SSH accessing of server (not browser based)
Hi, I've been trying to configure my cloudlfare server in a way that I am able to have under our domain a web-page. This works fine, easy, and I am happy. But now I am trying to move this server from my basement into another place and I need a reliable way to access the server remotely.
Since through our domain we are able to reach the webserver just fine, I started to look into what would be needed to make ssh work too.
SSh works in local network and after a bit of trying I was able to get ssh working in the browser console provided by Cloudflare.
Now... while the browser console is cool, I'd like to be able to connect to the server regularly with ssh (console based, putty, ...) so I looked into that... and for the live of me... every time I think I got it... when I try to connect via ssh use@serveradress.org -> I get a timeout and upon checking logs, the server doesn't even get the ssh attempt.
Now I tried for probably a total of 3-4 days... and am unable to figure it out. Would some kind soul please be able to help me?
18 Replies
I've been following the example of this: https://www.youtube.com/watch?v=Z6b3l1z0N7w to almost a pin... the only difrence is... the computer I am trying to access the server with is a windows computer and the server runs a headless ubuntu...
lu4t Tech
YouTube
HOW TO: Remote access a Raspberry Pi using a Cloudflare tunnel (nod...
Learn how to access a Raspberry Pi, without exposing any port on your home router. By using a cloudflare FREE tier account, you also get a FREE SSL certificate.
On the video we show:
- how to start a CF tunnel (both as a service and as a container).
- how to remote access a node-red server running on the RPi.
- how to ssh into the RPi.
00:...
I was just skimming through it, but it looks like for the ssh directly part he didn't show changing the local sshd config to use proxy or anything?
Cloudflare Docs
SSH · Cloudflare Zero Trust docs
The Secure Shell Protocol (SSH) enables users to remotely access devices through the command line. With Cloudflare Zero Trust, you can make your SSH …
You can never connect directly to non-http over a tunnel. Always have to be using some client service, like cloudflared or WARP w/ Private Networking. You can setup your ssh config so that it directly sets up that up (on linux at least)
Host ssh.example.com ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %hand you can see in the video it's saying he's using that proxy (no hostip for proxy command), but it looks like he just never showed doing it lol
Host ssh.example.com
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
This I've configured I believe on both devices propperly... (pardon me, if I overlook something, I'm but a student and while my boss is a prof, all he did was shrug and say, "no clue :D")
That would need to be configured on the device which wants to connect
and if that device is Windows, that wouldn't work
omg, while it still isnt working... its a step closer... since now I have the log attempt in the logs and not just got a timout!
Well let's take it a step back. On the Windows Pc you want to connect to the server with, run:
cloudflared access tcp --hostname ssh.example.com --url localhost:7870 (replacing ssh.example.com with the name of the public hostname
go through auth, let it run, and then try sshing localhost:7870
Just removing the abstraction the ssh cmd does, if that doesn't work I'd look at the Public Hostname config next.
whoops I messed up that command sorry if that confused you lol, edited nowuhm... okay... when I do this on my windos (the client trying to connect) that is what I get...
now go to the auth? - you mean cloudflare website?
ok, and then from a seperate terminal, ssh localhost:7870
if it needed auth, it would have popped up. It looks like you disabled it or are already auth'd, was what I meant
when I do this... ssh user@localhost:7870 and just ssh localhost:7870... both
The way you specify a port with ssh is using the -p flag
ssh user@localhost -p 7870
okay... now I was able to do the fingerprint...
and I am logged into my remote mashine... neat
so your issue is with the ssh proxy command. I don't know if that's even supported on windows, nothing I've tried before lol. When I used SSH that way I just had a shortcut on my desktop to execute a batch script to run that cloudflared command, and connected separately
tbh... as long as I am able to replicate it, I am good... and I am with this method... so I am IMENSLY thankful!
though... stupid question... is it "a problem of windows" (again) or why have I had so many problems? - considering the video / guides seemed to be streight forward... and you just... did magic 😄
oh... you already answered that... nvm
I don't think the default windows ssh looks at that at all
I was saying it wouldn't work as well if you specified /usr/local/bin/cloudflared on windows lol
well... I'll look if putty does what putty does best... but this already probably saves my ass for the day when moving happens... praise the ability to remote work... thanks a bunch again!