CD
Cloudflare Developers3mo ago
Alaric

Tunnel for SSH failed to connect

So I've got a Ubuntu desktop, which installed the cloudflare tunnel meant set up for ssh via public hostname (I've purchased a domain name). However, when I tried to ssh into my Ubuntu desktop from my mac, it gave me the following errors: 
➜  .ssh ☘️  ssh -vvva ssh.alarickillua.org                    
OpenSSH_9.7p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/alaric66/.ssh/config
debug1: /Users/alaric66/.ssh/config line 1: Applying options for ssh.alarickillua.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/alaric66/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/alaric66/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug1: Executing proxy command: exec /opt/homebrew/bin/cloudflared access ssh --hostname ssh.alarickillua.org
debug1: identity file /Users/alaric66/.ssh/ac_ubuntu_ssh type 0
debug1: identity file /Users/alaric66/.ssh/ac_ubuntu_ssh-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.7
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
➜  .ssh ☘️  ssh -vvva ssh.alarickillua.org                    
OpenSSH_9.7p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/alaric66/.ssh/config
debug1: /Users/alaric66/.ssh/config line 1: Applying options for ssh.alarickillua.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/alaric66/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/alaric66/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug1: Executing proxy command: exec /opt/homebrew/bin/cloudflared access ssh --hostname ssh.alarickillua.org
debug1: identity file /Users/alaric66/.ssh/ac_ubuntu_ssh type 0
debug1: identity file /Users/alaric66/.ssh/ac_ubuntu_ssh-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.7
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
The documentation says "cloudflared will launch a browser window to prompt you to authenticate with your identity provider before establishing the connection from your terminal." However, I didn't see that poping up, instead there were only errors. I think I might have messed things up insided the tunnel but I'm lost to find a valid solution.
No description
No description
8 Replies
Cyb3r-Jak3
Cyb3r-Jak33mo ago
How are you accessing with SSH? You need to follow: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/#2-connect-as-a-user
Cloudflare Docs
SSH | Cloudflare Zero Trust docs
The Secure Shell Protocol (SSH) enables users to remotely access devices through the command line. With Cloudflare Zero Trust, you can make your SSH server available over the Internet without the risk of opening inbound ports on the server.
Alaric
AlaricOP3mo ago
I believe I followed this documentation and cloudflared is running on my mac. Here is my config file for ssh on the client side: 
Host ssh.alarickillua.org
    User alarickia
    ProxyCommand /opt/homebrew/bin/cloudflared access ssh --hostname %h
    IdentityFile ~/.ssh/ac_ubuntu_ssh
Host ssh.alarickillua.org
    User alarickia
    ProxyCommand /opt/homebrew/bin/cloudflared access ssh --hostname %h
    IdentityFile ~/.ssh/ac_ubuntu_ssh
Cyb3r-Jak3
Cyb3r-Jak33mo ago
I'd also check your WAF logs. I have blocked the tunnel process before
Alaric
AlaricOP3mo ago
I didn't purchase a web application firewall.
Cyb3r-Jak3
Cyb3r-Jak33mo ago
It’s standard with Cloudflare
Alaric
AlaricOP3mo ago
OMG, how I can check this log out?
Cyb3r-Jak3
Cyb3r-Jak33mo ago
Alaric
AlaricOP3mo ago
Appreciated it! But there no log at all... alr, now it's working after I rebooted my server...
Want results from more Discord servers?
Add your server