Installing Teleport on Linux

Report an issue with this page

Teleport maintains DEB and RPM package repositories for different operating systems, platforms, and Teleport versions. A server that installs Teleport from a DEB or RPM package must have systemd installed. You can also download TAR archives containing Teleport binaries.

Note that Teleport agents should always use the one-line installation script or teleport-update binary to install Teleport. Otherwise, they will fall out-of-date, become incompatible with the cluster, and eventually disconnect.

Operating system support

Operating System	teleport Daemon	tctl Admin Tool	tsh and Teleport Connect User Clients [1]	Web UI (via the browser)	tbot Daemon
Linux 3.2+ (RHEL/CentOS 7+, Rocky Linux 8+, Amazon Linux 2+, Amazon Linux 2023+, Ubuntu 16.04+, Debian 9+, SLES 12 SP 5+, and SLES 15 SP 5+) [2]	yes	yes	yes [3]	yes	yes

[1] tsh is a Command Line Client (CLI) and Teleport Connect is a Graphical User Interface (GUI) desktop client. See Using Teleport Connect for usage and installation.

[2] Enhanced Session Recording requires Linux kernel v5.8+.

[3] Teleport Connect on Linux requires glibc 2.28+ present in Ubuntu 20.04+, Debian 10+, Fedora 37+.

For best results, Teleport clients (tsh, tctl, tbot) should be the same major version as the cluster they are connecting to. Teleport servers are compatible with clients that are on the same major version or one major version older. Teleport servers do not support clients that are on a newer major version. See our Upgrading guide for more information.

Installing Teleport as a cluster

If you are starting out with Teleport, we recommend beginning with a Teleport Cloud account. From there, the only Teleport components you need to deploy yourself are Teleport Agents, which is discussed in the next section.

If you are self-hosting a Teleport cluster, please take a look at our Linux Demo for the Teleport Community Edition or our Self-Hosting Teleport section in the docs for more information on Teleport Enterprise Self-Hosted.

Teleport Enterprise Cloud (Managed)

Teleport Enterprise Cloud is provisioned and managed for you so there are no install steps. The only Teleport components you need to deploy yourself are Teleport Agents.

Teleport Enterprise (Self-Hosted)

TELEPORT_EDITION="enterprise"
TELEPORT_VERSION="18.1.6"

Then, download and run the generic installation script on the server where you want to install Teleport:

curl https://cdn.teleport.dev/install.sh | bash -s ${TELEPORT_VERSION?} ${TELEPORT_EDITION?}

Teleport Community Edition

TELEPORT_EDITION="oss"
TELEPORT_VERSION="18.1.6"

Then, download and run the generic installation script on the server where you want to install Teleport:

curl https://cdn.teleport.dev/install.sh | bash -s ${TELEPORT_VERSION?} ${TELEPORT_EDITION?}

Cluster configuration

The above methods for installing Teleport on a Linux server do not generate a Teleport configuration file for you. For this, we have a teleport configure CLI command or you can create one manually.

See the following guides for help setting up a configuration file:

• Teleport Configuration Reference: This will provide you with the command you need to generate and populate the /etc/config.yaml file as well as further configuration options for your cluster.
• Self-Hosted Demo Cluster: If you are deploying the Teleport Auth Service and Proxy Service, read this guide for an example of a configuration file.

Installing Teleport as an agent

The easiest way to install Teleport as an agent is through the WebUI at /web/discover, where you can select a resource to enroll with your Teleport cluster and retrieve an "all-in-one" installation script to run on Linux hosts.

One-line installation script

Outside of the WebUI, you can run our one-line cluster install script on your Linux server where you are deploying Teleport as an agent. This script will detect and use the best version, edition, and installation mode for your cluster. Note that this is script is for Teleport versions 17.3 and above. If you are installing a version before this edition or this script does not work on your server, see below for other options.

1. Assign example.teleport.sh:443 to your Teleport cluster hostname and Web UI port. This should contain you cluster hostname and port, but not the scheme (https://).
2. Run your cluster's install script:

   curl "https://example.teleport.sh:443/scripts/install.sh" | sudo bash

You can also use the example Terraform module for deploying agents in Deploy Agents with Terraform.

Agent configuration

Outside of deploying Teleport as an agent in the WebUI, the methods for installing Teleport on a Linux server do not generate a Teleport configuration file for you. You will need to generate one prior to starting the Teleport service.

See the following guides for examples of setting up a configuration file:

• Enroll Resources: Guides to setting up Teleport Agents in order to enroll infrastructure resources in your cluster. These guides include examples of setting up Teleport configuration files.
• Self-Hosted Demo Cluster: If you are deploying the Teleport Auth Service and Proxy Service, read this guide for an example of a configuration file.
• Teleport Configuration Reference: A guide to all configuration fields.

Other Install Methods

Package repositories

The one-line-installation-script automatically detects a package manager on the local system and uses it to install Teleport from an upstream repository.

If your system does not support the one-line installation script, read the instructions in this section for instructions on working with Teleport package repositories.

