# Installing Teleport on Linux

This guide explains how to install the `teleport` binary on a single Linux machine.

If you are starting out with Teleport, we recommend beginning with a [Teleport Cloud](https://goteleport.com/signup/) account. From there, the only Teleport components you need to deploy yourself are Teleport Agents, which is discussed in [Installing Teleport as an agent](#installing-teleport-as-an-agent).

## Operating system support

| Operating System                                                                                                                                  | `teleport` Daemon | `tctl` Admin Tool | `tsh` and Teleport Connect User Clients \[1] | Web UI (via the browser) | `tbot` Daemon |
| ------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ----------------- | -------------------------------------------- | ------------------------ | ------------- |
| Linux 3.2+ (RHEL/CentOS 7+, Rocky Linux 8+, Amazon Linux 2+, Amazon Linux 2023+, Ubuntu 16.04+, Debian 9+, SLES 12 SP 5+, and SLES 15 SP 5+) \[2] | yes               | yes               | yes \[3]                                     | yes                      | yes           |

\[1] *`tsh` is a Command Line Client (CLI) and Teleport Connect is a Graphical User Interface (GUI) desktop client. See [Using Teleport Connect](https://goteleport.com/docs/connect-your-client/teleport-clients/teleport-connect.md) for usage and installation.*

\[2] *Enhanced Session Recording requires Linux kernel v5.8+.*

\[3] *Teleport Connect on Linux requires glibc 2.28+ present in Ubuntu 20.04+, Debian 10+, Fedora 37+.*

*For best results, Teleport clients (tsh, tctl, tbot) should be the same major version as the cluster they are connecting to. Teleport servers are compatible with clients that are on the same major version or one major version older. Teleport servers do not support clients that are on a newer major version. See our [Upgrading](https://goteleport.com/docs/upgrading.md) guide for more information.*

## Installing Teleport control plane components

This section only applies to self-hosted Teleport deployments. If you have a Teleport Cloud account, or only want to deploy Teleport Agents, read [Installing Teleport as an agent](#installing-teleport-as-an-agent).

To install the `teleport` binary on an individual machine in order to run the Teleport Auth Service or Proxy Service, you can fetch a one-line installation script, which finds an appropriate package manager and uses it to install the `teleport` package.

---

TIP

If you are self-hosting a Teleport cluster, take a look at our [Linux Demo](https://goteleport.com/docs/get-started/deploy-community.md) for the Teleport Community Edition or our [Self-Hosting Teleport](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster.md) section in the docs for more information on Self-Hosted Teleport Enterprise.

---

### Execute the one-line installation script

**Teleport Enterprise (Self-Hosted)**

Download and run the generic installation script on the server where you want to install Teleport:

```
$ curl https://cdn.teleport.dev/install.sh | bash -s "19.0.0-dev" "enterprise"
```

**Teleport Community Edition**

Download and run the generic installation script on the server where you want to install Teleport:

```
$ curl https://cdn.teleport.dev/install.sh | bash -s "19.0.0-dev" "oss"
```

### Verify control plane component installation

Run the following command to verify your installation:

```
$ teleport version
```

You should see output displaying the Teleport version number.

### Configure your Teleport installation

The above methods for installing Teleport on a Linux server do not generate a Teleport configuration file for you. For this, we have a `teleport configure` CLI command or you can create one manually.

See the following guides for help setting up a configuration file:

- [Teleport Configuration Reference](https://goteleport.com/docs/reference/deployment/config.md): This will provide you with the command you need to generate and populate the `/etc/teleport.yaml` file as well as further configuration options for your cluster.
- [Self-Hosted Demo Cluster](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster.md): If you are deploying the Teleport Auth Service and Proxy Service, read this guide for an example of a configuration file.

## Installing Teleport as an agent

The easiest way to install Teleport as an agent is through the Web UI at `/web/discover`, where you can select a resource to enroll with your Teleport cluster and retrieve an installation script to run on Linux hosts.

Outside of the Web UI, you can run a cluster-specific installation script on your Linux server where you are deploying Teleport as an agent. This script will detect and use the best version, edition, and installation mode for your cluster. You can also use the [`teleport-update`](https://goteleport.com/docs/reference/cli/teleport-update.md) binary to keep agents up to date.

Note that Teleport agents should always use the one-line installation script or `teleport-update` binary to install Teleport. Otherwise, they will fall out-of-date, become incompatible with the cluster, and eventually disconnect.

For an example Terraform module for deploying and configuring Teleport Agents, see [Deploy Agents with Terraform](https://goteleport.com/docs/zero-trust-access/infrastructure-as-code/terraform-provider/terraform-getting-started.md).

### Run the cluster-specific installation script

Outside of the Web UI, you can run a one-line cluster install script on your Linux server where you are deploying Teleport as an agent. This script will detect and use the best version, edition, and installation mode for your cluster.

