AuthConnectAddr returns the default address to search for auth.

AuthListenAddr returns the default listening address for the Auth service.

ConfigureLimiter assigns the default parameters to a connection throttler (AKA limiter).

FormatFlagDescription creates the description for the --format flag.

HTTPClient returns a new http.Client with sensible defaults.

KubeProxyListenAddr returns the default listening address for the Kubernetes Proxy service.

MetricsServiceListenAddr returns the default listening address for the metrics service.

ProxyListenAddr returns the default listening address for the SSH Proxy service.

ProxyWebListenAddr returns the default listening address for the Web-based SSH Proxy service.

ReadableDatabaseProtocol returns a more human-readable string of the provided database protocol.

ReverseTunnelListenAddr returns the default listening address for the SSH Proxy service used by the SSH nodes to establish proxy<->ssh_node connection from behind a firewall which blocks inbound connecions to ssh_nodes.

SSHServerListenAddr returns the default listening address for the Web-based SSH Proxy service.

Transport returns a new http.RoundTripper with sensible defaults.

AccountLockInterval defines a time interval during which a user account is locked after MaxLoginAttempts.

ActiveSessionTTL is a TTL when session is marked as inactive.

AnyAddress is used to refer to the non-routable meta-address used to refer to all addresses on the machine.

AppsQueueSize is apps service queue size.

AttemptTTL is TTL for login attempt.

AuditLogTimeFormat is the format for the timestamp on audit log files.

When running as a "SSH Proxy" this port will be used to serve auth requests.

AuthQueueSize is auth service queue size.

BackendDir is a default backend subdirectory.

BackendPath is a default backend path parameter.

BearerTokenTTL specifies standard bearer token to exist before it has to be renewed by the client.

By default SSH server (and SSH proxy) will bind to this IP.

CACertFile is the default name of the certificate authority file to watch.

CATTL is a default lifetime of a CA certificate.

CgroupPath is where the cgroupv2 hierarchy will be mounted.

ChangePasswordTokenTTL is a default password change token expiry time.

ClientCacheSize is the size of the RPC clients expiring cache.

ConfigEnvar is a name of teleport's configuration environment variable.

ConfigFileEnvar is the name of the environment variable used to specify a path to the Teleport configuration file that tctl reads on use.

DatabaseConnectTimeout is a timeout for connecting to a database via database access.

DatabasesQueueSize is db service queue size.

DefaultBotJoinTTL is the default TTL for bot join tokens.

DefaultGracefulShutdownTimeout is a default timeout for graceful shutdown waiting for connections to drain off before cutting the connections forcefully.

DefaultIdleConnectionDuration indicates for how long Teleport will hold the SSH connection open if there are no reads/writes happening over it.

DefaultRedisUsername is a default username used by Redis when no name is provided at connection time.

DefaultRenewableCertTTL is the default TTL for a renewable user certificate.

The following are cryptographic primitives Teleport does not support in its default configuration.

The following are cryptographic primitives Teleport does not support in its default configuration.

DirectoryPermissions are safe default permissions to use when creating directories.

DiscoveryQueueSize is discovery service queue size.

EventsIterationLimit is a default limit if it's not set for events.

EventsIterationLimit is max iteration limit for events.

FilePermissions are safe default permissions to use when creating files.

GithubAuthRequestTTL is TTL of internally stored Github auth request.

GRPCMaxConcurrentStreams is the max GRPC streams that can be active at a time.

HandshakeReadDeadline is the default time to wait for the client during the TLS handshake.

HeadlessLoginTimeout is how long to wait for user to approve/reject headless login request.

HighResPollingPeriod is a default high resolution polling period.

The following are cryptographic primitives Teleport does not support in its default configuration.

The following are cryptographic primitives Teleport does not support in its default configuration.

HostCertCacheSize is the number of host certificates to cache at any moment.

HostCertCacheTime is how long a certificate stays in the cache.

HostnameLabel is the name of the label added to the sample SSH config generated by the teleport node configure command.

HTTPIdleTimeout is a default timeout for idle HTTP connections.

Web UI over HTTP(s).

HTTPMaxConnsPerHost is the maximum number of connections per-host.

HTTPMaxIdleConns is the max idle connections across all hosts.

HTTPMaxIdleConnsPerHost is the max idle connections per-host.

HTTPRequestTimeout is a default timeout for HTTP requests.

JWTUse is the default usage of the JWT.

Krb5FilePath is the default location of Kerberos configuration file.

KubeListenPort is a default port for kubernetes proxies.

