Index: head/security/Makefile =================================================================== --- head/security/Makefile +++ head/security/Makefile @@ -1269,6 +1269,7 @@ SUBDIR += symbion-sslproxy SUBDIR += tclsasl SUBDIR += tcpcrypt + SUBDIR += teleport SUBDIR += testssl.sh SUBDIR += tinc SUBDIR += tinc-devel Index: head/security/teleport/Makefile =================================================================== --- head/security/teleport/Makefile +++ head/security/teleport/Makefile @@ -0,0 +1,61 @@ +# $FreeBSD$ + +PORTNAME= teleport +DISTVERSIONPREFIX= v +DISTVERSION= 2.5.6 +CATEGORIES= security + +MAINTAINER= seanc@FreeBSD.org +COMMENT= Gravitational Telport SSH + +LICENSE= APACHE20 + +BUILD_DEPENDS= ${LOCALBASE}/bin/go:lang/go \ + ${LOCALBASE}/bin/zip:archivers/zip + +USES= compiler gmake + +USE_GITHUB= yes +GH_ACCOUNT= gravitational +GH_TAGNAME= v${DISTVERSION}${DISTVERSIONSUFFIX} + +USE_RC_SUBR= teleport + +SUB_FILES= pkg-message + +PLIST_FILES= bin/teleport \ + bin/tctl \ + bin/tsh \ + etc/teleport.yaml.sample + +STRIP= + +GO_TELEPORT_SRC_DIR= src/github.com/gravitational/teleport +PRE_GOPATH_DIR= ${PORTNAME}-${DISTVERSION}${DISTVERSIONSUFFIX} + +post-extract: + @${MKDIR} ${WRKDIR}/${GO_TELEPORT_SRC_DIR} + @${CP} -rp ${WRKDIR}/${PRE_GOPATH_DIR}/vendor/* ${WRKDIR}/src/ + @${CP} -rp ${WRKDIR}/${PRE_GOPATH_DIR}/* ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/ + +do-build: + @cd ${WRKDIR}/${GO_TELEPORT_SRC_DIR} && \ + ${SETENV} ${MAKE_ENV} ${BUILD_ENV} \ + CGO_ENABLED=1 GOPATH=${WRKDIR} \ + ${GMAKE} full + +do-install: + ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport configure > ${STAGEDIR}${PREFIX}/etc/teleport.yaml.sample + ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/teleport ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tsh ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKDIR}/${GO_TELEPORT_SRC_DIR}/build/tctl ${STAGEDIR}${PREFIX}/bin + +.include + +# golang assumes that if clang is in use, it is called "clang" and not "cc". If +# it's called "cc", go fails. +.if ${COMPILER_TYPE} == clang +BUILD_ENV= CC=clang +.endif + +.include Index: head/security/teleport/distinfo =================================================================== --- head/security/teleport/distinfo +++ head/security/teleport/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1524207284 +SHA256 (gravitational-teleport-v2.5.6_GH0.tar.gz) = 7a7168df106b1d4ea3b81b5078eaf6ea8f6063b11c7171202d2e2b9bfbdcfe2c +SIZE (gravitational-teleport-v2.5.6_GH0.tar.gz) = 16216649 Index: head/security/teleport/files/pkg-message.in =================================================================== --- head/security/teleport/files/pkg-message.in +++ head/security/teleport/files/pkg-message.in @@ -0,0 +1,22 @@ +==== +Quick getting started guide: + +1. Read through the Quick Start Guide (see below). +2. Start teleport: su -c 'sysrc teleport_enable=YES' +3. Start teleport: su -c 'service teleport start' +3. Add yourself as a user: su -c "tctl users add $USER" +4. Create a password and 2FA code using the URL emitted during + the previous step. + +To add a new node to the cluster, on the auth server: + + $ tctl nodes add --ttl=5m --roles=node,proxy + +See the docs for additional details: + +Quick start: https://gravitational.com/teleport/docs/quickstart/ +Admin Manual: https://gravitational.com/teleport/docs/admin-guide/ +User Manual: https://gravitational.com/teleport/docs/user-manual/ +Architecture: https://gravitational.com/teleport/docs/architecture/ +FAQ: https://gravitational.com/teleport/docs/faq/ +==== Index: head/security/teleport/files/teleport.in =================================================================== --- head/security/teleport/files/teleport.in +++ head/security/teleport/files/teleport.in @@ -0,0 +1,40 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: teleport +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# teleport_enable (bool): Set to NO by default. +# Set it to YES to enable teleport. +# teleport_config (str): Configuration file. +# Default is "${LOCALBASE}/etc/teleport.yaml" +# teleport_dir (dir): Set dir to run teleport in. +# Default is "/var/lib/teleport". +# teleport_roles (dir): Set roles to run teleport in. +# Default is "node". + +. /etc/rc.subr + +name=teleport +rcvar=teleport_enable + +load_rc_config $name + +: ${teleport_enable:="NO"} +: ${teleport_config:="%%PREFIX%%/etc/teleport.yaml"} +: ${teleport_args:="--config=${teleport_config}" +: ${teleport_dir:="/var/lib/teleport"} +: ${teleport_roles:="node"} + +pidfile=/var/run/teleport.pid +required_files="${teleport_config}" +procname="%%PREFIX%%/bin/teleport" +command="/usr/sbin/daemon" +command_args="-S -T teleport -s info -m 3 -p ${pidfile} /usr/bin/env ${teleport_env} ${procname} start --roles=${teleport_roles} ${teleport_args}" + +run_rc_command "$1" Index: head/security/teleport/pkg-descr =================================================================== --- head/security/teleport/pkg-descr +++ head/security/teleport/pkg-descr @@ -0,0 +1,18 @@ +What is Teleport? +================= +Gravitational Teleport ("Teleport") is a modern SSH server for remotely +accessing clusters of Linux servers via SSH or HTTPS. It is intended to be used +instead of sshd. Teleport enables teams to easily adopt the best SSH practices +like: + +Integrated SSH credentials with your organization Google Apps identities or +other OAuth identitiy providers. No need to distribute keys: Teleport uses +certificate-based access with automatic expiration time. Enforcement of 2nd +factor authentication. Cluster introspection: every Teleport node becomes a part +of a cluster and is visible on the Web UI. Record and replay SSH sessions for +knowledge sharing and auditing purposes. Collaboratively troubleshoot issues +through session sharing. Connect to clusters located behind firewalls without +direct Internet access via SSH bastions. Teleport is built on top of the +high-quality Golang SSH implementation and it is compatible with OpenSSH. + +WWW: http://gravitational.com/teleport/