SSH via Cloudflare tunnels

Introduction

Cloudflare Tunnel makes accessing your internal services from anywhere a breeze, providing both security and ease of use.

Lately, I’ve been experimenting with Cloudflare Zero Trust Tunnel to reach various services that are running on my homelab server remotely. It’s pretty straightforward.

Setup

First, make sure to install and run a connector on the server. I use docker for this:

docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <unique_token>

Now that the tunnel service is running and established, login to the dashboard and go to Access > Tunnels and add a Public Hostname Page.

Specify the subdomain used to access SSH and the domain. (here: ssh.example.xyz)

For the service type use “SSH” and the URL should point to the local IP of the server you want to access via SSH. (here: localhost:22)

Don’t forget to append the port (here default SSH port 22).

On the client machine, install cloudflared (via AUR) and create a config file in .ssh/config:

╰─ cat .ssh/config
Host ssh.example.xyz
ProxyCommand /usr/bin/cloudflared access ssh --hostname %h

Now you should be able to access the remote server from the client machine:

╰─ ssh [email protected]

Conclusion

Cloudflare Tunnel lets you connect to your network remotely without opening up your router’s firewall. With its simple setup, you can keep your internal services safe while still being able to reach them from anywhere. It’s a win-win for security and convenience!