Note that Teleport agents should always use the one-line installation script or teleport-update binary to install Teleport. Otherwise, they will fall out-of-date, become incompatible with the cluster, and eventually disconnect.

1. Assign the following environment variables in the terminal where you will run Teleport installation commands, indicating the package and version to install:

   Teleport Enterprise (Self-Hosted)

   export TELEPORT_PKG=teleport-ent
   export TELEPORT_VERSION=v18
   export TELEPORT_CHANNEL=stable/${TELEPORT_VERSION?}

   For FedRAMP/FIPS-compliant installations, install the teleport-ent-fips package instead:

   export TELEPORT_PKG=teleport-ent-fips

   Teleport Community Edition

   export TELEPORT_PKG=teleport
   export TELEPORT_VERSION=v18
   export TELEPORT_CHANNEL=stable/${TELEPORT_VERSION?}

2. Teleport maintains DEB and RPM package repositories for different Linux distributions based on variables defined in /etc/os-release on Linux systems. Source this file to define the variables:

   source /etc/os-release

3. Make sure the value of the ID environment variable is supported.

   The Teleport DEB and RPM repositories don't expose packages for all distribution variants. When installing Teleport using RPM repositories, you may need to replace the ID variable set in /etc/os-release with ID_LIKE to install packages of the closest supported distribution.

   Currently supported distributions (and ID values) are:

   Distribution	Version	ID value in /etc/os-release
   Amazon Linux	2 and 2023	amzn
   CentOS	>= 7	centos
   Debian	>= 9	debian
   RHEL	>= 7	rhel
   Rocky Linux	>= 8	rocky
   SLES	>= 12 SP5, >= 15 SP5	sles
   Ubuntu	>= 16.04	ubuntu

   Note that Enhanced Session Recording requires Linux kernel version 5.8+. This means that it requires more recent OS versions than other Teleport features:

   Distribution	Version
   Amazon Linux	2 (post 11/2021), 2023
   CentOS/RHEL	9+
   Rocky Linux	8+
   Debian	11, or 10 with backports
   Ubuntu	20.042+

   If the value of ID is not in the list above, look up the space-separated values of the ID_LIKE variable you sourced from /etc/os-release and see if one of them appears in the list.

4. Follow the instructions for your package manager:

   apt

   sudo mkdir -p /etc/apt/keyrings
   Download the Teleport PGP public key
   sudo curl https://apt.releases.teleport.dev/gpg \-o /etc/apt/keyrings/teleport-archive-keyring.asc
   Add the Teleport APT repository. You'll need to update this file for each
   major release of Teleport.
   echo "deb [signed-by=/etc/apt/keyrings/teleport-archive-keyring.asc] \https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} \${TELEPORT_CHANNEL?}" \| sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null
   
   sudo apt-get update
   sudo apt-get install ${TELEPORT_PKG?}

   yum

   Add the Teleport YUM repository. You'll need to update this file for each
   major release of Teleport.
   First, get the major version from $VERSION_ID so this fetches the correct
   package version.
   VERSION_ID=$(echo $VERSION_ID | grep -Eo "^[0-9]+")
   sudo yum install -y yum-utils
   sudo yum-config-manager --add-repo "$(rpm --eval "https://yum.releases.teleport.dev/$ID/$VERSION_ID/Teleport/%{_arch}/${TELEPORT_CHANNEL?}/teleport.repo")"
   sudo yum install ${TELEPORT_PKG?}
   Tip: Add /usr/local/bin to path used by sudo (so 'sudo tctl users add' will work as per the docs)
   echo "Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" > /etc/sudoers.d/secure_path

   zypper

   Add the Teleport Zypper repository. You'll need to update this file for each
   major release of Teleport.
   First, get the OS major version from $VERSION_ID so this fetches the correct
   package version.
   VERSION_ID=$(echo $VERSION_ID | grep -Eo "^[0-9]+")
   Use zypper to add the teleport RPM repo
   sudo zypper addrepo --refresh --repo $(rpm --eval "https://zypper.releases.teleport.dev/$ID/$VERSION_ID/Teleport/%{_arch}/${TELEPORT_CHANNEL?}/teleport-zypper.repo")
   sudo zypper --gpg-auto-import-keys refresh teleport
   sudo zypper install ${TELEPORT_PKG?}
   Tip: Add /usr/local/bin to path used by sudo (so 'sudo tctl users add' will work as per the docs)
   echo "Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" > /etc/sudoers.d/secure_path

   dnf

   Add the Teleport YUM repository for v18. You'll need to update this
   file for each major release of Teleport.
   First, get the major version from $VERSION_ID so this fetches the correct
   package version.
   VERSION_ID=$(echo $VERSION_ID | grep -Eo "^[0-9]+")
   Install dnf config-manager
   sudo yum install -y yum-utils
   Use the dnf config manager plugin to add the teleport RPM repo
   sudo dnf config-manager --add-repo "$(rpm --eval "https://yum.releases.teleport.dev/$ID/$VERSION_ID/Teleport/%{_arch}/${TELEPORT_CHANNEL?}/teleport.repo")"
   
   Install teleport
   sudo dnf install ${TELEPORT_PKG}
   
   Tip: Add /usr/local/bin to path used by sudo (so 'sudo tctl users add' will work as per the docs)
   echo "Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" > /etc/sudoers.d/secure_path

Downloading packages and TAR archives

Teleport maintains TAR archives as well as DEB and RPM packages for Linux-compatible binaries at https://cdn.teleport.dev. This section explains how to install Teleport by manually downloading a release.

