CD
Cloudflare Developersโ€ข15mo ago
Phatso

"Leave cloudflared running to download the token automatically"

I use cloudflare SSH tunnels to access some of my remote servers. My SSH config and everything is configured well - it does work: 
Match host <my.example.domain> exec "cloudflared access ssh-gen --hostname %h"
  ProxyCommand cloudflared access ssh --hostname %h
  IdentityFile ~/.cloudflared/%h-cf_key
  CertificateFile ~/.cloudflared/%h-cf_key-cert.pub
Match host <my.example.domain> exec "cloudflared access ssh-gen --hostname %h"
  ProxyCommand cloudflared access ssh --hostname %h
  IdentityFile ~/.cloudflared/%h-cf_key
  CertificateFile ~/.cloudflared/%h-cf_key-cert.pub
However, when I try to ssh into the server I always have to manually click the URL it generates, i.e.: 
Please open the following URL and log in with your Cloudflare account:

https://<my.example.domain>/cdn-cgi/access/cli?<blah>
Please open the following URL and log in with your Cloudflare account:

https://<my.example.domain>/cdn-cgi/access/cli?<blah>
and then wait for the callback to complete, and then finally I'm connected. After that minorly annoying process, I'm teased by cloudflared with this message:
Leave cloudflared running to download the token automatically ๐Ÿ™‚
That smug cli is telling me my life could be way easier if I just leave it running - super! Except.. can I? Any time I try to install the cloudflared service worker: sudo cloudflared service install, it complains: 
Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
Okay fine, so I make an empty config file in /etc/cloudflared: 
sudo touch /etc/cloudflared/config.yaml
sudo touch /etc/cloudflared/config.yaml
And then sudo cloudflared service install: 
2023-09-02T23:55:52Z ERR Configuration file /etc/cloudflared/config.yaml was empty
2023-09-02T23:55:52Z ERR Configuration file /etc/cloudflared/config.yaml was empty
Configuration file  must contain entries for the tunnel to run and its associated credentials:
tunnel: TUNNEL-UUID
credentials-file: CREDENTIALS-FILE
2023-09-02T23:55:52Z ERR Configuration file /etc/cloudflared/config.yaml was empty
2023-09-02T23:55:52Z ERR Configuration file /etc/cloudflared/config.yaml was empty
Configuration file  must contain entries for the tunnel to run and its associated credentials:
tunnel: TUNNEL-UUID
credentials-file: CREDENTIALS-FILE
But.. I don't want to make a tunnel? I'm trying to connect to a tunnel. I have to give it information about a tunnel that I do not want to start? Am I missing something? Can I just give it dummy data or something? Do I have to configure it with the specific tunnel that I'm trying to connect to?
6 Replies
Phatso
PhatsoOPโ€ข15mo ago
To clarify: this isn't a big deal, but it seems like I could have a nicer setup if I figured this out, so I'm just looking for some advice
Cyb3r-Jak3
Cyb3r-Jak3โ€ข15mo ago
I'm pretty sure that message just means to leave cloudflared running while you do the browser auth. As in you don't need to manually enter something
Chaika
Chaikaโ€ข15mo ago
There's some docs on this feature here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/#automatic-cloudflared-authentication I haven't used it myself though, but looks like you have to enable it under Additional settings in the access app settings
Add non-HTTP applications ยท Cloudflare Zero Trust docs
You can connect applications to Cloudflare Zero Trust over a number of different protocols.
Cyb3r-Jak3
Cyb3r-Jak3โ€ข15mo ago
Isn't that just to auto-approve the access requests and not the login requests?
Chaika
Chaikaโ€ข15mo ago
ah yea I see, he was just thinking the normal "keep your cloudflared running" message meant something more then just it needing to be running for the callback to work. My understanding is if you were logged in with that feature enabled, it would just auto approve it:
This option will still prompt a browser window in the background, but the authentication will be automatic.
Maybe what he's looking for anyway? I haven't played around with it myself though
Phatso
PhatsoOPโ€ข15mo ago
I was hoping I could run a cloudflare daemon that would negotiate the auth for me in the background. More realistically, I think I just need to fix my terminal not opening my web browser automatically and that'll fix 60% of the annoyance
Want results from more Discord servers?
Add your server