Lately, I’ve been trying out the Teleport service but couldn’t figure out some of my questions from the docs. I have locally set up a cluster with an auth service, proxy service and node service – each running in different containers.
From the ports overview table in the admin guide, it looks like there are many open ports needed. Now from a security perspective this is concerning. So to clarify I would like to ask a few questions.
-
Is it sufficient if only port 3080 is open to the outside/users? What about ports 3023 & 3024, are they only open towards the different nodes or also to the users? If latter is true, can they be closed?
-
Could teleport also be used if the Web Client is locked to the outside? So this would probably mean to close port 3080 which also includes the tsh tool. In this case the Web Client would only be accessible by the administrator from inside the cluster.
-
I assume port 3022 and 3025 are only available from within the proxy service?