Link Search Menu Expand Document

SSH via Tunnel

Table of contents

Prerequisite

cloudflared tunnel --hostname ssh.example.com --url ssh://localhost:22
        # It is to add DNS record
        # Not very useful if adding dns manually from the dashboard

cloudflared tunnel run 
        # To run it as tunnel for debugging

cloudflared access ssh --hostname ssh.example.com
        # This command doesn't do anything on the local pc
        # But you can see an output of [access_token] parsed in the debug log 
        # I run it as tunnel for immediate log observation

ssh root@ssh.example.com
        # This command will pop open a new window for the One-Time-Pin
        # Once authenticated, terminal will successfully ssh into the VM

Configure locally ~/.ssh/config

cloudflared access ssh-config --hostname ssh.example.com
        # This command will add additional information to `~/.ssh/config` file 
  • Or, add below to the ~/.ssh/config file
Host ssh.example.com
  ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h

Ingress rule checks

  • If the rule doesn’t match, you will see 404 in the log.
cloudflared tunnel ingress rule ssh://ssh.example.com
Using rules from /root/.cloudflared/config.yml
Matched rule #3
        hostname: ssh.example.com
        service: localhost:22

Run as service

  • You will need to restart cloudflared service, so stop and start again.
systemctl stop cloudflared
systemctl start cloudflared
systemctl status cloudflared