Cloudflare Tunnel SSH
Hi guys, I'm working on a personal project for my raspberry pi and was wondering if I could access it through a cloudflare tunnel on any non-local network. I know this is possible through port-forwarding, however I do not want to expose my ports to the internet (for security). I followed this tutorial to no avail https://pimylifeup.com/raspberry-pi-cloudflare-tunnel/ and tried to follow cloudflare documentation https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/ and also to no avail. I have created a tunnel, connected it with my raspberry pi, and routed it to the raspberry pi's local ip address. The tunnel shows as healthy.
I have tried configuring a public hostname for the tunnel to access it, and when I try to connect via terminal :
ssh {user}@{my domain}
Nothing happens and a connection time out error occurs
On the client (laptop I am using to connect to the raspberrypi), I have already enrolled it in Zero Trust as per step two of the documentation above. Is there any way to solve this problem? Am I missing something?
Pi My Life Up
How to set up a Cloudflare Tunnel on the Raspberry Pi
Secure connection without opening ports
Cloudflare Docs
SSH with Access for Infrastructure (recommended) | Cloudflare Zero ...
Access for Infrastructure uses the same deployment model as WARP-to-Tunnel but unlocks more granular policy options and command logging functionality.
1 Reply
That first tutorial you linked isn't for ssh and the second is for a feature which isn't quite released fully yet. You won't ever be able to ssh directly to your public hostname, only with local software connecting to local addresses. https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication/ is closer, but even simpler then using the proxy command, if you setup a public hostname for tcp/ssh and then do these commands on your local device
cloudflared access tcp --hostname ssh.example.com --url 127.0.0.1:9210 to set up proxying the tcp port locally then ssh [email protected] -p 9210Cloudflare Docs
Connect to SSH with client-side cloudflared (legacy) | Cloudflare Z...
End users can connect to an SSH server without the WARP client by authenticating through cloudflared in their native terminal. This method requires having cloudflared installed on both the server machine and on the client machine, as well as an active zone on Cloudflare. The traffic is proxied over this connection, and the user logs in to the se...