[Question] About direct connection to nodes


Suppose worst case scenario and cluster goes down. Is it possible to connect directly to nodes with only teleport running on them (ssh teleport-node -p 3022) ? (i.e. how and where to embed backup ssh public key on teleport-node?)

If you have a certificate issued by tsh login which is still valid, you can use this to log into the node directly on port 3022 with a command similar to that which you mentioned.

One way to mitigate against this sort of situation where the auth and proxy servers are down is to issue longer-lived certificates for emergency access using tctl auth sign on the auth server. You can find instructions on how to do this in our documentation here: https://gravitational.com/teleport/docs/user-manual/#ssh-certificates-for-automation

1 Like