Since I was working in an environment where development teams tended to obtain root credentials from CI-CD pipelines and use them to change all the permissions on production servers or fill the storage with database dumps, I ditched teleport, ssh, and logins altogether! We followed the serverless model and there are no logins to any compute resource. The only way to bring data in is via unprivileged ci/cd pipelines or the application's API, the only way to get data out is via stderr or writing to a resource like S3. Nothing runs with privileges, there is no ssh, there are no admin-only access methods. Overnight that eliminated almost everything mysterious or unreproducible. No more permissions issues.