1. Assign example.teleport.sh:443 to your Teleport cluster hostname and Web UI port. This should contain your cluster hostname and port, but not the scheme (https\://).

2. Run your cluster's install script:

   ```
   $ curl "https://example.teleport.sh:443/scripts/install.sh" | sudo bash
   ```

### Verify agent installation

Run the following commands to verify your agent installation:

```
$ teleport version
$ sudo systemctl status teleport
```

You should see the Teleport version and a status showing the service is active and running.

### Configure your Teleport Agent

Outside of deploying Teleport as an agent in the Web UI, the methods for installing Teleport on a Linux server do not generate a Teleport configuration file for you. You will need to generate one prior to starting the Teleport service.

See the following guides for examples of setting up a configuration file:

- [Enroll Resources](https://goteleport.com/docs/enroll-resources.md): Guides to setting up Teleport Agents in order to enroll infrastructure resources in your cluster. These guides include examples of setting up Teleport configuration files.
- [Self-Hosted Demo Cluster](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster.md): If you are deploying the Teleport Auth Service and Proxy Service, read this guide for an example of a configuration file.
- [Teleport Configuration Reference](https://goteleport.com/docs/reference/deployment/config.md): A guide to all configuration fields.

## Other install methods

Use this section if you are not using the one-line installation script.

If it is not possible to use the one-line installation script, for example if you are setting up custom tooling, you can install the `teleport` binary on a single machine by fetching packages or TAR archives. You can also download a Teleport package from the Teleport Web UI.

### Package repositories

Read the instructions in this section for instructions on working with Teleport package repositories.

1. Assign the following environment variables in the terminal where you will run Teleport installation commands, indicating the package and version to install:

   **Teleport Enterprise (Self-Hosted)**

   ```
   $ export TELEPORT_PKG=teleport-ent
   $ export TELEPORT_VERSION=v19
   $ export TELEPORT_CHANNEL=stable/${TELEPORT_VERSION?}
   ```

   For FedRAMP/FIPS-compliant installations, install the `teleport-ent-fips` package instead:

   ```
   $ export TELEPORT_PKG=teleport-ent-fips
   ```

   **Teleport Community Edition**

   ```
   $ export TELEPORT_PKG=teleport
   $ export TELEPORT_VERSION=v19
   $ export TELEPORT_CHANNEL=stable/${TELEPORT_VERSION?}
   ```

2. Teleport maintains DEB and RPM package repositories for different Linux distributions based on variables defined in `/etc/os-release` on Linux systems. Source this file to define the variables:

   ```
   $ . /etc/os-release && echo "$NAME $VERSION_ID"
   ```

3. Confirm that your distribution appears in the table below.

   | Distribution | Version              | `ID` value in `/etc/os-release` |
   | ------------ | -------------------- | ------------------------------- |
   | Amazon Linux | 2 and 2023           | `amzn`                          |
   | CentOS       | >= 7                 | `centos`                        |
   | Debian       | >= 9                 | `debian`                        |
   | RHEL         | >= 7                 | `rhel`                          |
   | Rocky Linux  | >= 8                 | `rocky`                         |
   | SLES         | >= 12 SP5, >= 15 SP5 | `sles`                          |
   | Ubuntu       | >= 16.04             | `ubuntu`                        |

   ---

   RHEL 10 SUPPORT

   Teleport does not currently provide a YUM repository for RHEL 10. Attempting to follow the standard YUM installation instructions on RHEL 10 will result in `HTTP 404` errors. To install Teleport on RHEL 10, use a one-line installation script (for [Teleport Agents](#run-the-cluster-specific-installation-script) or for [Teleport control plane components](#execute-the-one-line-installation-script)) for the initial setup and [Managed Updates v2](https://goteleport.com/docs/upgrading/agent-managed-updates.md) to maintain the installation.

   ---

4. If `ID` is not listed, check:

   ```
   $ echo $ID_LIKE
   ```

   If one of those values appears in the table, use it instead.

5. Follow the instructions for your package manager:

   **apt**

   ```
   $ sudo mkdir -p /etc/apt/keyrings
   $ sudo curl https://apt.releases.teleport.dev/gpg \
     -o /etc/apt/keyrings/teleport-archive-keyring.asc

   $ echo "deb [signed-by=/etc/apt/keyrings/teleport-archive-keyring.asc] \
   https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} \
   ${TELEPORT_CHANNEL?}" \
     | sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null

   $ sudo apt-get update
   $ sudo apt-get install ${TELEPORT_PKG?}
   ```

   **yum**

   ```
   $ VERSION_ID=$(echo $VERSION_ID | grep -Eo "^[0-9]+")
   $ sudo yum install -y yum-utils
   $ sudo yum-config-manager --add-repo "$(rpm --eval "https://yum.releases.teleport.dev/$ID/$VERSION_ID/Teleport/%{_arch}/${TELEPORT_CHANNEL?}/teleport.repo")"
   $ sudo yum install ${TELEPORT_PKG?}
   ```