KubernetesQueueSize is kubernetes service watch queue size.

LicenseFile is the default name of the license file.

LimiterAverage is the default average for unauthenticated limiters.

LimiterBurst is the default burst for unauthenticated limiters.

LimiterHighAverage is the default average for high rate unauthenticated limiters.

LimiterHighBurst is the default burst for high rate unauthenticated limiters.

LimiterHighPeriod is the default period for high rate unauthenticated limiters.

LimiterMaxConcurrentSignatures limits maximum number of concurrently generated signatures by the auth server.

LimiterMaxConnections Number of max.

LimiterPeriod is the default period for unauthenticated limiters.

Localhost is the address of localhost.

LockMaxStaleness is the maximum staleness for cached lock resources to be deemed acceptable for strict locking mode.

LogRotationPeriod defines how frequently to rotate the audit log file.

LookaheadBufSize is a reasonable buffer size for decoders that need to buffer for the purposes of lookahead (e.g.

LowResPollingPeriod is a default low resolution polling period.

MaxAccessDuration defines the maximum time for which an access request can be active.

MaxChangePasswordTokenTTL is a maximum TTL for password change token.

MaxIterationLimit is max iteration limit.

MaxLoginAttempts sets the max.

MaxLongWatcherBackoff is the maximum backoff used for watchers that incur high cluster-level load (non-control-plane caches being the primary example).

MaxPasswordLength is maximum password length (for sanity).

MaxRenewableCertTTL is the maximum TTL that a certificate renewal bot can request for a renewable user certificate.

MaxSignupTokenTTL is a maximum TTL for a web signup one time token clients can reduce this time, not increase it.

MaxWatcherBackoff is the maximum retry time a watcher should use in the event of connection issues.

MetricsListenPort is the default listen port for the metrics service.

MinPasswordLength is minimum password length.

MongoListenPort is the default listen port for Mongo proxy.

MySQLListenPort is the default listen port for MySQL proxy.

NodeJoinTokenTTL is when a token for nodes expires.

NodeQueueSize is node service queue size.

OIDCAuthRequestTTL is TTL of internally stored auth request created by client.

OpenPerfBufferPageCount is the page count for the perf buffer.

PAMServiceName is the default PAM policy to use if one is not passed in configuration.

PendingAccessDuration defines the expiry of a pending access request.

PerfBufferPageCount is the size of the perf ring buffer in number of pages.

PlaybackRecycleTTL is the TTL for unpacked session playback files.

PostgresListenPort is the default listen port for PostgreSQL proxy.

PrivilegeTokenTTL is a default expiry time for a privilege token.

PrometheusScrapeInterval is the default time interval for prometheus scrapes.

ProtocolCassandra is the Cassandra database protocol.

ProtocolClickHouse is the ClickHouse database native write protocol.

ProtocolClickHouseHTTP is the ClickHouse database HTTP protocol.

ProtocolCockroachDB is the CockroachDB database protocol.

ProtocolDynamoDB is the DynamoDB database protocol.

ProtocolElasticsearch is the Elasticsearch database protocol.

ProtocolMongoDB is the MongoDB database protocol.

ProtocolMySQL is the MySQL/MariaDB database protocol.

ProtocolOpenSearch is the OpenSearch database protocol.

ProtocolOracle is the Oracle database protocol.

ProtocolPostgres is the PostgreSQL database protocol.

ProtocolRedis is the Redis database protocol.

ProtocolSnowflake is the Snowflake REST database protocol.

ProtocolSpanner is the GCP Spanner database protocol.

ProtocolSQLServer is the Microsoft SQL Server database protocol.

ProvisioningTokenTTL is a the default TTL for server provisioning tokens.

ProxyPeeringListenPort is the default port proxies will listen on when proxy peering is enabled.

ProxyPingInterval is the interval ping messages are going to be sent.

ProxyQueueSize is proxy service queue size.

RDPListenPort is the standard port for RDP servers.

ReadHeadersTimeout is a default TCP timeout when we wait for the response headers to arrive.

RecoveryApprovedTokenTTL is a default expiry time for a recovery approved token.

RecoveryStartTokenTTL is a default expiry time for a recovery start token.

RecoveryTokenLenBytes is len in bytes of a user token for recovery.

RedisListenPort is the default listen port for Redis proxy.

ResetPasswordLength is the length of the reset user password.

RoleApp is an application proxy.

RoleAuthService is authentication and authorization service, the only stateful role in the system.

RoleDatabase is a database proxy role.

