Link Search Menu Expand Document

SSH via Tunnel

Table of contents


cloudflared tunnel --hostname --url ssh://localhost:22
        # It is to add DNS record
        # Not very useful if adding dns manually from the dashboard

cloudflared tunnel run 
        # To run it as tunnel for debugging

cloudflared access ssh --hostname
        # This command doesn't do anything on the local pc
        # But you can see an output of [access_token] parsed in the debug log 
        # I run it as tunnel for immediate log observation

ssh [email protected]
        # This command will pop open a new window for the One-Time-Pin
        # Once authenticated, terminal will successfully ssh into the VM

Configure locally ~/.ssh/config

cloudflared access ssh-config --hostname
        # This command will add additional information to `~/.ssh/config` file 
  • Or, add below to the ~/.ssh/config file
  ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h

Ingress rule checks

  • If the rule doesn’t match, you will see 404 in the log.
cloudflared tunnel ingress rule ssh://
Using rules from /root/.cloudflared/config.yml
Matched rule #3
        service: localhost:22

Run as service

  • You will need to restart cloudflared service, so stop and start again.
systemctl stop cloudflared
systemctl start cloudflared
systemctl status cloudflared