New Linux SSH server shows off Golang's infrastructure power

Teleport has tons of team-friendly features, and it showcases Google's Go language as a replacement for critical IT infrastructure

Gravitational, maker of a SaaS support system built with Kubernetes, has released the latest open source iteration of a key part of that system.

Teleport, an SSH server that provides support teams with simpler remote management for server clusters, is an example of using Google's Go language to devise safer but still performant replacements for critical infrastructure.

Log me in (and him and her and her too)

Teleport is a replacement for sshd, the stock Linux server for SSH, and it works with existing OpenSSH clients and servers as-is. Instead of using manual key management, a common SSH headache, Teleport uses OpenSSH certificates stored on the cluster to automatically generate session keys. It also decouples SSH logins from server logins for additional safety, and it can use a separate identity store -- not only the user accounts on the machine in question -- to authenticate.

Aside from the usual command-line interface, Teleport has a web UI that provides quick access to available nodes. The web UI also has its own terminal emulator, so joint-login SSH sessions can be shared with colleagues in real time through a specially crafted URL. All sessions can be recorded and played back through the web UI as if they were movies, with pause and scrub-through.

The original vision for Teleport was about better handling of state around SSH sessions: keys, secrets, user accounts, and so on. Version 2.0 adds new features in that vein, such as a DynamoDB back end for cluster state storage and a plugins framework that provide secrets storage (including a back end for storing secrets in files), but it also fixes some issues around interoperating with OpenSSH, including managing Teleport with Ansible.

Raze, rebuild, revamp

Aside from providing a more convenient incarnation of SSH, Teleport is an example of recruiting Go to develop replacements for key pieces of IT infrastructure -- especially long-standing bits with aging, problematic implementations.

A Gravitational representative noted in email that Teleport works with Go's implementation of SSH (also written in Go), but noted that Go brings a high degree of portability to the finished product: "[Go] also allows us to package Teleport as a single binary with minimal system dependencies which leads to easier distribution." This shows that Teleport could be included in Linux distributions as a standard component, both as a binary and as source, since many distros (such as Red Hat's Fedora) now ship with the Go toolchain.

Go's simplicity of design is sometimes criticized as too minimal for its own good, but it has also been praised for providing fast methods to develop software that is solid and maintainable. Eric S. Raymond looked at using both Rust and Go as possible languages to write a replacement for the Network Time Protocol. (The existing project is underfunded and riddled with flaws.) In the end, he settled on Go, in part because Go was easier to master and already has a level of maturity that he felt was better suited to core infrastructure that needs maintenance over long periods of time.


EmoticonEmoticon