Backed by mandō

Secure file logistics,
between any two hosts.

Teleport is the category-defining platform for encrypted file transfers. Move anything β€” from a single config file to an entire directory tree β€” between hosts on encrypted SSH channels. Zero friction. Zero compromise.

Start Transferring Free See It In Action
πŸ’»
Local Host
[email protected]
πŸ”’
AES-256 Β· SSH Transport
☁️
Remote Host
deploy@prod:~/
256-bit encryption
100% fidelity
<2ms auth latency
0 Files Moved Daily
0 Delivery Rate
0 Countries Served
0 Data Breaches
Core Platform

Every feature built for secure logistics

We didn't iterate on file transfer. We reimagined it from encrypted first principles.

πŸ”

SSH Transport Layer

Every byte traverses a fully encrypted SSH channel. Same authentication, same security as an interactive session. Military-grade encryption is the minimum, not the premium.

ssh transport
🌲

Recursive Deep Copy

Transfer entire directory trees with a single command. Teleport follows the full structure β€” every file, every subfolder, every symlink target. At any depth.

-r
πŸ”‘

Identity-Based Auth

Specify exactly which cryptographic identity to present. Ed25519, ECDSA, RSA β€” your keys, your control. Zero-knowledge, zero-friction authentication.

-i identity_file
πŸšͺ

Custom Port Routing

Connect through any port on the remote host. Non-standard SSH ports, hardened endpoints, air-gapped proxies β€” nothing stops the transfer pipeline.

-P port
⚑

Wire Compression

Compress data in transit to reduce bandwidth usage by up to 80%. Automatic adaptive compression over slow or metered connections. Ship less, move more.

-C
πŸ•°οΈ

Metadata Preservation

Preserve modification times, access times, and file mode bits from the source. Perfect fidelity means your files arrive exactly as they left. Byte-for-byte.

-p
πŸ“Š

Bandwidth Control

Set precise transfer rate limits in Kbit/s. Share bandwidth fairly across teams, comply with egress policies, and never saturate your uplink again.

-l limit
πŸ”—

Three-Way Transfer

Copy between two remote hosts, routed through your local machine. No direct remote-to-remote access needed. The ultimate secure relay for air-gapped architectures.

-3
🀫

Quiet Mode

Disable progress meters and diagnostic messages. Clean CI/CD logs, headless transfers, and silent batch operations. When your pipeline needs to focus.

-q
πŸ”

Verbose Observability

Full debug output of every handshake, cipher negotiation, and transfer event. When your compliance team asks for proof, hand them the Teleport verbose log.

-v
πŸ”§

Custom SSH Program

Swap the underlying encryption program without changing your workflow. Alternative SSH implementations, custom wrappers, hardware security modules β€” all supported.

-S program
βš™οΈ

SSH Config Passthrough

Pipe any SSH configuration directive through Teleport. Over 80 options β€” from ProxyJump to KeepAlive to custom cipher suites. Full control, no limits.

-o ssh_option
Transfer Topology

Visualize your secure file logistics

Watch files traverse encrypted channels between any combination of hosts.

πŸ’»
Local Machine
~/project/
Upload local β†’ remote
AES-256-GCM
πŸ–§
Production Server
deploy@prod:/var/www
πŸ–§
Staging Server
admin@staging:/data
Download remote β†’ local
ChaCha20-Poly1305
πŸ’»
Local Machine
~/backups/
☁️
Remote Host A
ops@east:/logs
Three-Way Relay -3
via localhost relay
☁️
Remote Host B
ops@west:/archive
Architecture

How Teleport works

Four ruthlessly simple steps from source to destination.

01

Authenticate

Teleport establishes an encrypted SSH channel to the remote host. Key-based or password authentication β€” your choice. Multi-hop via ProxyJump supported natively.

02

Negotiate

Cipher suite, compression, and bandwidth limits are negotiated in sub-2ms. The strongest available encryption is selected automatically. No manual configuration required.

03

Transfer

Files stream through the encrypted channel using the SFTP protocol. Recursive traversal, metadata preservation, and bandwidth limiting happen transparently.

04

Verify

Every file is verified at the destination. Timestamps, permissions, and integrity checks ensure byte-for-byte fidelity. Your data arrives exactly as it left.

Ecosystem

Fits into your existing infrastructure

Teleport integrates with every tool in your security stack.

Teleport
πŸ”‘
SSH Agent
πŸ›‘οΈ
Identity Files
βš™οΈ
SSH Config
πŸ”„
CI/CD Pipelines
πŸ—οΈ
ProxyJump
πŸ“‘
SFTP Protocol
πŸ—οΈ
PKCS#11
🏒
Bastion Hosts
Tools

Bandwidth Calculator

Estimate transfer times and plan your -l bandwidth limits.

Kbit/s
Effective Data Size 500 MB
Effective Rate 100 Mbit/s
Estimated Transfer Time 40s
Suggested Command scp -C file.tar.gz user@host:~/
See It In Action

Ship secure. Ship fast.

Watch Teleport move files between hosts in milliseconds.