   **dnf**

   ```
   Ensure config-manager exists
   $ sudo dnf install -y dnf-plugins-core

   Use RHEL repo path + major version

   $ REPO_ID="rhel"
   $ REPO_VERSION_ID="$(echo "$VERSION_ID" | grep -Eo '^[0-9]+')"   # "8.10" -> "8"
   $ ARCH="$(rpm --eval '%{_arch}')"

   $ sudo dnf config-manager --add-repo \
     "https://yum.releases.teleport.dev/${REPO_ID}/${REPO_VERSION_ID}/Teleport/${ARCH}/${TELEPORT_CHANNEL}/teleport.repo"

   Install
   $ sudo dnf install -y "${TELEPORT_PKG?}"   # e.g., teleport / teleport-ent
   ```

   **zypper**

   Note: Teleport currently provides RPM packages for SLES 15. On newer SLES releases (for example, SLES 16), use the sles/15 repository path.

   ```
   $ export TELEPORT_VERSION=v18
   $ export TELEPORT_CHANNEL="stable/${TELEPORT_VERSION}"
   $ export TELEPORT_PKG=teleport   # or teleport-ent

   $ ARCH="$(rpm --eval '%{_arch}')"

   $ sudo zypper ar -f -t rpm-md \
      "https://zypper.releases.teleport.dev/sles/15/Teleport/${ARCH}/${TELEPORT_CHANNEL}/" teleport
       
   IMPORTANT: repo does not define `gpgkey=` URLs; import key explicitly
   $ sudo rpm --import https://zypper.releases.teleport.dev/gpg

   $ sudo zypper refresh teleport
   $ sudo zypper install -y "${TELEPORT_PKG?}"
   ```

6. Verify the installation by running the following command:

   ```
   $ teleport version
   ```

### Downloading packages and TAR archives

Teleport maintains TAR archives as well as DEB and RPM packages for Linux-compatible binaries at `https://cdn.teleport.dev`. This section explains how to install Teleport by manually downloading a release.

Use this method if you prefer to install from release archives or operate in restricted environments.

1. Use environment variables to set the package name, version, and architecture of the package you want to download:

   ```
   $ TELEPORT_PKG=teleport        # Community Edition
   $ TELEPORT_PKG=teleport-ent    # Enterprise
   ```

2. Determine your system architecture:

   ```
   $ uname -m
   ```

   Map the CPU architecture to a supported build:

   | `uname -m` output | `SYSTEM_ARCH` value |
   | ----------------- | ------------------- |
   | x86\_64           | amd64               |
   | aarch64           | arm64               |
   | armv7l            | arm                 |
   | i686              | 386                 |

3. Assign version and architecture variables:

   ```
   $ TELEPORT_VERSION=19.0.0-dev
   $ SYSTEM_ARCH=""
   ```

4. Download and install using your preferred format. These steps use `sha256sum`, which is available by default on most modern Linux distributions. On older systems where `sha256sum` is not available, use `shasum --check --algorithm 256` instead:

   **TAR**

   ```
   $ curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz.sha256
   $ curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz
   $ sha256sum --check < ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz.sha256
   teleport-ent-v18.7.1-linux-amd64-bin.tar.gz: OK
   $ tar -xvf ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz
   $ cd ${TELEPORT_PKG?}
   $ sudo ./teleport-update enable --proxy example.teleport.sh # or sudo ./install for static installation
   ```

   **DEB**

   ```
   $ curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb.sha256
   $ curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb
   $ sha256sum --check ${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb.sha256
   teleport-ent_18.7.1_amd64.deb: OK
   $ sudo dpkg -i ${TELEPORT_PKG?}_${TELEPORT_VERSION?}_${SYSTEM_ARCH?}.deb
   Managed updates are recommended for agents
   $ sudo teleport-update enable --proxy example.teleport.sh
   ```

   **RPM**

   **Note**: Use `export SYSTEM_ARCH=x86_64` for RPM installations.

   ```
   $ curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm.sha256
   $ curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm
   $ sha256sum --check ${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm.sha256
   teleport-ent-18.7.1-1.x86_64.rpm: OK
   $ sudo rpm -i ${TELEPORT_PKG?}-${TELEPORT_VERSION?}-1.${SYSTEM_ARCH?}.rpm
   $ sudo teleport-update enable --proxy example.teleport.sh
   ```

5. Verify the installation. Run the following command:

   ```
   $ teleport version
   ```

### From your browser

For Teleport Community Edition, check the [Downloads](https://goteleport.com/download/) page for the most up-to-date information.

On cloud-hosted Teleport Enterprise you can visit a download page in the Web UI. Select the user name in the upper right and select Downloads from the menu.

Customers who self-host Teleport Enterprise can access Enterprise downloads and their license file from their [dedicated account dashboard](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster/license.md).