In June 2024, Teleport removed their free Community Edition tier. Teams that had been running self-hosted Teleport for SSH access management, session recording, and audit logs suddenly found themselves staring at a pricing page that starts at $70 per seat per month. For a five-person team, that's $4,200 a year for tooling they were previously getting free.
If you were on the free tier and you've been putting off the migration decision, this post is the practical guide. We'll cover what Teleport was actually doing for you, what you need to replace, what you can safely skip, and how to move your machines to SessionForge step by step.
Before figuring out what to replace, it helps to be honest about which Teleport features you were actually using. The core value for most small teams was:
That's the real list for most free-tier users. If you were running more than that, keep reading — we'll be honest about where the gaps are.
Teleport is a sprawling platform. It does Kubernetes access proxying, database proxying, browser-based application access, full identity federation with your IdP, and a lot more. These are real enterprise features. They're also features that the vast majority of Community Edition users never configured or touched.
If you were using Teleport strictly for SSH + recording + audit, you don't need a replacement for any of that. You need something that does exactly what you were using — nothing more.
Don't let the scope of Teleport's feature set make you feel like you need an equally sprawling replacement. You probably don't.
Here's how each Teleport capability you were actually using maps to SessionForge:
SSH access management → Machine registration. Every machine running the SessionForge agent appears in the dashboard. You control which users have access at the team level. No certificate authority to manage — the agent authenticates via API key, and user access is governed by your account's RBAC settings (Team plan and above).
Session recording → Built-in on Pro and above. SessionForge records every terminal session. You get a full replay of what ran, when, and by whom. Pro plan gives you 30-day history; Team gives you 90 days; Enterprise gives you a full year.
Audit log → Enterprise plan. Full audit trail with event search is an Enterprise feature. If SOC 2 compliance or formal audit logging is a hard requirement, that's the right tier. For most small teams who just want to know who did what, the session history on Pro covers it.
Team access controls / RBAC → Team plan ($4.90/seat/month). Role-based access control, per-machine permissions, and shared sessions are available on Team. Compare that to Teleport's $70/seat.
API and automation → All paid plans. Webhooks and API access start on Pro. If you were scripting anything against the Teleport API, the SessionForge API covers session creation, machine queries, and event hooks.
This is a half-day project. Here's the sequence:
Step 1: Install the SessionForge agent on each machine. It's a single command:
curl -fsSL https://sessionforge.dev/agent | bash -s -- --key YOUR_API_KEYThe agent installs as a system service (systemd on Linux, launchd on macOS, Windows Service on Windows). It starts on boot, reconnects automatically, and runs as a background process. No dependencies, no runtime — it's a single static binary compiled for your platform.
Step 2: Register your machines in the dashboard. After the agent installs and connects, each machine appears in the SessionForge dashboard within seconds. You'll see hostname, OS, architecture, and real-time status. Rename machines to match your Teleport node naming if you want to keep things familiar.
Step 3: Set up team access if needed. If you're on the Team plan, invite your team members and configure role assignments. The RBAC model is simpler than Teleport's — you assign access at the machine level rather than building a full role matrix — which is an advantage if Teleport's access control configuration was ever a source of frustration.
Step 4: Configure webhooks for alerting. If you had Teleport alerts set up — session start/stop notifications, failed login alerts — replicate those in the SessionForge webhook settings. You can point webhooks at Slack, PagerDuty, or any HTTP endpoint.
Step 5: Decommission Teleport. Once all machines are registered and team access is confirmed, stop the Teleport node service on each machine and remove the installation. Clean up DNS records if you were using Teleport's application access features. The migration is complete.
The numbers are not subtle:
A five-person team on SessionForge Team pays $24.50/month. The equivalent on Teleport Cloud is $350/month. The annual difference is $3,930.
This section matters. SessionForge is not a drop-in replacement for every Teleport use case.
If you need Kubernetes access proxying — connecting to clusters via Teleport's kube proxy — SessionForge doesn't do that. You'll need to look at alternatives like kubelogin, Teleport itself at a paid tier, or managing kubeconfig access directly.
If you need database proxying — Teleport's ability to proxy connections to PostgreSQL, MySQL, or MongoDB with identity-aware access — that's also not in SessionForge's scope. You'll need a separate solution for database access control.
If you need browser-based application access — Teleport's Application Access feature for HTTP applications — SessionForge doesn't have that either.
If any of those three are requirements, SessionForge is not your complete answer. You may still want SessionForge for SSH and session management, but you'll need a complementary tool for the rest.
If you were using Teleport strictly for SSH, session recording, and audit — which describes most teams who were on the free tier — SessionForge covers the full replacement.
The free plan covers one machine with no credit card required. If you have a handful of machines to migrate, Pro at $19/month gives you five. For teams, the math on Team vs. Teleport Cloud pays for itself in the first week.
Install the agent, register your first machine, and you'll have a working replacement for Teleport's core features running before lunch.