Terminal β€” Teleport CLI
β†’ teleport -i ~/.ssh/id_ed25519 -P 2222 app.tar.gz [email protected]:~/releases/
app.tar.gz 100% 142MB 48.2MB/s 00:02
Transfer complete. 1 file, 142MB, 2.9s elapsed.
β†’ teleport -C -p admin@staging:/var/log/app.log ./logs/
app.log 100% 89MB 62.1MB/s 00:01
Transfer complete. Compression saved 54MB. Timestamps preserved.
β†’ teleport -r -v ./project/ [email protected]:/var/www/
Entering directory: project/
index.html 100% 12KB 18.0MB/s 00:00
style.css 100% 8KB 16.2MB/s 00:00
Entering directory: project/assets/
logo.svg 100% 4KB 12.8MB/s 00:00
Transfer complete. 3 files, 2 directories, 24KB total.
β†’ teleport -3 ops@east:/data/export.csv ops@west:/archive/
Connecting to east (relay through localhost)...
export.csv 100% 320MB 28.4MB/s 00:11
Three-way transfer complete. Remote β†’ Local β†’ Remote.
Why Teleport

The competitive landscape is clear

Capability Teleport Competitor A Competitor B
Encryption AES-256 + ChaCha20 TLS only None
Recursive transfer Full tree + symlinks Files only Shallow copy
Bandwidth control Precise Kbit/s limits Percentage-based Not supported
Three-way relay Native support Not supported Not supported
Metadata preservation Times + modes + bits Times only None
Compression Adaptive SSH compression gzip only None
Custom SSH options 80+ directives via -o Limited Not supported
Key-based auth Ed25519 / ECDSA / RSA RSA only Password-based
Pricing

Transparent pricing. No egress surprises.

Start free. Scale when you're ready. No credit card required.

Starter
$0/mo
  • Password authentication
  • 100 transfers / day
  • 500 MB per transfer
  • Standard ciphers
  • Community support
Get Started
Most Popular
Pro
$19/mo
  • Key-based auth (-i)
  • Unlimited transfers
  • Recursive copy (-r)
  • Compression (-C)
  • Metadata preservation (-p)
  • Custom ports (-P)
  • Verbose mode (-v)
Start Free Trial
Team
$49/seat/mo
  • Everything in Pro
  • Three-way relay (-3)
  • Bandwidth limits (-l)
  • Custom SSH program (-S)
  • 80+ SSH options (-o)
  • SSO / SAML integration
  • Audit logs & compliance
Contact Sales
Enterprise
Custom
  • Everything in Team
  • Dedicated relay infrastructure
  • Custom cipher selection
  • On-premise deployment
  • Dedicated account team
  • 99.999% SLA
  • SOC 2 / HIPAA ready
  • Unlimited bandwidth
Talk to Sales
Social Proof

Trusted by world-class ops teams

β˜…β˜…β˜…β˜…β˜…
"Teleport's recursive copy changed our deployment pipeline overnight. We went from a 14-step Makefile to a single -r flag. The compound time savings are staggering."
Aisha Koroma
Aisha Koroma VP of Engineering, ScaleForge
β˜…β˜…β˜…β˜…β˜…
"Three-way transfer with -3 is the unlock we didn't know we needed. Moving data between air-gapped zones without exposing direct paths? That's a security posture multiplier."
Karen Leung
Karen Leung CISO, Axiom Financial
β˜…β˜…β˜…β˜…β˜…
"We use -l to cap bandwidth during business hours and let transfers run uncapped overnight. The granularity is exceptional. Teleport is the only tool that handles this natively."
Priya Rao
Priya Rao DevOps Lead, CloudPeak
β˜…β˜…β˜…β˜…β˜…
"Verbose mode gives us the audit trail compliance demands. Every cipher negotiation, every auth event β€” logged and verifiable. The FedRAMP conversation ended on slide two."
Karim Rahal
Karim Rahal CTO, GovSecure Technologies
FAQ

Frequently asked questions

Teleport uses SFTP over SSH for all data transfers. Every byte is encrypted end-to-end with AES-256-GCM or ChaCha20-Poly1305. Authentication is handled via SSH key pairs or passwords β€” the same battle-tested security model used by millions of servers worldwide.

Absolutely. The -r flag enables recursive transfer of entire directory structures. Teleport traverses every subfolder, preserving the full hierarchy. Combine with -p to preserve timestamps and permissions across the entire tree.

Teleport uses a simple addressing format: [user@]host:[path] or the URI form scp://[user@]host[:port][/path]. Local files use standard filesystem paths. The colon separates the hostname from the remote path β€” it's the most elegant addressing scheme in file logistics.

With the -3 flag, transfers between two remote hosts are routed through your local machine. Data flows: Remote A β†’ Local β†’ Remote B. This means neither remote host needs direct connectivity to the other β€” a critical security pattern for air-gapped architectures.

Yes. The -l flag lets you specify the maximum bandwidth in Kbit/s. For example, -l 5000 limits the transfer to about 5 Mbit/s. This is essential for shared links, metered connections, or when you need to leave headroom for production traffic.

Backed by mandō

Lyst Drift Locus Repliq Portage Voidal Scaffold VΓΈid Imprint Concat Stratum Folio Topline Tailstream Sieve Seekr Rewrite Trellis Sortable SINGULR Census Slice Morph FanOut Argonaut Reverb Formatik Epoch Solstice IDENT Signum Quorum Pulsar Overseer Terminus PURGE Dispatch Sotto Limelight Persist Vantage Canopy AttachΓ© DΓ©tachΓ© Tether Aegis CLAIMR Cohort Archivex Deflate Unravel ArcVault XTRAKT Conduit Fetch VaultLink AFFIRMATIV Teleport DeltaSync Heartbeat Hopscotch Resolver Namesake Uplink CONNEX Callsign Milieu Propagate Sourcery Persona SEVER Chronicle Codex Relevance Resolv Nomenclature MAGIQ Intrinsic Diverge Patchwork VIGIL Breeze Cadence Kronos Atelier SUPRA Mandate Turnkey Accession Reforge Collective PipeForge Netweave Panoptik Substrate Repose Verity FAULTR Provenance Chrono