Support gzip for session recording #1579
Assignees
Labels
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Milestone
Comments
kontsevoy
added
the
feature-request
|
I would drop the signature/verify part - this is hard to get right with our RSA keys + there is key rotation to think about, etc, I think gzip is spot-on, but signatures - out of scope |
klizhentas
added a commit
that referenced
this issue
Jan 15, 2018
Use gzip for session recordings, fixes #1579
Closed
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Problem
Currently Teleport stores session streams as-is, i.e. uncompressed. This creates unreasonable storage requirements for large organizations with many servers and users.
Proposal
Teleport should support two types of session files. Plain text (current implementation) and gzipped streams. The recorder must switch to always-gzipped mode, while the player should be able to read both plain text (for compatibility purposes). Early tests have shown that sessions with typical ansible/bash scripting over SSH get 20 times (!) smaller when gzipped.
Bonus Points
Also, when a file is closed and the session is over, can we also cryptographically sign it with Teleport CA's key and drop a signature file with the same name next to it? If we do this,
tsh playshould display a warning if the signature does not match.The text was updated successfully, but these errors were encountered: