Teleport supports proxying and recording for servers that do not support certificates, but support SSH protocol:
- Turn on ssh-agent forwarding
- Load public keys in your SSH agent
- Set up teleport in recording mode
# snippet from /etc/teleport.yaml
# Session Recording must be set to Proxy to work with OpenSSH
session_recording: "proxy" # can also be "off" and "node" (default)
# Not recommended for non-legacy systems. Proxy will be vulnerable to MITM attacks.
# tsh or SSH will offer public key loaded in the agent and proxy will offer the agent
# to the target node
$ tsh -A alice@host
$ ssh -A alice@host -J proxy
IMPORTANT: We recommend setting up a separate cluster with these settings.