RoleDiscovery is a discovery service.

RoleNode is SSH stateless node.

RoleProxy is a stateless SSH access proxy (bastion).

RoleWindowsDesktop is a Windows desktop service.

RotationGracePeriod is a default rotation period for graceful certificate rotations, by default to set to maximum allowed user cert duration.

SAMLAuthRequestTTL is TTL of internally stored auth request created by client.

path to a self-signed TLS cert file for HTTPS connection for the web proxy.

path to a self-signed TLS PRIVATE key file for HTTPS connection for the web proxy.

path to a self-signed TLS PUBLIC key file for HTTPS connection for the web proxy.

SessionControlTimeout is the maximum amount of time a controlled session may persist after contact with the auth server is lost (sessctl semaphore leases are refreshed at a rate of ~1/2 this duration).

SessionIdlePeriod is the period of inactivity after which the session will be considered idle.

SessionTokenBytes is the number of bytes of a web or application session.

ShutdownPollPeriod is a polling period for graceful shutdowns of SSH servers.

SignupTokenTTL is a default TTL for a web signup one time token.

SnowflakeURL is the Snowflake URL used for address validation.

When running in "SSH Proxy" role this port will be used to accept incoming client connections and proxy them to SSHServerListenPort of one of many SSH nodes.

Default port numbers used by all teleport tools.

When running in "SSH Server" mode behind a proxy, this listening port will be used to connect users to:.

SSOCallbackTimeout is how long to wait for a response from SSO provider before timeout.

TeleportConfigVersionV1 is the teleport proxy configuration v1 version.

TeleportConfigVersionV2 is the teleport proxy configuration v2 version.

TeleportConfigVersionV3 is the teleport proxy configuration v3 version.

TerminalResizePeriod is how long tsh waits before updating the size of the terminal window.

TokenLenBytes is len in bytes of the invite token.

Default values for tsh and tctl commands.

Default values for tsh and tctl commands.

Use more human readable format than RFC3339.

UnifiedResourcesQueueSize is the unified resource watcher queue size.

UploaderConcurrentUploads is a default number of concurrent.

UploaderScanPeriod is a default uploader scan period.

WaitCopyTimeout is how long Teleport will wait for a session to finish copying data from the PTY after "exit-status" has been received.

WebauthnChallengeTimeout is the timeout for ongoing Webauthn authentication or registration challenges.

WebauthnGlobalChallengeTimeout is the timeout for global authentication challenges.

WebHeadersTimeout is a timeout that is set for web requests before browsers raise "Timeout waiting web headers" error in the browser.

WebsocketAudit is sending a audit event over the websocket to the web client.

WebsocketClose is sent when the SSH session is over without any errors.

WebsocketDatabaseSessionRequest is received when a new database session is requested.

WebsocketError is sending an error message.

WebsocketFileTransferDecision is received when a response (approve/deny) has been made for an existing file transfer request.

WebsocketFileTransferRequest is received when a new file transfer has been requested.

WebsocketKubeExec provides latency information for a session.

WebsocketLatency provides latency information for a session.

WebsocketMFAChallenge is sending an MFA challenge.

WebsocketRaw is sending raw terminal bytes over the websocket to the web client.

WebsocketResize is receiving a resize request.

WebsocketSessionMetadata is sending the data for a ssh session.

WebsocketVersion is the version of the protocol.

WindowsDesktopListenPort is the default listed port for windows_desktop_service.

WindowsDesktopQueueSize is windows_desktop service watch queue size.

ConfigFilePath is default path to teleport config file.

DatabaseProtocols is a list of all supported database protocols.

DataDir is where all mutable data is stored (user keys, recorded sessions, registered SSH servers, etc):.

DefaultFormats is the default set of formats to use for commands that have the --format flag.

FIPSCiphers is a list of supported FIPS compliant SSH ciphers.

FIPSCipherSuites is a list of supported FIPS compliant TLS cipher suites (for TLS 1.2 only).

FIPSKEXAlgorithms is a list of supported FIPS compliant SSH kex algorithms.

FIPSMACAlgorithms is a list of supported FIPS compliant SSH mac algorithms.

FIPSPubKeyAuthAlgorithms is a list of supported FIPS compliant SSH public key authentication algorithms.

HeartbeatCheckPeriod is a period between heartbeat status checks.

ResyncInterval is how often tunnels are resynced.

StartRoles is default roles teleport assumes when started via 'start' command.

TeleportConfigVersions is an exported slice of the allowed versions in the config file, for convenience (looping through, etc).