You’d still need something to sign the certificates based on some other identity of course (it can be done manually but kind of defeats the purpose) be it smallstep or something else
Unfortunately, the Teleport open-source version has been discontinued and the free version doesn't allow companies above 100 employees or with more than 10 million dollars of revenue per year. Fair enough, everyone should live well.
But Teleport Enterprise is very expensive and I have been priced out. I don't know if I can share the price behind the "contact sales" but if you wonder about the price, you probably are too poor. In my case, it's quite a few orders of magnitude more than the time Teleport saves me.
So, I have been looking for a replacement that is open-source and likely to stay open-source for a while. I can pay for it, but I don't have a "contact us" budget.
For HTTPS, I never used Teleport and will stay with oauth2-proxy. For SSH, I found warpgate and sshportal, which may work but it looks a bit experimental. For Kubernetes, it's a mess but perhaps kubelogin could do.
If you replaced Teleport, how did you do it?
You’d still need something to sign the certificates based on some other identity of course (it can be done manually but kind of defeats the purpose) be it smallstep or something else
I wish the step-ca documentation for OpenSSH certificates was a bit more centralised. I had to look at quite a few pages, blog posts, and shell scripts to understand what to do.