Note that Teleport agents should always use the one-line installation script or teleport-update binary to install Teleport. Otherwise, they will fall out-of-date, become incompatible with the cluster, and eventually disconnect.

1. In your terminal, assign environment variables that you will use to download your intended archive.

   For Teleport Community Edition, the Teleport package is called teleport:

   TELEPORT_PKG=teleport

   For self-hosted Teleport Enterprise deployments, the package is called teleport-ent:

   TELEPORT_PKG=teleport-ent

2. Specify your system Teleport version and system architecture by assigning an environment variable:

   TELEPORT_VERSION=18.1.6
   SYSTEM_ARCH=""

   The following architecture values are available:

   • amd64 (x86_64 if downloading an RPM package)
   • arm64
   • arm
   • 386 (i386 if downloading a DEB or RPM package)

3. Run the following commands to download a Teleport package or archive, unpack it, and install binaries:

   TAR

   curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz.sha256
   curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz
   shasum --check --algorithm 256 < ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz.sha256
   ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz: OK
   tar -xvf ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz
   cd ${TELEPORT_PKG?}
   sudo ./teleport-update enable --proxy example.teleport.sh # or sudo ./install for static installation

   DEB

   curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb.sha256
   curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb
   shasum --check --algorithm 256 < ${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb.sha256
   ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}.deb: OK
   sudo dpkg -i ${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb
   sudo teleport-update enable --proxy example.teleport.sh # enable Managed Updates

   RPM

   curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm.sha256
   curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm
   shasum --check --algorithm 256 < ${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm.sha256
   ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.deb: OK
   shasum --check -a 256 https://cdn.teleport.dev/${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm
   Or use yum localinstall, dnf localinstall etc.
   sudo rpm -i https://cdn.teleport.dev/${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm
   sudo teleport-update enable --proxy example.teleport.sh # enable Managed Updates

   For FedRAMP/FIPS-compliant installations of Teleport Enterprise, package URLs are slightly different:

   TAR

   curl -O https://cdn.teleport.dev/teleport-ent-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-fips-bin.tar.gz.sha256
   curl -O https://cdn.teleport.dev/teleport-ent-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-fips-bin.tar.gz
   shasum --check --algorithm 256 < teleport-ent-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-fips-bin.tar.gz.sha256
   teleport-ent-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-fips-bin.tar.gz: OK
   tar -xvf teleport-ent-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-fips-bin.tar.gz
   cd teleport-ent
   sudo ./teleport-update enable --proxy example.teleport.sh # or sudo ./install for static installation

   DEB

   FIPS builds are only available for the arm64 and amd64 system architectures.

   curl -O https://cdn.teleport.dev/teleport-ent_${TELEPORT_VERSION}-fips_${SYSTEM_ARCH}.deb.sha256
   curl -O https://cdn.teleport.dev/teleport-ent_${TELEPORT_VERSION}-fips_${SYSTEM_ARCH}.deb
   shasum --check --algorithm 256 < teleport-ent_${TELEPORT_VERSION}-fips_${SYSTEM_ARCH}.deb.sha256
   teleport-ent_${TELEPORT_VERSION}-fips_${SYSTEM_ARCH}.deb: OK
   sudo dpkg -i teleport-ent_${TELEPORT_VERSION}-fips_${SYSTEM_ARCH}.deb
   sudo teleport-update enable --proxy example.teleport.sh # enable Managed Updates

   RPM

   FIPS builds are only available for the arm64 and x86_64 system architectures.

   curl -O https://cdn.teleport.dev/teleport-ent-${TELEPORT_VERSION?}-1-fips.${SYSTEM_ARCH?}.rpm.sha256
   curl -O https://cdn.teleport.dev/teleport-ent-${TELEPORT_VERSION?}-1-fips.${SYSTEM_ARCH?}.rpm
   shasum --check --algorithm 256 < teleport-ent-${TELEPORT_VERSION?}-1-fips.${SYSTEM_ARCH?}.rpm.sha256
   Or use yum localinstall, dnf localinstall etc.
   sudo rpm -i https://cdn.teleport.dev/teleport-ent-${TELEPORT_VERSION?}-1-fips.${SYSTEM_ARCH?}.rpm
   sudo teleport-update enable --proxy example.teleport.sh # enable Managed Updates

From your browser

For Teleport Community Edition, check the Downloads page for the most up-to-date information.

On cloud-hosted Teleport Enterprise you can visit a download page in the Web UI. Select the user name in the upper right and select Downloads from the menu.

Customers who self-host Teleport Enterprise can access Enterprise downloads and their license file from their dedicated account dashboard.