I use both Podman and Docker at work, specifically I had to use the same docker images / container setup in a RHEL deployment and it worked great.
A huge pain was when I used "podman-compose" with a custom podman system storage location, two times it ended corrupted when doing an "up" and I had to completely scratch my podman system storage.
What would be the advantages of this compared to say Teleport ?
Teleport is working fine for us, but I wonder if the network based approach (+ wireguard) of Tailscale would be better in terms of network redundancy ?
The big thing you get with Teleport that you don't yet get with Tailscale --- apart from entirely owning the source of truth for SSH authentication on your own infra, which is a very minor issue for almost everyone but is a major issue for some people --- is that Teleport gives you transcript-level audit logs of your SSH sessions.
Teleport also has that web-based SSH console (it's one of the better web-based consoles) and the ability to do joint SSH connections. But the audit log is the big one.
Obviously, the flip side of this is that Tailscale's SSH is built in; if you're already using Tailscale, and you're not already using Teleport, you should enable Tailscale's SSH right away; it is hugely better than managing your own SSH service ad-hoc.
> is that Teleport gives you transcript-level audit logs of your SSH sessions
That is extremely valuable. Just in case 'transcript-level audit' didn't sink in, it's a session recording – not only you can see the all keystrokes typed but you can see all the outputs, the whole state. Someone doing a TOP command for an hour? You can watch the same thing later.
Sasha, CTO@ Teleport here. Thank you for the kind words! And congrats to the Tailscale team on launching SSH product.
Let me share a bit more about our auditing capabilities:
Teleport captures session PTY output and stores it in S3 or any S3 compatible storage for your records by default.
If you would like to get additional, more in-depth insight into the session, Teleport captures syscalls, file access calls and network calls done during SSH session by correlating it with sessions' cgroup using our BPF module:
Teleport provides a lot of other in-depth SSH integration for auditing and compliance, for example we support moderated sessions access control with a required session moderator, or per session-MFA.
We haven't yet fully "productized" it yet because it only records on-device for now. We want to make it stream recordings to another device (that you run) first before considering it done.
Session recording's actually already in the network engine for SSH, we just haven't plumbed the whole "push recordings somewhere and surface them" yet. Soon :)
Teleport developer here — sorry about that. We’re aware that initial setup is at times a pain point and are prioritizing improving this. If you can provide more details about what specifically went wrong for you I’m interested in getting to the bottom of it. Feel free to reply here or you can email me isaiah@goteleport.com
This not so little corner of the internet keeps delivering year after year, thank you all for the quality of the submissions and discussions!