Ability to log forwarded traffic or specify which ports are allowed


#1

Hi,

We would like to know if it would be possible for teleport to log traffic that might be send over a forwarded tcp port. It seems this is also not really easy to accomplish with normal openssh as well, see https://blog.rootshell.be/2009/03/01/keep-an-eye-on-ssh-forwarding/. I guess teleport has the same behavior and really cannot easily record what is happening on the forwarded ports? Our use case is that we forward a port by making a tsh ssh connection and then locally boot up a console (elexir) that communicates with the server over the forwarded port. In the webui we see that a session is created but not it is not recording anything that we do on the local machine. By reading the blog post on how this is handled in openssh it seems to be normal that you could not do that or are we wrong?

sshd has a way dough to specify which ports are allowed (PermitOpen option) but i don’t know if teleport has an equivalent configuration option. At least i cannot find it in the docs.

Could you clarify this a bit more on how teleport is handling this.