoHasWidth"></div><input id="Email" name="Email" placeholder="Email Address" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
          aria-required="true"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
        <div class="mktoClear"></div>
      </div>
      <div class="mktoClear"></div>
    </div>
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="UTM_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="UTM_Content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="UTM_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="UTM_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="UTM_Term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="gaid__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="gclid__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative"><button type="submit" class="mktoButton">Subscribe</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor" value="1027"><input type="hidden"
    name="munchkinId" class="mktoField mktoFieldDescriptor" value="819-WHT-483">
</form>

<form class="sc-12c5e681-0 bKDcNo mktoForm mktoHasWidth mktoLayoutLeft" __bizdiag="-1238560135" __biza="W___" novalidate="novalidate"
  style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>

Text Content

Teleport Connect 2023
Oct 25
San Francisco, CA
Register

Platform


PLATFORM

Why TeleportHow It Works


ACCESS CONTROL

SSHKubernetesDatabasesInternal WebappsWindowsAWS Console
Our Features
AssistSingle Sign OnJust In Time Access RequestsRole Based Access ControlAudit
and Session RecordingsDevice TrustPasswordless
Solutions


BY USE CASE

Privileged Access ManagementMachine-to-Machine AccessDeveloper-friendly
browserPasswordless Infrastructure Access


BY INDUSTRY

E-commerce & EntertainmentFinancial ServicesSoftware-as-a-service (SaaS)
Providers


BY CLOUD PROVIDER

Infrastructure Access for AWS


BY COMPLIANCE STANDARD

FedRAMPHIPAASOC 2
Resources


TRY TELEPORT

Teleport LabsTeleport TeamIntegrations
Community
Our CustomersGitHubTeleport Connect 2023
Resources
BlogEventsWebinarsPodcastsTech PapersLearn


SUPPORT

Support PortalCommunity SlackGitHub DiscussionsSystem Status
Featured Resource
Documentation
DocumentationTeleport ClientsHow It WorksTeleport LabsTeleport CommunityTeleport
Slack ChannelGitHub
Pricing

Community
Getting Started with OSSDownloadsCommunity SlackGitHubGitHub DiscussionsPodcasts
Sign In

Get StartedContact Sales
Teleport Access Platform


SECURITY AT TELEPORT

Teleport is dedicated to trusted, contemporary security. We're thankful for the
high level of trust our customers place in Teleport when they choose to secure
their critical infrastructure using our products.



SECURITY TEAM


TELEPORT MAINTAINS A CROSS-FUNCTIONAL SECURITY TEAM DEDICATED TO:


 * Teleport code, dependency, and supply chain vulnerability detection and
   response
 * Teleport Cloud Security
 * Corporate IT Security




REPORTING A VULNERABILITY

If you have any questions, please contact us. We are deeply grateful to
researchers and our community who report issues so that we can coordinate a fix
and responsible disclosure.
Report Vulnerability


SECURITY COMMITMENTS

We make the following security commitments:


 * PROACTIVE DETECTION
   
   We contract and publish third-party security audits of our products and
   platform annually. Our previous reports are available on our Trust page.
   Furthermore, Teleport conducts regular security vulnerability scanning of our
   code and infrastructure using tools like Dependabot and Trivy.


 * DISCLOSURE
   
   We notify customers of critical vulnerabilities that affect the security of
   their systems. Prior vulnerability disclosures are found in our Teleport
   Release Notes.


 * RESPONSE
   
   All security issues are rapidly triaged by our security team. Critical and
   high severity security findings trigger a formal incident response.


 * PRIVACY
   
   As part of our security stance, we protect our customers’ and partners’
   privacy. Find our privacy policy at https://goteleport.com/legal/privacy.


 * COMPLIANCE
   
   We maintain SOC 2 Type II, ISO 27001, and HIPAA Security Rule compliance for
   our cloud and self-hosted products, which can be provided under NDA.
   Additionally, we further commit to our Security Addendum, which covers
   policy, security, confidentiality, access controls, management, incident
   response, and more to detail how we protect customer data.


PUBLIC CERTIFICATES & ENCRYPTION KEYS

We use the following certificates and public keys to sign our software. Many of
these keys and certificates use our legal business name “Gravitational Inc.” and
our former domain “gravitational.com”. Don’t worry – Gravitational is Teleport.
RPM & Debian Signing Keys
We sign our RPM and Debian repositories with the following PGP key:
 * ID 6282C411
 * Fingerprint 0C5E 8BA5 658E 320D 1B03 1179 C87E D53A 6282 C411

The key is available for download at:
 * https://deb.releases.teleport.dev/teleport-pubkey.asc
 * https://rpm.releases.teleport.dev/RPM-GPG-KEY-teleport

See the following pages for information on using this key to verify downloaded
packages:
 * https://deb.releases.teleport.dev/
 * https://rpm.releases.teleport.dev/

Apple Signing Certificates
Our Apple packages and binaries are code signed by "Developer ID QH8AA5B8UP
Gravitational Inc." with the following certificate:
 * SHA256 Fingerprint 78 2F E1 18 5F A1 AD 68 AD 25 0B A9 4D 21 DC BB 0D 8E 47
   C6 E4 1D FE FB AB 05 41 33 4C 33 1D 43
 * SHA1 Fingerprint 82 B6 25 AD 32 7C 24 1B 37 8A 54 B4 B2 54 BB 08 CE 71 B5 DF

Packages published prior to September 14, 2021 are signed with an older
certificate for the same Developer ID (QH8AA5B8UP):
 * SHA256 Fingerprint 78 05 14 69 20 59 21 D1 EE 96 42 01 5A 28 35 FB E1 D4 38
   5E 2A 23 5D 62 73 A4 D1 27 8A 33 BA 34
 * SHA1 Fingerprint D2 70 EA 0C F2 0E CB 17 28 B2 21 E1 D5 B6 7C FE 50 FF AB 62

