Matthew Davis - Principal Software Architect πŸ™

Teleport Installer Scripting

Matthew Davis -

This is a simple installer script for the Teleport Windows client. It is a simple installer that will install the Teleport Windows client and the Teleport Windows agent.

What it does

  • Logs out of the current user session.
  • Removes the existing Teleport Windows client.
  • Removes the existing Teleport configuration directories.
  • Downloads and installs the Teleport Certificate Authority certificates.
  • Downloads and installs the Teleport Windows client.
  • Logs you in to the Teleport service.

The Script

Upload this to Azure Blob, S3, etc:

Import-Module BitsTransfer

$proxyAddress = "teleport.foo.com"
$fileUrl = "https://foo.blob.core.windows.net/assets/teleport/teleport-connect-installer.exe"
$fileName = "teleport-connect-installer_" + (Get-Date -Format "yyyyMMddHHmmss") + ".exe"
$caUrls = @(
    "https://foo.blob.core.windows.net/assets/teleport/teleport-certificate-authority-digicert.crt",
    "https://foo.blob.core.windows.net/assets/teleport/teleport-certificate-authority-sectigo.crt"
)
$pathsToRemove = @(
    "$env:USERPROFILE\.tsh\keys",
    "$env:LOCALAPPDATA\Teleport Connect",
    "$env:APPDATA\Teleport Connect",
    "$env:TEMP\teleport-certificate-authority.crt"
)

# Check if tsh command exists and logout if it does.
if (Get-Command tsh -ErrorAction SilentlyContinue) {
    tsh logout
    Write-Output "Logged out of existing tsh session."
} else {
    Write-Output "tsh command not found. Skipping logout."
}

# Function to stop Teleport Connect process.
function Stop-TeleportConnect {
    $process = Get-Process "Teleport Connect" -ErrorAction SilentlyContinue
    if ($process) {
        Write-Output "Stopping Teleport Connect process..."
        $process | Stop-Process -Force
        Start-Sleep -Seconds 2
    }
}

# Function to remove directory with retry.
function Remove-DirectoryWithRetry {
    param (
        [string]$path,
        [int]$retries = 3,
        [int]$retryDelay = 2
    )

    for ($i = 0; $i -lt $retries; $i++) {
        try {
            if (Test-Path $path) {
                Remove-Item $path -Recurse -Force -ErrorAction Stop
                Write-Output "  + Removed $path"
                return
            }
        }
        catch {
            Write-Output "Failed to remove $path. Retrying in $retryDelay seconds..."
            Start-Sleep -Seconds $retryDelay
        }
    }
    Write-Output "Failed to remove $path after $retries attempts."
}

# Stop Teleport Connect process.
Stop-TeleportConnect

# Uninstall teleport connect if it is installed.
$uninstallerPath = "$env:LOCALAPPDATA\teleport-connect\Uninstall Teleport Connect.exe"
if (Test-Path $uninstallerPath) {
    Write-Output "Uninstalling existing Teleport Connect..."
    Start-Process -FilePath $uninstallerPath -Wait
} else {
    Write-Output "Teleport Connect uninstaller not found. Skipping uninstallation."
}

# Remove existing Teleport configuration directories.
Write-Output "Removing existing Teleport configuration directories..."
foreach ($path in $pathsToRemove) {
    if (Test-Path $path) {
        Remove-DirectoryWithRetry -path $path
        Write-Output "  + Removed $path"
    }
}

# Download and install Teleport CA certificates.
foreach ($caUrl in $caUrls) {
    $caFile = Split-Path -Leaf $caUrl
    $caCertPath = Join-Path $env:TEMP $caFile
    # Download Teleport CA certificate
    Write-Output "Downloading Teleport CA certificate from $caUrl to $caCertPath"
    Start-BitsTransfer -Source $caUrl -Destination $caCertPath

    # Import Teleport CA certificate to Cert:\LocalMachine\Root.
    Write-Output "Importing Teleport CA certificate to Cert:\CurrentUser\Root"
    Import-Certificate -FilePath $caCertPath -CertStoreLocation Cert:\CurrentUser\Root -ErrorAction SilentlyContinue
}

# Download Teleport Windows client.
$installerPath = Join-Path $env:TEMP $fileName
Write-Output "Downloading Teleport Windows client from $fileUrl to $installerPath"
Start-BitsTransfer -Source $fileUrl -Destination $installerPath

# Execute the Teleport Connect installer.
if (Test-Path $installerPath) {
    Write-Output "Executing Teleport Connect installer..."
    Start-Process -FilePath $installerPath -Wait
    Write-Output "Teleport Connect installation completed."
    Remove-Item $installerPath -Force -ErrorAction SilentlyContinue
} else {
    Write-Output "Teleport Connect installer not found at $installerPath. Skipping installation."
    Write-Output "Exiting..."
}

# Log in to Teleport service via tsh cli.
$tshPath = Join-Path $env:LOCALAPPDATA "Programs\teleport-connect\resources\bin\tsh.exe"
if (Test-Path $tshPath) {
    Write-Output "Logging in to Teleport service..."
    Start-Process $tshPath -ArgumentList "login --proxy=$proxyAddress" -PassThru
} else {
    Write-Output "tsh.exe not found in $tshPath. Skipping login."
}

# Prompt user to press Enter to continue.
Write-Output "Teleport Windows client installed and configured successfully!"
Write-Output ""
Write-Output "Press Enter to continue & exit..."
$null = Read-Host

Usage

Run the following command in aΒ PowerShell terminalΒ to install the Teleport Windows client and the Teleport Windows agent:

Start-Process powershell.exe -ArgumentList "& {Start-BitsTransfer -Source 'https://foo.blob.core.windows.net/assets/teleport/install.ps1' -Destination $env:TEMP\install.ps1; & $env:TEMP\install.ps1}"