I described in a previous post how to expose a webserver using a Cloudflare Argo Tunnel. This post is a continuation of the previous post, and now we will look at exposing SSH access using the same tunnel we configured previously.

Pre-requisites

Server side:
- A Cloudflare Argo Tunnel setup and running
- SSH Server setup and running
Client side
- Cloudflare Tunnel client installed and available in path
SSH connection setup and running between server and client

Configuring the Cloudflare tunnel

Our previous configuration file config.yml looked like the following:

ingress:
  - hostname: nginx.bit0.se
    service: http://localhost:8888
  - service: http_status:404

We will now add another service configuration in the middle:

  - hostname: nginx.bit0.se
    path: /ssh/*
    service: ssh://localhost:22

The final file then looks like following:

ingress:
  - hostname: nginx.bit0.se
    service: http://localhost:8888
  - hostname: nginx.bit0.se
    path: /ssh/*
    service: ssh://localhost:22
  - service: http_status:404

Next step is to restart the cloudflare tunnel, so the new configuration is applied.

Connecting to the host

Connecting to the host over ssh is done by adding in a ProxyCommand option:

ssh -o ProxyCommand="cloudflared access ssh --hostname %h/ssh/" username@nginx.bit0.se

Setting up ssh `config` file

We can also setup the same configuration in the ssh config file:

host remote-ssh
    user username
    hostname nginx.bit0.se
    proxycommand cloudflared access ssh --hostname %h/ssh/

Pre-requisites

Configuring the Cloudflare tunnel

Connecting to the host

Setting up ssh config file

Setting up ssh `config` file