Verify the Developer ID and fingerprint match on package downloads with the
pkgutil tool:
$ pkgutil --check-signature teleport-7.1.2.pkg Package "teleport-7.1.2.pkg":
Status: signed by a developer certificate issued by Apple for distribution
Signed with a trusted timestamp on: 2021-09-15 00:49:03 +0000 Certificate Chain:
1. Developer ID Installer: Gravitational Inc. (QH8AA5B8UP) Expires: 2026-07-27
18:27:29 +0000 SHA256 Fingerprint: 78 2F E1 18 5F A1 AD 68 AD 25 0B A9 4D 21 DC
BB 0D 8E 47 C6 E4 1D FE FB AB 05 41 33 4C 33 1D 43
------------------------------------------------------------------------ 2.
Developer ID Certification Authority Expires: 2027-02-01 22:12:15 +0000 SHA256
Fingerprint: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
F2 9C 88 CF B0 B1 BA 63 58 7F
------------------------------------------------------------------------ 3.
Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E
CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0
24
The codesign tool can be used to perform the verification on individual
binaries:
$ codesign --verify -d --verbose=2 /usr/local/bin/tsh ... Authority=Developer ID
Application: Gravitational Inc. (QH8AA5B8UP) Authority=Developer ID
Certification Authority Authority=Apple Root CA Timestamp=Jul 30, 2021 at
1:44:06 PM Info.plist=not bound TeamIdentifier=QH8AA5B8UP ...
The Teleport package in Homebrew is not maintained or signed by Teleport. We
recommend the use of our Teleport packages.
Windows Signing Certificates
Our Windows binaries are signed with the following certificate:
 * Issued to Gravitational Inc.
 * Thumbprint F2FBE7B8228122EB74DE2DC093DB81F8E6896253

Verify the binary using the following PowerShell command:
Get-AuthenticodeSignature -FilePath .\tsh.exe Directory: C:\Users\ExampleUser
SignerCertificate Status Path ----------------- ------ ----
F2FBE7B8228122EB74DE2DC093DB81F8E6896253 Valid tsh.exe
Ensure that the SignerCertificate matches the thumbprint shown above, and that
the Status field is Valid.
To further inspect the certificate, run the following PowerShell command:
(Get-AuthenticodeSignature -FilePath.\tsh.exe).SignerCertificate | Format-List
Subject : CN=Gravitational Inc., O=Gravitational Inc., L=Oakland, S=California,
C=US Issuer : CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com,
O=DigiCert Inc, C=US Thumbprint : F2FBE7B8228122EB74DE2DC093DB81F8E6896253
FriendlyName : NotBefore : 11/8/2020 5:00:00 PM NotAfter : 11/14/2023 4:59:59 PM
Extensions : {System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}
Alternatively, Windows binaries may be inspected graphically via the Windows
Explorer with the following steps:
 1. Right click on the binary in question, for example tsh.exe.
 2. Select “Properties”.
 3. On the resulting “tsh.exe Properties” dialog, select the “Digital
    Signatures” tab.
 4. Select the “Gravitational Inc.” signer from the list.
 5. Select the “Details” button.
 6. On the resulting “Digital Signature Details” dialog, ensure that the header
    states “This digital signature is OK.”
 7. Select the “View Certificate” button.
 8. On the resulting “Certificate” dialog, select the “Details” tab.
 9. Select the “Thumbprint” item from the list, and compare its value to the
    thumbprint listed above.

OCI Container Images
All of our distroless OCI container images are signed with cosign. Signatures
can be validated against the Teleport OCI image signing key.
$ cosign verify --key teleport-oci-key-2023-05.pub
public.ecr.aws/gravitational/teleport-distroless-debug:12.3.3 Verification for
public.ecr.aws/gravitational/teleport-distroless-debug:12.3.3 -- The following
checks were performed on each of these signatures: - The cosign claims were
validated - The signatures were verified against the specified public key
[{"critical":{"identity":{"docker-reference":"public.ecr.aws/gravitational/teleport-distroless-debug"},"image":{"docker-manifest-digest":"sha256:450fa0f11bbd692ce8236adbc73ed4d32c464cab799bfb32de75e0769f51181a"},"type":"cosign
container image signature"},"optional":null}]
Note that for cosign versions >= 2.0 you may need to use the new
--insecure-ignore-tlog option for some images. These images were signed with an
older version of cosign.


TRY TELEPORT TODAY

In the cloud, self-hosted, or open source
Get StartedView developer docs

Get the latest product updates and engineering blog posts

*
Email:











Subscribe


 * PROTOCOLS
   
   * Teleport Overview
   * SSH
   * Kubernetes
   * Databases
   * Applications
   * Windows
   * Teleport Features
   * Teleport Pricing


 * DOCUMENTATION
   
   * Teleport Documentation
   * Download Teleport
   * How Teleport works
   * GitHub repository


 * LEARN
   
   * Why Teleport?
   * Teleport Learn
   * Blog
   * Customers
   * Resources
   * Events
   * What is SSH?
   * What is a Kubernetes cluster?


 * COMPANY
   
   * About us
   * Security
   * Careers
   * News
   * Partners
   * Status


 * GET IN TOUCH
   
   * (855) 818 9008
   * General inquiries
   * Customer support
   
   
   * CONNECT
     
     * Teleport Community
     * Slack
     * GitHub
     * Twitter
     * LinkedIn
     * YouTube

© 2023 Gravitational Inc.; all rights reserved.

 * Terms of Service
 * Website Terms of Use
 * Privacy
 * Job Applicant Privacy Policy